[TechAssist] Re: security problems today
- From: "Clancy Harms" <dickstv1@xxxxxxxxxxxxx>
- To: <techassist@xxxxxxxxxxxxx>
- Date: Sun, 27 Oct 2002 14:46:51 -0600
Oh suuuurrrrrrre
You didn't send me the website !
:-)
Clancy Harms, NESDA's Region 7 Director
Dick's Radio & TV, Inc.
2319 West Clay St. "Aim high men"
St. Charles, MO. 63301 "they're on camels"
(636)-724-5055
(636)-724-5531 fax
email: dickstv1@xxxxxxxxxxxxx
----- Original Message -----
From: "Tel-Tek Electronics" <teltek2@xxxxxxxxxxxx>
To: <techassist@xxxxxxxxxxxxx>
Sent: Sunday, October 27, 2002 2:29 PM
Subject: [TechAssist] Re: security problems today
> Try this site for now. There is another one on Symantec, so if this
doesn't
> work I'll send you the other one.
> Read the instructions on this MS site, and make sure you download the
patch
> for the correct OS.
> Make sure your other computer is not networked at the time you do this.
>
> -Ed-
> Tel-Tek Electronics
> Ontario-Canada
> teltek2@xxxxxxxxxxxx
> ----- Original Message -----
> From: "Clancy Harms" <dickstv1@xxxxxxxxxxxxx>
> To: <techassist@xxxxxxxxxxxxx>
> Sent: Sunday, October 27, 2002 3:28 PM
> Subject: [TechAssist] Re: security problems today
>
>
> >
> > Windows 98SE
> >
> > Clancy Harms, NESDA's Region 7 Director
> > Dick's Radio & TV, Inc.
> > 2319 West Clay St. "Aim high men"
> > St. Charles, MO. 63301 "they're on camels"
> > (636)-724-5055
> > (636)-724-5531 fax
> > email: dickstv1@xxxxxxxxxxxxx
> > ----- Original Message -----
> > From: "Tel-Tek Electronics" <teltek2@xxxxxxxxxxxx>
> > To: <techassist@xxxxxxxxxxxxx>
> > Sent: Sunday, October 27, 2002 2:20 PM
> > Subject: [TechAssist] Re: security problems today
> >
> >
> > >
> > > What version of Windows are you using?
> > >
> > > -Ed-
> > > Tel-Tek Electronics
> > > Ontario-Canada
> > > teltek2@xxxxxxxxxxxx
> > > ----- Original Message -----
> > > From: "Clancy Harms" <dickstv1@xxxxxxxxxxxxx>
> > > To: <techassist@xxxxxxxxxxxxx>
> > > Sent: Sunday, October 27, 2002 2:50 PM
> > > Subject: [TechAssist] Re: security problems today
> > >
> > >
> > > >
> > > > Ed
> > > > Are you saying (Re: The first sentence in your reply) that
> > > > I should reinstall the 'Brasil.exe' file?
> > > > By the way...Norton has found the 'Opaserv' virus twice since our
> > > > conversation started just now!
> > > >
> > > > Clancy Harms,
> > > > Dick's Radio & TV, Inc.
> > > > 2319 West Clay St. "Aim high men"
> > > > St. Charles, MO. 63301 "they're on camels"
> > > > (636)-724-5055
> > > > (636)-724-5531 fax
> > > > email: dickstv1@xxxxxxxxxxxxx
> > > > ----- Original Message -----
> > > > From: "Tel-Tek Electronics" <teltek2@xxxxxxxxxxxx>
> > > > To: <techassist@xxxxxxxxxxxxx>
> > > > Sent: Sunday, October 27, 2002 1:33 PM
> > > > Subject: [TechAssist] Re: security problems today
> > > >
> > > >
> > > > >
> > > > > Check your start up folder...they are all in there, and add
> > > "brasil.exe".
> > > > > I just went thru 3 days of getting rid of it.
> > > > > Finally had to format my "boot" drive, and re-installing Windows
ME.
> > > > >
> > > > > Clancy...this is very important, make sure you stop all
Networking,
> or
> > > > while
> > > > > you are erradicating it on one computer, it hides on the other
one,
> > then
> > > > > cpmes right back. Actually physically remove the the plug from the
> > > > > networking card. My Norton 2000 did a lousy job on repairing it,
so
> I
> > > had
> > > > to
> > > > > update to 2003.
> > > > >
> > > > > Good luck.
> > > > >
> > > > > -Ed-
> > > > > Tel-Tek Electronics
> > > > > Ontario-Canada
> > > > > teltek2@xxxxxxxxxxxx
> > > > > ----- Original Message -----
> > > > > From: "Clancy Harms" <dickstv1@xxxxxxxxxxxxx>
> > > > > To: <techassist@xxxxxxxxxxxxx>
> > > > > Sent: Sunday, October 27, 2002 1:51 PM
> > > > > Subject: [TechAssist] Re: security problems today
> > > > >
> > > > >
> > > > > >
> > > > > > Hi all;
> > > > > > I'm also fighting this crap!
> > > > > > Check for 'ALEVIR.EXE', 'MSSG.EXE', & 'SCRSVR.EXE',
> > > > > > They've hit me yesterday and today (Sunday)
> > > > > >
> > > > > > Clancy Harms, Dick's Radio & TV, Inc.
> > > > > > 2319 West Clay St. "Aim high men"
> > > > > > St. Charles, MO. 63301 "they're on camels"
> > > > > > (636)-724-5055
> > > > > > (636)-724-5531 fax
> > > > > > email: dickstv1@xxxxxxxxxxxxx
> > > > > > ----- Original Message -----
> > > > > > From: "Tel-Tek Electronics" <teltek2@xxxxxxxxxxxx>
> > > > > > To: <techassist@xxxxxxxxxxxxx>
> > > > > > Sent: Sunday, October 27, 2002 12:22 PM
> > > > > > Subject: [TechAssist] Re: security problems today
> > > > > >
> > > > > >
> > > > > > >
> > > > > > > Gary....I know how you feel, I just went thru 3 days getting
my
> > > system
> > > > > > > staightened out.
> > > > > > > Do search for brasil.exe..on your system.also known by other
> > names,
> > > > but
> > > > > > > that's a bad one.
> > > > > > >
> > > > > > > -Ed-
> > > > > > > Tel-Tek Electronic.
> > > > > > > Ontario-Canada
> > > > > > > teltek2@xxxxxxxxxxxx
> > > > > > > ----- Original Message -----
> > > > > > > From: "Gary McCartney" <number63@xxxxxxxxxxxxx>
> > > > > > > To: <techassist@xxxxxxxxxxxxx>
> > > > > > > Sent: Saturday, October 26, 2002 11:16 PM
> > > > > > > Subject: [TechAssist] security problems today
> > > > > > >
> > > > > > >
> > > > > > > >
> > > > > > > > I've had a busy day keeping my computer safe.
> > > > > > > >
> > > > > > > > First, I received several klez32 vir. and Norton AV 2002
> picked
> > > them
> > > > > all
> > > > > > > > up no problem, except after quaranteening it one time, my
> inbox
> > > > froze
> > > > > > > > (Netscape 4.79). I restarted Netscape and it wouldn't allow
me
> > to
> > > > > access
> > > > > > > > my inbox at all. Then I scanned my whole system for vir.
> > > > > > > > but Norton found nothing. I was lucky in finding what was
> > causing
> > > > the
> > > > > > > > problem. After pressing "Control/Alt/Delete" to go into the
> Win
> > > 2000
> > > > > > > > task manager, in the processes tab, Netscape was shown as
> still
> > > > > running
> > > > > > > > even though I had closed it down. I clicked on the line and
> > closed
> > > > > > > > Netscape from there, then I could get my mail again. What a
> > > relief.
> > > > > > > >
> > > > > > > > Second, I noticed an ICON on my desktop that didn't belong
> > there.
> > > It
> > > > > > > > said, "GO IN.EXE"
> > > > > > > > I did not click on it, fearing an uninvited guest placed it
> > there.
> > > I
> > > > > did
> > > > > > > > a search on Google and found out that it was an uninvited
> > dial-up
> > > > > > > > connection installed in Dial-up Networking. If I would have
> > > clicked
> > > > on
> > > > > > > > the icon, I think it would have dialed up an overseas 1-900
> > number
> > > > and
> > > > > > > > I'd been charged hundreds of bucks for the call.
> > > > > > > >
> > > > > > > > I deleted everything from my files relating to "go in.exe"
> plus
> > I
> > > > > > > > scanned my registry for any keys, plus I did a Norton Win
> Doctor
> > > on
> > > > my
> > > > > > > > hard drive. This removes obsolete or bad keys from your
> > registry.
> > > > Then
> > > > > I
> > > > > > > > deleted temp internet files from IE and cleared all my
> Netscape
> > > > cache.
> > > > > > > >
> > > > > > > > Then I rebooted and the dial-up connection is gone, but the
> > > warning
> > > > is
> > > > > > > > that it could come back, maybe days later. I searched
> Symantec's
> > > > site
> > > > > > > > but they don't seem to know about it. I will be forwarding
> this
> > > > email
> > > > > to
> > > > > > > > them.
> > > > > > > >
> > > > > > > > I didn't find a lot of info on the net regarding this, but
> here
> > is
> > > > > what
> > > > > > > > another person had to say about it:
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > > SECURITY ALERT FOR PERSONAL COMPUTER USERS: I just learned
> today
> > > of
> > > > a
> > > > > > > > program call "go in.exe" that will be surreptiously
installed
> on
> > > > your
> > > > > > > > computer from surfing
> > > > > > > > the web, usually there will be an invisible java program on
a
> > > > website
> > > > > of
> > > > > > > > the type that collect stats on browser hits, that installs
> this
> > on
> > > > > your
> > > > > > > > harddrive. What it does is Change
> > > > > > > > the Default for your dialup connection and redirect it to
> their
> > > > > system.
> > > > > > > > Then when you dialup, instead of your common carrier for
> $19.95
> > a
> > > > > month
> > > > > > > > or whatever you are paying
> > > > > > > > for internet connection, they are using overseas long
distance
> > > lines
> > > > > and
> > > > > > > > you may then get a bill for thousands of dollars. I didn't
get
> > the
> > > > > > > > details on how they would attempt to
> > > > > > > > collect the money from you, but it would come under the
> auspices
> > > of
> > > > > > > > "computer crime." However, the crime occurs in your area,
and
> my
> > > > > finding
> > > > > > > > so far is that local law
> > > > > > > > enforcement officers as a rule do not have "the first clue!"
> > > > > > > >
> > > > > > > > Everyone should check their .exe files on the computer, and
> take
> > > > note
> > > > > of
> > > > > > > > any that look suspicious. You can do this by going to your
> START
> > > > MENU,
> > > > > > > > select FIND, then type
> > > > > > > > ASTERISK DOT EXE in this format *.exe and then click FIND,
it
> > will
> > > > > LIST
> > > > > > > > every program and you can then find out the nature of it by
> > > > selecting
> > > > > > > > FILE then PROPERTIES. Don't
> > > > > > > > remove anything before you make sure that it is not an
> operating
> > > > > system
> > > > > > > > file, or check with a computer expert, but you can
temporarily
> > > > disable
> > > > > > > > it by changing the file to
> > > > > > > > "READ ONLY."
