[TechAssist] Re: security problems today
- From: Ed Gaidies <teltek2@xxxxxxxxxxxx>
- To: techassist@xxxxxxxxxxxxx
- Date: Mon, 28 Oct 2002 12:24:41 -0500
Clancy;
Keep checking that start-up folder for the next few days and make sure
it has not come back.
-Ed-
On Monday, October 28, 2002, at 11:09 AM, Clancy Harms wrote:
>
> You are correct Sir Jeffie
> I hadn't done a Microsoft update, until yesterday that is.
> I finally learned how to get to the Windows configurations settings
> and found 'brazil.exe' hiding in my screen saver.exe and also in the
> 'start-up' file. Sneaky little BA_TARD !
> Not you, I mean the virus :-)
>
> Clancy Harms,
> Dick's Radio & TV, Inc.
> 2319 West Clay St. "Aim high men"
> St. Charles, MO. 63301 "they're on camels"
> (636)-724-5055
> (636)-724-5531 fax
> email: dickstv1@xxxxxxxxxxxxx
> ----- Original Message -----
> From: "Tech Repair CD support" <support@xxxxxxxxxxxxxxx>
> To: <techassist@xxxxxxxxxxxxx>
> Sent: Sunday, October 27, 2002 8:34 PM
> Subject: [TechAssist] Re: security problems today
>
>
>>
>> What the heck are you guys doing to get all these infections?
>> Make sure you have Windows update security fixes installed.
>> With all the infected emails I have received, I still have not gotten
> infected
>> with any of these.
>> Either you folks are not visiting MS update site enough, or you put
>> too
> much trust
>> in Norton.
>> Also, go to www.mailwasher.net and download their program.
>> In addition to being able to send bounced messages to those SPAM
>> sites, it
> also
>> alerts you to suriv infected emails that you can delete before they
>> are
> even
>> downloaded.
>> Jeff
>> FAX 717-564-4952
>> Intrepid Video & Electronics
>> 501 Luther Rd
>> Harrisburg PA 17111-2055
>> Be careful of your thoughts.
>> They may become your words any moment.
>> Order your tip CD today. Filled with TV, VCR, camcorder tips and more.
>> Version 3.0, ready, with more tips, user friendly program.
>> $49.00 for CD, plus first year of tip updates.
>> sales@xxxxxxxxxxxxxxx for more info
>> www.tech-repair.net www.intrepid-video.com
>> www.thetoolcaddy.com www.9-11-2001tragedy.com
>> ********************************************************************
>>
>> ----- Original Message -----
>> From: "Clancy Harms" <dickstv1@xxxxxxxxxxxxx>
>> To: <techassist@xxxxxxxxxxxxx>
>> Sent: Sunday, October 27, 2002 1:51 PM
>> Subject: [TechAssist] Re: security problems today
>>
>>
>>
>> Hi all;
>> I'm also fighting this crap!
>> Check for 'ALEVIR.EXE', 'MSSG.EXE', & 'SCRSVR.EXE',
>> They've hit me yesterday and today (Sunday)
>>
>> Clancy Harms, Dick's Radio & TV, Inc.
>> 2319 West Clay St. "Aim high men"
>> St. Charles, MO. 63301 "they're on camels"
>> (636)-724-5055
>> (636)-724-5531 fax
>> email: dickstv1@xxxxxxxxxxxxx
>> ----- Original Message -----
>> From: "Tel-Tek Electronics" <teltek2@xxxxxxxxxxxx>
>> To: <techassist@xxxxxxxxxxxxx>
>> Sent: Sunday, October 27, 2002 12:22 PM
>> Subject: [TechAssist] Re: security problems today
>>
>>
>>>
>>> Gary....I know how you feel, I just went thru 3 days getting my
>>> system
>>> staightened out.
>>> Do search for brasil.exe..on your system.also known by other names,
>>> but
>>> that's a bad one.
>>>
>>> -Ed-
>>> Tel-Tek Electronic.
>>> Ontario-Canada
>>> teltek2@xxxxxxxxxxxx
>>> ----- Original Message -----
>>> From: "Gary McCartney" <number63@xxxxxxxxxxxxx>
>>> To: <techassist@xxxxxxxxxxxxx>
>>> Sent: Saturday, October 26, 2002 11:16 PM
>>> Subject: [TechAssist] security problems today
>>>
>>>
>>>>
>>>> I've had a busy day keeping my computer safe.
>>>>
>>>> First, I received several klez32 vir. and Norton AV 2002 picked them
> all
>>>> up no problem, except after quaranteening it one time, my inbox
>>>> froze
>>>> (Netscape 4.79). I restarted Netscape and it wouldn't allow me to
> access
>>>> my inbox at all. Then I scanned my whole system for vir.
>>>> but Norton found nothing. I was lucky in finding what was causing
>>>> the
>>>> problem. After pressing "Control/Alt/Delete" to go into the Win 2000
>>>> task manager, in the processes tab, Netscape was shown as still
> running
>>>> even though I had closed it down. I clicked on the line and closed
>>>> Netscape from there, then I could get my mail again. What a relief.
>>>>
>>>> Second, I noticed an ICON on my desktop that didn't belong there. It
>>>> said, "GO IN.EXE"
>>>> I did not click on it, fearing an uninvited guest placed it there. I
> did
>>>> a search on Google and found out that it was an uninvited dial-up
>>>> connection installed in Dial-up Networking. If I would have clicked
>>>> on
>>>> the icon, I think it would have dialed up an overseas 1-900 number
>>>> and
>>>> I'd been charged hundreds of bucks for the call.
>>>>
>>>> I deleted everything from my files relating to "go in.exe" plus I
>>>> scanned my registry for any keys, plus I did a Norton Win Doctor on
>>>> my
>>>> hard drive. This removes obsolete or bad keys from your registry.
>>>> Then
> I
>>>> deleted temp internet files from IE and cleared all my Netscape
>>>> cache.
>>>>
>>>> Then I rebooted and the dial-up connection is gone, but the warning
>>>> is
>>>> that it could come back, maybe days later. I searched Symantec's
>>>> site
>>>> but they don't seem to know about it. I will be forwarding this
>>>> email
> to
>>>> them.
>>>>
>>>> I didn't find a lot of info on the net regarding this, but here is
> what
>>>> another person had to say about it:
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> SECURITY ALERT FOR PERSONAL COMPUTER USERS: I just learned today of
>>>> a
>>>> program call "go in.exe" that will be surreptiously installed on
>>>> your
>>>> computer from surfing
>>>> the web, usually there will be an invisible java program on a
>>>> website
> of
>>>> the type that collect stats on browser hits, that installs this on
> your
>>>> harddrive. What it does is Change
>>>> the Default for your dialup connection and redirect it to their
> system.
>>>> Then when you dialup, instead of your common carrier for $19.95 a
> month
>>>> or whatever you are paying
>>>> for internet connection, they are using overseas long distance lines
> and
>>>> you may then get a bill for thousands of dollars. I didn't get the
>>>> details on how they would attempt to
>>>> collect the money from you, but it would come under the auspices of
>>>> "computer crime." However, the crime occurs in your area, and my
> finding
>>>> so far is that local law
>>>> enforcement officers as a rule do not have "the first clue!"
>>>>
>>>> Everyone should check their .exe files on the computer, and take
>>>> note
> of
>>>> any that look suspicious. You can do this by going to your START
>>>> MENU,
>>>> select FIND, then type
>>>> ASTERISK DOT EXE in this format *.exe and then click FIND, it will
> LIST
>>>> every program and you can then find out the nature of it by
>>>> selecting
>>>> FILE then PROPERTIES. Don't
>>>> remove anything before you make sure that it is not an operating
> system
>>>> file, or check with a computer expert, but you can temporarily
>>>> disable
>>>> it by changing the file to
>>>> "READ ONLY."
>>>>
>>>>
>>>>
>>>> --
>>>>
>>>>
>>>>
>>>> Gary McCartney
>>>>
>>>> McCartney Electronics
>>>> 7134 Fife Rd, RR 7
>>>> Guelph Ontario Canada N1H 6J4
>>>> Fax: (519)821-1530
>>>> email: number63 (at) inetsonic.com
>>>>
>>>> ------------------------------------------
>>>> To REMOVE your email address, click here:
>>>> http://www.tech-assist.org/unsubb.html
>>>> To CHANGE your email address, click here:
>>>> http://www.techassist.net/forms/change.html
>>>> ------------------------------------------
>>>> ***NEW*** Tips Added Instantly!!!***
>>>> Submit Repair Tips here:
>>>> http://www.tech-assist.org/secure/tip/
>>>
>>>
>>> ------------------------------------------
>>> To REMOVE your email address, click here:
>>> http://www.tech-assist.org/unsubb.html
>>> To CHANGE your email address, click here:
>>> http://www.techassist.net/forms/change.html
>>> ------------------------------------------
>>> ***NEW*** Tips Added Instantly!!!***
>>> Submit Repair Tips here:
>>> http://www.tech-assist.org/secure/tip/
>>
>> ------------------------------------------
>> To REMOVE your email address, click here:
>> http://www.tech-assist.org/unsubb.html
>> To CHANGE your email address, click here:
>> http://www.techassist.net/forms/change.html
>> ------------------------------------------
>> ***NEW*** Tips Added Instantly!!!***
>> Submit Repair Tips here:
>> http://www.tech-assist.org/secure/tip/
>>
>>
>>
>> -------------------------------------------
>> Introducing NetZero Long Distance
>> Unlimited Long Distance only $29.95/ month!
>> Sign Up Today! www.netzerolongdistance.com
>> ------------------------------------------
>> To REMOVE your email address, click here:
>> http://www.tech-assist.org/unsubb.html
>> To CHANGE your email address, click here:
>> http://www.techassist.net/forms/change.html
>> ------------------------------------------
>> ***NEW*** Tips Added Instantly!!!***
>> Submit Repair Tips here:
>> http://www.tech-assist.org/secure/tip/
>
> ------------------------------------------
> To REMOVE your email address, click here:
> http://www.tech-assist.org/unsubb.html
> To CHANGE your email address, click here:
> http://www.techassist.net/forms/change.html
> ------------------------------------------
> ***NEW*** Tips Added Instantly!!!***
> Submit Repair Tips here:
> http://www.tech-assist.org/secure/tip/
>
>
Tel-Tek Electronics
teltek2@xxxxxxxxxxxx
------------------------------------------
To REMOVE your email address, click here:
http://www.tech-assist.org/unsubb.html
To CHANGE your email address, click here:
http://www.techassist.net/forms/change.html
------------------------------------------
***NEW*** Tips Added Instantly!!!***
Submit Repair Tips here:
http://www.tech-assist.org/secure/tip/
Other related posts:
