View Single Post
  #1 (permalink)  
Old July 20th, 2005
Lord of the Rings's Avatar
Lord of the Rings Lord of the Rings is offline
ContraBanned
 
Join Date: June 30th, 2004
Location: Middle of the ocean apparently (middle earth)
Posts: 619
Lord of the Rings has a distinguished reputationLord of the Rings has a distinguished reputationLord of the Rings has a distinguished reputation
Default * WARNING: Viruses on network you should be aware of ! *

In recent months there's been a spate of virii attacking users. Yet some simple sense & precautions can help you avoid these situations.

Sections: 1. Online Scans. _ 2. What to avoid. _ 3. Other Tools to have handy. _ 4. Reports of Virus / How to elimate files that refuse to delete / Rootkits. _ 5. Specialist forums for help.

Precautions:

1. Keep your anti-virus program active & keep your virus definitions up-to-date. Online scans: (i) Trend Micro HouseCall (ActiveX), . . . .
(ii) Trend Micro HouseCall (Java), . . . . (iii) BitDefender Scan online ,

(iv) eTrust AntiVirus Web Scanner, . . . . (v) McAfee FreeScan, . . . . (vi) RAV AntiVirus Scan online ,

(vii) Panda ActiveScan, . . . . (viii) Microsoft Malicious Software Removal Tool Run an Online Scan of Your PC for Malicious Software. Windows Live OneCare safety scanner. (for removal of Malware.)


2. Avoid downlding exe files. And if you decide to downld zip files, be careful of their size & scan them before opening.
Ignore files less than 2 MB (2,000 KB) in size. See Arrange search results by size (click on link).
Some common trojan sizes are as found:
(a) Beware of files sized 851.7 KB, _______ (b) Most of them are 765.5kb & 399.0kb,
(c) I open the folder there are about 800+ .Rar files all at the size of 765kb, _______ (d) Beware Of This Virus!!!,
(e) Warning: Trojans And Spyware, _______ (f) Gnutella W32.Alcra.B Virus/Trojan Migration & advice!,
(g) unwanted downloads Mass of zipped files,
(h) growing number of ZIP files all the same size & VIRUS's & ANTI-VIRUS programs
(i) viruses, spyware, and other nasties (precautions to take & free AV programs)
(j) Follow steps here & choose your alternative help site. Steps to take are detailed!, __ (k) The easy fix for Limewire popping up every few seconds (try this first), _____ (l) To fix when limewire keeps popping up / no taskmanager bug do the following, ______ (m) Limewire Acting Wierd (PLEASE HELP!!!) - Has easy to do instructions & answer too,
(n) Music files changing from mp3 into zip-exe: some info; Caused by a worm.
(o) Trojan posing as an Audio file - the trojan's official name may have different names such as "Trojan.Downloader.WMA.Wimad.N" or downloader.wimad.n - These files pose as normal mp3 files but will not play.

BEWARE Files below 2,000 KB (= 2 MB) in size AND the following file sizes listed here: (i) Virus Thread - Some spam file sizes examples (click on blue link) & also see (ii) Beware of Fake files in search results (click on blue link); __ Vote 'Against' politicians who support these virus spamming companies!



3. Other tools to have handy: _______ (Remember many Anti-Virus (AV) companies are slow to update on virus definitions (some as long as a year, some
never), & some have a different or slightly different name to their definition of the virus.)

A: Ad-Aware __(FREE)

B: Spybot - Search & Destroy __(FREE)

C: Peerguardian __(FREE) __ * (careful with Peerguardian, they do not re-check their ip addresses after adding. Also their site (url) blocker should be turned off.)

D: Malicious Software Removal Tool for removal of Malware. Malware - Wikipedia, the free encyclopedia

E: http://www.superantispyware.com/ __ (Free / Pro versions)

F: http://www.malwarebytes.org/ __ (Free / Pro)


4. Known Reports of Virii & their FX:

(a) Known Peer To Peer Worm (copying itself to the startup folder), (b) LimeWire continually Popping up every few seconds & also Opening at System Startup, (c) How to get limewire to quit popping up every few seconds This is malware has been identified as Sdbot.worm.gen, Worm.Win32.VB.an, the "AN Worm", sometimes called the "Zodiak Worm", (d) I exit the limewire program, it refuses to stay shut down and will restart its self on it own. The virus is known as w32.Acan, (e) WORM_VB.AS, (f) Files downloaded contain W32 virus or the like

Other known names for these virii (different AV companies may have their own names for the same virus):
worm_bagle.AH, TROJ_INOR.A, TROJ_GLITCH.B, TROJ_SMALL.LI, WORM_CYDOG.B <- Forum posting about worm -> WORM.BAGLE.AH Aliases: W32/Bagle.ai@MM, Win32/BAgle.AI@mm, I-Worm.Bagle.ai, Win32/Bagle.Variant.Worm, Win32:Beagle-AH, Worm/Bagle.AI, W32.beagle.AG.mm, Bagle.AI, W32/Bagle-AH, Bagle.AE <- trendmicro search page, VName=WORM_BAGLE.AH&VSect=T -> Forum posting

Trojan.ByteVerify - Symantec.com
Trojan.ByteVerify, Exploit-ByteVerify [McAfee], Exploit.Java.Bytverify [KAV], JAVA_BYTVERIFY.A [Trend]

Some of the items carrying these virii were like this: -> ??? ****** Crack, ??? Source Code, ??? Beta

* Obviously virii can have variants so always play it safe. And use some common sense when downlding files. Check the file size & if it's obviously much smaller than what it should be. Most legitimate files are larger than 1 MB (1,000 KB), so don't get confused. See Arrange search results by size (click on link) Be very wary or & better to leave it alone. Remember: take precautions.

(g) How to eliminate files that refuse to delete: Incomplete Download File won't delete at all (click link)

(h) http://www.gnutellaforums.com/open-d...some-info.html

(i) Rootkits *** WARNING ***, - (ii) What does a rootkit look like? (iii) Rootkit - Wikipedia, the free encyclopedia

(j) http://www.gnutellaforums.com/tips-t...wma-files.html


5. And even more help? Follow steps here & choose your alternative help site. Go to: # 2. Visit a spyware removal forum (click link) Those sites will help you combat & eradicate the virus. Register & follow their directions for posting very carefully. Also try out some of the online scans in point #1. above.)

* Careful: Some anti-spyware programs such as PestPatrol / CA Anti-Spyware are Anti-P2P software and will either remove or damage the p2p sharing program despite the p2p program containing no spyware.