[TechAssist] Re: security problems today
- From: "royalprince" <royalprince@xxxxxxxxx>
- To: <techassist@xxxxxxxxxxxxx>
- Date: Sun, 27 Oct 2002 13:24:08 +0400
Hello
again
In fact norton do not always catch this virus
as it has a program in it which stops the anti-virus program as soon
as it comes to the Kleze files.Your anti-virus software will say "No
virus found" even though you have just gotten one.That why symantec
released the removal utility.freezing problem is due to the virus working
in background and trying to infect windows files etc.
Hope this help.
----- Original Message -----
From: "Gary McCartney" <number63@xxxxxxxxxxxxx>
To: <techassist@xxxxxxxxxxxxx>
Sent: Sunday, October 27, 2002 9:49 PM
Subject: [TechAssist] Re: security problems today
>
> My Norton was up to date a couple hours before the emails came in with
> the Klez. I don't think it was the klez that caused the problem, but
> rather that Netscape just happened to freeze at that point, but it sure
> had me worried I had lost my inbox.
>
>
>
> Gary McCartney
>
> McCartney Electronics
> 7134 Fife Rd, RR 7
> Guelph Ontario Canada N1H 6J4
> Fax: (519)821-1530
> email: number63 (at) inetsonic.com
>
>
>
>
>
> royalprince wrote:
> >
> > Hello
> >
> > Next time make sure your Norton is up to date.Download the virus removal
> > utility from symantec.boot
> > in safe mode and scan your entire HD to make sure the virus is gone.Very
> > often Norton will not work correctly once you computer were hit by klez.
> >
> > Jean
> > Crains Tech
> > ----- Original Message -----
> > From: "Gary McCartney" <number63@xxxxxxxxxxxxx>
> > To: <techassist@xxxxxxxxxxxxx>
> > Sent: Sunday, October 27, 2002 8:16 AM
> > Subject: [TechAssist] security problems today
> >
> > >
> > > I've had a busy day keeping my computer safe.
> > >
> > > First, I received several klez32 vir. and Norton AV 2002 picked them
all
> > > up no problem, except after quaranteening it one time, my inbox froze
> > > (Netscape 4.79). I restarted Netscape and it wouldn't allow me to
access
> > > my inbox at all. Then I scanned my whole system for vir.
> > > but Norton found nothing. I was lucky in finding what was causing the
> > > problem. After pressing "Control/Alt/Delete" to go into the Win 2000
> > > task manager, in the processes tab, Netscape was shown as still
running
> > > even though I had closed it down. I clicked on the line and closed
> > > Netscape from there, then I could get my mail again. What a relief.
> > >
> > > Second, I noticed an ICON on my desktop that didn't belong there. It
> > > said, "GO IN.EXE"
> > > I did not click on it, fearing an uninvited guest placed it there. I
did
> > > a search on Google and found out that it was an uninvited dial-up
> > > connection installed in Dial-up Networking. If I would have clicked on
> > > the icon, I think it would have dialed up an overseas 1-900 number and
> > > I'd been charged hundreds of bucks for the call.
> > >
> > > I deleted everything from my files relating to "go in.exe" plus I
> > > scanned my registry for any keys, plus I did a Norton Win Doctor on my
> > > hard drive. This removes obsolete or bad keys from your registry. Then
I
> > > deleted temp internet files from IE and cleared all my Netscape cache.
> > >
> > > Then I rebooted and the dial-up connection is gone, but the warning is
> > > that it could come back, maybe days later. I searched Symantec's site
> > > but they don't seem to know about it. I will be forwarding this email
to
> > > them.
> > >
> > > I didn't find a lot of info on the net regarding this, but here is
what
> > > another person had to say about it:
> > >
> > >
> > >
> > >
> > >
> > > SECURITY ALERT FOR PERSONAL COMPUTER USERS: I just learned today of a
> > > program call "go in.exe" that will be surreptiously installed on your
> > > computer from surfing
> > > the web, usually there will be an invisible java program on a website
of
> > > the type that collect stats on browser hits, that installs this on
your
> > > harddrive. What it does is Change
> > > the Default for your dialup connection and redirect it to their
system.
> > > Then when you dialup, instead of your common carrier for $19.95 a
month
> > > or whatever you are paying
> > > for internet connection, they are using overseas long distance lines
and
> > > you may then get a bill for thousands of dollars. I didn't get the
> > > details on how they would attempt to
> > > collect the money from you, but it would come under the auspices of
> > > "computer crime." However, the crime occurs in your area, and my
finding
> > > so far is that local law
> > > enforcement officers as a rule do not have "the first clue!"
> > >
> > > Everyone should check their .exe files on the computer, and take note
of
> > > any that look suspicious. You can do this by going to your START MENU,
> > > select FIND, then type
> > > ASTERISK DOT EXE in this format *.exe and then click FIND, it will
LIST
> > > every program and you can then find out the nature of it by selecting
> > > FILE then PROPERTIES. Don't
> > > remove anything before you make sure that it is not an operating
system
> > > file, or check with a computer expert, but you can temporarily disable
> > > it by changing the file to
> > > "READ ONLY."
> > >
> > >
> > >
> > > --
> > >
> > >
> > >
> > > Gary McCartney
> > >
> > > McCartney Electronics
> > > 7134 Fife Rd, RR 7
> > > Guelph Ontario Canada N1H 6J4
> > > Fax: (519)821-1530
> > > email: number63 (at) inetsonic.com
> > >
> > > ------------------------------------------
> > > To REMOVE your email address, click here:
> > > http://www.tech-assist.org/unsubb.html
> > > To CHANGE your email address, click here:
> > > http://www.techassist.net/forms/change.html
> > > ------------------------------------------
> > > ***NEW*** Tips Added Instantly!!!***
> > > Submit Repair Tips here:
> > > http://www.tech-assist.org/secure/tip/
> > >
> >
> > ------------------------------------------
> > To REMOVE your email address, click here:
> > http://www.tech-assist.org/unsubb.html
> > To CHANGE your email address, click here:
> > http://www.techassist.net/forms/change.html
> > ------------------------------------------
> > ***NEW*** Tips Added Instantly!!!***
> > Submit Repair Tips here:
> > http://www.tech-assist.org/secure/tip/
>
> --
>
>
>
> ------------------------------------------
> To REMOVE your email address, click here:
> http://www.tech-assist.org/unsubb.html
> To CHANGE your email address, click here:
> http://www.techassist.net/forms/change.html
> ------------------------------------------
> ***NEW*** Tips Added Instantly!!!***
> Submit Repair Tips here:
> http://www.tech-assist.org/secure/tip/
------------------------------------------
To REMOVE your email address, click here:
http://www.tech-assist.org/unsubb.html
To CHANGE your email address, click here:
http://www.techassist.net/forms/change.html
------------------------------------------
***NEW*** Tips Added Instantly!!!***
Submit Repair Tips here:
http://www.tech-assist.org/secure/tip/
Other related posts:
