From McAfee...HIGH RISK....
McAfee.com has seen an OUTBREAK of a large and growing number
of computers infected with W32/Goner@MM, also known as
Pentagone, Goner or Gone. This is a NEW, HIGH RISK virus
that spreads via Microsoft Outlook email and ICQ instant
messaging programs. This mass-mailing worm will arrive
from someone you know with the following email message:
Subject: Hi
Body: How are you ?
When I saw this screen saver, I immediately thought about you
I am in a harry, I promise you will love it!
Attachment: GONE.SCR
Goner has a DESTRUCTIVE PAYLOAD. When the attachment is
opened, it will look for a variety of anti-virus, firewall
and other security programs and attempt to delete them,
along with ALL FILES in the same directory. This worm
will also place a trojan, REMOTE32.INI, on the system, which
contains instructions to attempt Denial-of-Service attacks
on other IRC users.
Take your ICQ off auto-receipt...
[ 12-04-2001: Message edited by: Yshania ]
Another Virus Alert - MS Outlook and ICQ Users Beware!!
-
Yshania
- Posts: 8572
- Joined: Wed May 09, 2001 10:00 pm
- Location: Some Girls Wander By Mistake
- Contact:
Another Virus Alert - MS Outlook and ICQ Users Beware!!
Parachute for sale, like new! Never opened!
Guinness, black goes with everything.
Guinness, black goes with everything.
-
VoodooDali
- Posts: 1992
- Joined: Thu Mar 22, 2001 11:00 pm
- Location: Spanking Witch King
- Contact:
-
Ned Flanders
- Posts: 4867
- Joined: Mon May 28, 2001 10:00 pm
- Location: Springfield
- Contact:
@ VoodooDali,
Have you tried downloading the update file to your pc and then running that way as opposed to running a live update feature. That will probably do the trick.
If you are having update troubles as well as manual scans then the answer lies in the registry. It is a relatively simple fix. You can PM me if you want to discuss.
@ all,
This virus is a real pain in the A$$. If your running win98 and contract the virus, you must remove a wininit.dll file also created by gone.scr. I struggled with this for a while today trying to remove the virus off a users machines. The removal instructions at symantec.com weren't complete.
Ysh is right, ICQ users beware.
On the humorous side,
The above user came to me and said, "I think I ran an attachment that may be a virus in a email I just received. It looks as if outlook is sending out several messages." The look on her face was priceless when I ripped the A/C cord out of the wall (getting to the CAT5 cable was too much work)
At least the virus isn't going to hurt any files besides Norton.
Have you tried downloading the update file to your pc and then running that way as opposed to running a live update feature. That will probably do the trick.
If you are having update troubles as well as manual scans then the answer lies in the registry. It is a relatively simple fix. You can PM me if you want to discuss.
@ all,
This virus is a real pain in the A$$. If your running win98 and contract the virus, you must remove a wininit.dll file also created by gone.scr. I struggled with this for a while today trying to remove the virus off a users machines. The removal instructions at symantec.com weren't complete.
Ysh is right, ICQ users beware.
On the humorous side,
The above user came to me and said, "I think I ran an attachment that may be a virus in a email I just received. It looks as if outlook is sending out several messages." The look on her face was priceless when I ripped the A/C cord out of the wall (getting to the CAT5 cable was too much work)
At least the virus isn't going to hurt any files besides Norton.
Crush enemies, see them driven before you, and hear the lamentations of the women.
-
HighLordDave
- Posts: 4062
- Joined: Sun Jan 14, 2001 11:00 pm
- Location: Between Middle-Earth and the Galaxy Far, Far Away
- Contact:
Someone on campus go this virus yesterday and it's making the rounds through everyone's email because we're all set up on Outlook. There's nothing I enjoy more than getting a self-replicating worm virus from someone in Computing Services. Kind of makes me want to give them a big "Up yours!" when they tell me that I'm compromising the secruity of the network by installing "unauthorised" software on my workstation; at least I have the common sense enough to recognise and not forward malicious code.
Jesus saves! And takes half damage!
If brute force doesn't work, you're not using enough.
If brute force doesn't work, you're not using enough.
-
Ned Flanders
- Posts: 4867
- Joined: Mon May 28, 2001 10:00 pm
- Location: Springfield
- Contact:
-
fable
- Posts: 30676
- Joined: Wed Mar 14, 2001 12:00 pm
- Location: The sun, the moon, and the stars.
- Contact:
I've gotten that virus sent to me twice this morning. Deleted both posts, emailed the sender about it.
My Standard Operating Procedure:
If I don't know the sender, I delete the email.
If I do know the sender but the email sounds suspciously generic, I'll mail 'em back and delete the email.
My Standard Operating Procedure:
If I don't know the sender, I delete the email.
If I do know the sender but the email sounds suspciously generic, I'll mail 'em back and delete the email.
To the Righteous belong the fruits of violent victory. The rest of us will have to settle for warm friends, warm lovers, and a wink from a quietly supportive universe.
-
HighLordDave
- Posts: 4062
- Joined: Sun Jan 14, 2001 11:00 pm
- Location: Between Middle-Earth and the Galaxy Far, Far Away
- Contact:
The best thing to do is exactly what our friend fable said and not open email attachments from people you don't know or don't correspond with regularly. Other ways to recognise a virus attachment:
Turn on your file extensions and look for programs trying to disguise themselves as documents. If the attachment is something like GenericDocument.doc.vbs or ClickOnMe.wpd.bat it's probably a virus.
Misspelling or bad grammar in the email body text.
You get more than one copy of the same email from the same person.
The email is from someone you don't usually get attachments from.
As a general practice, I don't ever open attachments, unless someone has told me in advance that they are sending one to me. There are just too many viruses running around out there that being a little cautious can't hurt.
Turn on your file extensions and look for programs trying to disguise themselves as documents. If the attachment is something like GenericDocument.doc.vbs or ClickOnMe.wpd.bat it's probably a virus.
Misspelling or bad grammar in the email body text.
You get more than one copy of the same email from the same person.
The email is from someone you don't usually get attachments from.
As a general practice, I don't ever open attachments, unless someone has told me in advance that they are sending one to me. There are just too many viruses running around out there that being a little cautious can't hurt.
Jesus saves! And takes half damage!
If brute force doesn't work, you're not using enough.
If brute force doesn't work, you're not using enough.
If you are using Outlook Express first thing to do is turn off preview pane, go to view -->layout and you should find the relevant click box, this will stop the email from automatically openeing when you press on it. Another process (only useful after doing above) right click on the email, go to properties, click details tab, then check message source, skim through that until you find the suffix of the attachment, if it is something like doc.pif or if it has two siffix, then you know it has a virus. We charge our clients for this kidn of knowledge, you get it for free
[ 12-05-2001: Message edited by: Mr Sleep ]
[ 12-05-2001: Message edited by: Mr Sleep ]
I'd have to get drunk every night and talk about virility...And those Pink elephants I'd see.
