Clancy; Keep checking that start-up folder for the next few days and make sure it has not come back. -Ed- On Monday, October 28, 2002, at 11:09 AM, Clancy Harms wrote: > > You are correct Sir Jeffie > I hadn't done a Microsoft update, until yesterday that is. > I finally learned how to get to the Windows configurations settings > and found 'brazil.exe' hiding in my screen saver.exe and also in the > 'start-up' file. Sneaky little BA_TARD ! > Not you, I mean the virus :-) > > Clancy Harms, > Dick's Radio & TV, Inc. > 2319 West Clay St. "Aim high men" > St. Charles, MO. 63301 "they're on camels" > (636)-724-5055 > (636)-724-5531 fax > email: dickstv1@xxxxxxxxxxxxx > ----- Original Message ----- > From: "Tech Repair CD support" <support@xxxxxxxxxxxxxxx> > To: <techassist@xxxxxxxxxxxxx> > Sent: Sunday, October 27, 2002 8:34 PM > Subject: [TechAssist] Re: security problems today > > >> >> What the heck are you guys doing to get all these infections? >> Make sure you have Windows update security fixes installed. >> With all the infected emails I have received, I still have not gotten > infected >> with any of these. >> Either you folks are not visiting MS update site enough, or you put >> too > much trust >> in Norton. >> Also, go to www.mailwasher.net and download their program. >> In addition to being able to send bounced messages to those SPAM >> sites, it > also >> alerts you to suriv infected emails that you can delete before they >> are > even >> downloaded. >> Jeff >> FAX 717-564-4952 >> Intrepid Video & Electronics >> 501 Luther Rd >> Harrisburg PA 17111-2055 >> Be careful of your thoughts. >> They may become your words any moment. >> Order your tip CD today. Filled with TV, VCR, camcorder tips and more. >> Version 3.0, ready, with more tips, user friendly program. >> $49.00 for CD, plus first year of tip updates. >> sales@xxxxxxxxxxxxxxx for more info >> www.tech-repair.net www.intrepid-video.com >> www.thetoolcaddy.com www.9-11-2001tragedy.com >> ******************************************************************** >> >> ----- Original Message ----- >> From: "Clancy Harms" <dickstv1@xxxxxxxxxxxxx> >> To: <techassist@xxxxxxxxxxxxx> >> Sent: Sunday, October 27, 2002 1:51 PM >> Subject: [TechAssist] Re: security problems today >> >> >> >> Hi all; >> I'm also fighting this crap! >> Check for 'ALEVIR.EXE', 'MSSG.EXE', & 'SCRSVR.EXE', >> They've hit me yesterday and today (Sunday) >> >> Clancy Harms, Dick's Radio & TV, Inc. >> 2319 West Clay St. "Aim high men" >> St. Charles, MO. 63301 "they're on camels" >> (636)-724-5055 >> (636)-724-5531 fax >> email: dickstv1@xxxxxxxxxxxxx >> ----- Original Message ----- >> From: "Tel-Tek Electronics" <teltek2@xxxxxxxxxxxx> >> To: <techassist@xxxxxxxxxxxxx> >> Sent: Sunday, October 27, 2002 12:22 PM >> Subject: [TechAssist] Re: security problems today >> >> >>> >>> Gary....I know how you feel, I just went thru 3 days getting my >>> system >>> staightened out. >>> Do search for brasil.exe..on your system.also known by other names, >>> but >>> that's a bad one. >>> >>> -Ed- >>> Tel-Tek Electronic. >>> Ontario-Canada >>> teltek2@xxxxxxxxxxxx >>> ----- Original Message ----- >>> From: "Gary McCartney" <number63@xxxxxxxxxxxxx> >>> To: <techassist@xxxxxxxxxxxxx> >>> Sent: Saturday, October 26, 2002 11:16 PM >>> Subject: [TechAssist] security problems today >>> >>> >>>> >>>> I've had a busy day keeping my computer safe. >>>> >>>> First, I received several klez32 vir. and Norton AV 2002 picked them > all >>>> up no problem, except after quaranteening it one time, my inbox >>>> froze >>>> (Netscape 4.79). I restarted Netscape and it wouldn't allow me to > access >>>> my inbox at all. Then I scanned my whole system for vir. >>>> but Norton found nothing. I was lucky in finding what was causing >>>> the >>>> problem. After pressing "Control/Alt/Delete" to go into the Win 2000 >>>> task manager, in the processes tab, Netscape was shown as still > running >>>> even though I had closed it down. I clicked on the line and closed >>>> Netscape from there, then I could get my mail again. What a relief. >>>> >>>> Second, I noticed an ICON on my desktop that didn't belong there. It >>>> said, "GO IN.EXE" >>>> I did not click on it, fearing an uninvited guest placed it there. I > did >>>> a search on Google and found out that it was an uninvited dial-up >>>> connection installed in Dial-up Networking. If I would have clicked >>>> on >>>> the icon, I think it would have dialed up an overseas 1-900 number >>>> and >>>> I'd been charged hundreds of bucks for the call. >>>> >>>> I deleted everything from my files relating to "go in.exe" plus I >>>> scanned my registry for any keys, plus I did a Norton Win Doctor on >>>> my >>>> hard drive. This removes obsolete or bad keys from your registry. >>>> Then > I >>>> deleted temp internet files from IE and cleared all my Netscape >>>> cache. >>>> >>>> Then I rebooted and the dial-up connection is gone, but the warning >>>> is >>>> that it could come back, maybe days later. I searched Symantec's >>>> site >>>> but they don't seem to know about it. I will be forwarding this >>>> email > to >>>> them. >>>> >>>> I didn't find a lot of info on the net regarding this, but here is > what >>>> another person had to say about it: >>>> >>>> >>>> >>>> >>>> >>>> SECURITY ALERT FOR PERSONAL COMPUTER USERS: I just learned today of >>>> a >>>> program call "go in.exe" that will be surreptiously installed on >>>> your >>>> computer from surfing >>>> the web, usually there will be an invisible java program on a >>>> website > of >>>> the type that collect stats on browser hits, that installs this on > your >>>> harddrive. What it does is Change >>>> the Default for your dialup connection and redirect it to their > system. >>>> Then when you dialup, instead of your common carrier for $19.95 a > month >>>> or whatever you are paying >>>> for internet connection, they are using overseas long distance lines > and >>>> you may then get a bill for thousands of dollars. I didn't get the >>>> details on how they would attempt to >>>> collect the money from you, but it would come under the auspices of >>>> "computer crime." However, the crime occurs in your area, and my > finding >>>> so far is that local law >>>> enforcement officers as a rule do not have "the first clue!" >>>> >>>> Everyone should check their .exe files on the computer, and take >>>> note > of >>>> any that look suspicious. You can do this by going to your START >>>> MENU, >>>> select FIND, then type >>>> ASTERISK DOT EXE in this format *.exe and then click FIND, it will > LIST >>>> every program and you can then find out the nature of it by >>>> selecting >>>> FILE then PROPERTIES. Don't >>>> remove anything before you make sure that it is not an operating > system >>>> file, or check with a computer expert, but you can temporarily >>>> disable >>>> it by changing the file to >>>> "READ ONLY." >>>> >>>> >>>> >>>> -- >>>> >>>> >>>> >>>> Gary McCartney >>>> >>>> McCartney Electronics >>>> 7134 Fife Rd, RR 7 >>>> Guelph Ontario Canada N1H 6J4 >>>> Fax: (519)821-1530 >>>> email: number63 (at) inetsonic.com >>>> >>>> ------------------------------------------ >>>> To REMOVE your email address, click here: >>>> http://www.tech-assist.org/unsubb.html >>>> To CHANGE your email address, click here: >>>> http://www.techassist.net/forms/change.html >>>> ------------------------------------------ >>>> ***NEW*** Tips Added Instantly!!!*** >>>> Submit Repair Tips here: >>>> http://www.tech-assist.org/secure/tip/ >>> >>> >>> ------------------------------------------ >>> To REMOVE your email address, click here: >>> http://www.tech-assist.org/unsubb.html >>> To CHANGE your email address, click here: >>> http://www.techassist.net/forms/change.html >>> ------------------------------------------ >>> ***NEW*** Tips Added Instantly!!!*** >>> Submit Repair Tips here: >>> http://www.tech-assist.org/secure/tip/ >> >> ------------------------------------------ >> To REMOVE your email address, click here: >> http://www.tech-assist.org/unsubb.html >> To CHANGE your email address, click here: >> http://www.techassist.net/forms/change.html >> ------------------------------------------ >> ***NEW*** Tips Added Instantly!!!*** >> Submit Repair Tips here: >> http://www.tech-assist.org/secure/tip/ >> >> >> >> ------------------------------------------- >> Introducing NetZero Long Distance >> Unlimited Long Distance only $29.95/ month! >> Sign Up Today! www.netzerolongdistance.com >> ------------------------------------------ >> To REMOVE your email address, click here: >> http://www.tech-assist.org/unsubb.html >> To CHANGE your email address, click here: >> http://www.techassist.net/forms/change.html >> ------------------------------------------ >> ***NEW*** Tips Added Instantly!!!*** >> Submit Repair Tips here: >> http://www.tech-assist.org/secure/tip/ > > ------------------------------------------ > To REMOVE your email address, click here: > http://www.tech-assist.org/unsubb.html > To CHANGE your email address, click here: > http://www.techassist.net/forms/change.html > ------------------------------------------ > ***NEW*** Tips Added Instantly!!!*** > Submit Repair Tips here: > http://www.tech-assist.org/secure/tip/ > > Tel-Tek Electronics teltek2@xxxxxxxxxxxx ------------------------------------------ To REMOVE your email address, click here: http://www.tech-assist.org/unsubb.html To CHANGE your email address, click here: http://www.techassist.net/forms/change.html ------------------------------------------ ***NEW*** Tips Added Instantly!!!*** Submit Repair Tips here: http://www.tech-assist.org/secure/tip/