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > > --
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > > Gary McCartney
> > > > > > > >
> > > > > > > > McCartney Electronics
> > > > > > > > 7134 Fife Rd, RR 7
> > > > > > > > Guelph Ontario Canada N1H 6J4
> > > > > > > > Fax: (519)821-1530
> > > > > > > > email: number63 (at) inetsonic.com
> > > > > > > >
> > > > > > > > ------------------------------------------
> > > > > > > > To REMOVE your email address, click here:
> > > > > > > > http://www.tech-assist.org/unsubb.html
> > > > > > > > To CHANGE your email address, click here:
> > > > > > > > http://www.techassist.net/forms/change.html
> > > > > > > > ------------------------------------------
> > > > > > > > ***NEW*** Tips Added Instantly!!!***
> > > > > > > > Submit Repair Tips here:
> > > > > > > > http://www.tech-assist.org/secure/tip/
> > > > > > >
> > > > > > >
> > > > > > > ------------------------------------------
> > > > > > > To REMOVE your email address, click here:
> > > > > > > http://www.tech-assist.org/unsubb.html
> > > > > > > To CHANGE your email address, click here:
> > > > > > > http://www.techassist.net/forms/change.html
> > > > > > > ------------------------------------------
> > > > > > > ***NEW*** Tips Added Instantly!!!***
> > > > > > > Submit Repair Tips here:
> > > > > > > http://www.tech-assist.org/secure/tip/
> > > > > >
> > > > > > ------------------------------------------
> > > > > > To REMOVE your email address, click here:
> > > > > > http://www.tech-assist.org/unsubb.html
> > > > > > To CHANGE your email address, click here:
> > > > > > http://www.techassist.net/forms/change.html
> > > > > > ------------------------------------------
> > > > > > ***NEW*** Tips Added Instantly!!!***
> > > > > > Submit Repair Tips here:
> > > > > > http://www.tech-assist.org/secure/tip/
> > > > >
> > > > >
> > > > > ------------------------------------------
> > > > > To REMOVE your email address, click here:
> > > > > http://www.tech-assist.org/unsubb.html
> > > > > To CHANGE your email address, click here:
> > > > > http://www.techassist.net/forms/change.html
> > > > > ------------------------------------------
> > > > > ***NEW*** Tips Added Instantly!!!***
> > > > > Submit Repair Tips here:
> > > > > http://www.tech-assist.org/secure/tip/
> > > >
> > > > ------------------------------------------
> > > > To REMOVE your email address, click here:
> > > > http://www.tech-assist.org/unsubb.html
> > > > To CHANGE your email address, click here:
> > > > http://www.techassist.net/forms/change.html
> > > > ------------------------------------------
> > > > ***NEW*** Tips Added Instantly!!!***
> > > > Submit Repair Tips here:
> > > > http://www.tech-assist.org/secure/tip/
> > >
> > >
> > > ------------------------------------------
> > > To REMOVE your email address, click here:
> > > http://www.tech-assist.org/unsubb.html
> > > To CHANGE your email address, click here:
> > > http://www.techassist.net/forms/change.html
> > > ------------------------------------------
> > > ***NEW*** Tips Added Instantly!!!***
> > > Submit Repair Tips here:
> > > http://www.tech-assist.org/secure/tip/
> >
> > ------------------------------------------
> > To REMOVE your email address, click here:
> > http://www.tech-assist.org/unsubb.html
> > To CHANGE your email address, click here:
> > http://www.techassist.net/forms/change.html
> > ------------------------------------------
> > ***NEW*** Tips Added Instantly!!!***
> > Submit Repair Tips here:
> > http://www.tech-assist.org/secure/tip/
> >
>
>
>
> ------------------------------------------
> To REMOVE your email address, click here:
> http://www.tech-assist.org/unsubb.html
> To CHANGE your email address, click here:
> http://www.techassist.net/forms/change.html
> ------------------------------------------
> ***NEW*** Tips Added Instantly!!!***
> Submit Repair Tips here:
> http://www.tech-assist.org/secure/tip/
------------------------------------------
To REMOVE your email address, click here:
http://www.tech-assist.org/unsubb.html
To CHANGE your email address, click here:
http://www.techassist.net/forms/change.html
------------------------------------------
***NEW*** Tips Added Instantly!!!***
Submit Repair Tips here:
http://www.tech-assist.org/secure/tip/
Other related posts:
