Sponsor for PC Pals Forum

Author Topic: Re: My Details ??  (Read 7658 times)

Offline DJ

  • Established Member
  • ****
  • Posts: 1448
Re: My Details ??
« on: March 01, 2004, 12:11 »
:hi:

I had 15 (yes 15) emails this morning from someone I don't know with the following heading..

Quote
Re: My Details


They also had the attachment my_details.pif but the firewall renamed this to my_details.pif.safe

I take it that its a virus? Just wondering which one.  

My AVG is bang up to date this morning - so I'll do a full virus scan to be sure I'm safe.

DJ

Offline Sandra

  • Ultimate Member
  • *******
  • Posts: 12155
Re: My Details ??
« Reply #1 on: March 01, 2004, 13:25 »
Hi DJ, it looks like its the So Big virus at it again  :(

See here :

http://www.austincc.edu/andreac/SobigFvirus

Offline DJ

  • Established Member
  • ****
  • Posts: 1448
Re: My Details ??
« Reply #2 on: March 01, 2004, 13:46 »
Thanks.

I deleted them straight away - so hopefully it didn't have time to do any damage.

I did a full scan and it found a  I-Worm/Netsky.D virus in the D:\RECYCLED\DD1~1.SAF

It was unable to move or delete this file.

But looking in the D:\Recylced theres nothing there?  Is there fix to get rid of this virus?

DJ

Offline Clive

  • Administrator
  • *****
  • Posts: 75152
  • Won Quiz of the Year 2015,2016,2017, 2020, 2021
Re: My Details ??
« Reply #3 on: March 01, 2004, 14:11 »
It could also be W32/Netsky-D which came out today.  That could explain why your virus checker failed to pick it up DJ.


W32/Netsky-D
Aliases
W32/Netsky.c@MM
 
Type
Win32 worm
 
Sophos has received many reports of this worm from the wild.
 
 
Description
W32/Netsky-D is a worm that spreads via email.
W32/Netsky-D may arrive in an email with the following characteristics:
Subject line: chosen from -
Re: Approved
Re: Details
Re: Document
Re: Excel file
Re: Hello
Re: Here
Re: Here is the document
Re: Hi
Re: My details
Re: Re: Document
Re: Re: Message
Re: Re: Re: Your document
Re: Re: Thanks!
Re: Thanks!
Re: Word file
Re: Your archive
Re: Your bill
Re: Your details
Re: Your document
Re: Your letter
Re: Your music
Re: Your picture
Re: Your product
Re: Your software
Re: Your text
Re: Your website

Message text: chosen from -
Your file is attached.
Please read the attached file.
Please have a look at the attached file.
See the attached file for details.
Here is the file.
Your document is attached.

Attached file: chosen from -
all_document.pif
application.pif
document.pif
document_4351.pif
document_excel.pif
document_full.pif
document_word.pif
message_details.pif
message_part2.pif
mp3music.pif
my_details.pif
your_archive.pif
your_bill.pif
your_details.pif
your_document.pif
your_file.pif
your_letter.pif
your_picture.pif
your_product.pif
your_text.pif
your_website.pif
yours.pif

When first run W32/Netsky-D creates the following registry entry, so that winlogon.exe is run automatically each time Windows is started:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ICQNet
= <WINDOWS>\winlogon.exe -stealth
 
 
Recovery
Please follow the instructions for removing worms.

Windows NT/2000/XP/2003

In Windows NT/2000/XP/2003 you will also need to edit the following registry entry. The removal of this entry is optional in Windows 95/98/Me. Please read the warning about editing the registry.

At the taskbar, click Start|Run. Type 'Regedit' and press Return. The registry editor opens.

Before you edit the registry, you should make a backup. On the 'Registry' menu, click 'Export Registry File'. In the 'Export range' panel, click 'All', then save your registry as Backup.

Locate the HKEY_LOCAL_MACHINE entry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
ICQNet = <WINDOWS>\winlogon.exe -stealth

and delete it if it exists.

Close the registry editor.
 

Offline DJ

  • Established Member
  • ****
  • Posts: 1448
Re: My Details ??
« Reply #4 on: March 01, 2004, 14:18 »
Thanks Clive,

That key did exist in the registry so I deleted it.  Did another full AVG scan and now theirs no more viruses (or should that be viri??  :-\ )

Thanks again - I'm virus free - for now  ;)

DJ

Offline Simon

  • Administrator
  • *****
  • Posts: 77921
  • First to score 7/7 in Quiz of The Week's News 2017
Re: My Details ??
« Reply #5 on: March 01, 2004, 17:20 »
My Norton updated as soon as I logged on this afternoon, so I assume that must have been for Netsky-D.  More info, removal instructions (using Norton AV), and Registry Key info from here.
Many thanks to all our members, who have made PC Pals such an outstanding success!   :thumb:

Offline TR

  • Forum Fanatic
  • ******
  • Posts: 7149
Re: My Details ??
« Reply #6 on: March 01, 2004, 17:28 »
For the last 2 days AVG has updated 2wice a day, must be some rum goings on out there in virus land  :o

Offline Clive

  • Administrator
  • *****
  • Posts: 75152
  • Won Quiz of the Year 2015,2016,2017, 2020, 2021
Re: My Details ??
« Reply #7 on: March 01, 2004, 19:40 »
You were very unlucky to get a dose of that before the antidote became available DJ.  But I suppose some people have to catch these viruses first so that the antivirus companies can work out a solution to protect the rest of us.   :thanks:

Offline DJ

  • Established Member
  • ****
  • Posts: 1448
Re: My Details ??
« Reply #8 on: March 01, 2004, 19:44 »
But I suppose some people have to catch these viruses first so that the antivirus companies can work out a solution to protect the rest of us.   :thanks:


At least I was useful for once!  ;)

DJ

Offline Dogsbody

  • Regular Member
  • **
  • Posts: 187
Re: My Details ??
« Reply #9 on: March 01, 2004, 21:29 »
Hi peeps
For the 1st time ever my Norton has kicked in saying I,ve been viried (is that a word, maybe it should be if it isn't) with Netsky, don't know whether I've been lucky over the last few years but now know AV is worth the cash. By the way this is one of the best sites I visit (even though I don't contribute much, could be cos i don't know a lot ;D)but I will be watching and waiting for the day someone asks a question for which I know the answer  ::)

Offline Simon

  • Administrator
  • *****
  • Posts: 77921
  • First to score 7/7 in Quiz of The Week's News 2017
Re: My Details ??
« Reply #10 on: March 01, 2004, 22:18 »
There's plenty of other areas you could contribute to on the site, DB.  Many of us are by no means computer experts, but we still find something to say!   ;) ;D
Many thanks to all our members, who have made PC Pals such an outstanding success!   :thumb:

Adept

  • Guest
Re: My Details ??
« Reply #11 on: March 02, 2004, 07:17 »
Yesterday was a bad day for NetSky. At work we received at least 100 of the little buggers. Luckily our anti-virus caught them all.

All from people who can't be bothered to update their patches and A/V program I bet ::)


Offline Camstop

  • Loyal Member
  • *****
  • Posts: 4657
Re: My Details ??
« Reply #12 on: March 02, 2004, 07:54 »
I got it last night too but with Nortons doing two auto-updates per day at the moment it was picked up for me to delete... 8)

And i just ran the fix tool from symantec just in case. :thumb:

Offline Michelle

  • Forum Fanatic
  • ******
  • Posts: 5242
    • Techieminx
Re: My Details ??
« Reply #13 on: March 02, 2004, 18:19 »
Okay I'm confused now ............  ::)


I've been updating and checkin like mad cos I'm being sent loads of viruses! But I was sure I'd not opened a thing.

Now AVG said it found one but it didn't remove it, its still on my drive ? Why didn't it remove it?

I saw something about how to remove something recently thought it was this thread ..  but anyway I didn't understand it all. (sob)

Or would it be cos I had unread emails and its there? oh no cos it wouldn't be on my drive then would it. (thicko_)

Oh and I still have ME I noticed something was different on the removal that someone gave.

I really must upgrade!!!

Please what do I do Guys ?  ???
Out of all the things I've lost .......I miss my mind the most!!

Offline Lona

  • Ultimate Member
  • *******
  • Posts: 11979
Re: My Details ??
« Reply #14 on: March 02, 2004, 18:30 »
I think this might be what your are looking for Michelle. :D

http://enterprisesecurity.symantec.com/article.cfm?articleid=2420
http://dinah.www.idnet.com/chrisisaac.swf


If one took the Scots out of the world, it would fall apart
Dr. Louis B Wright, Washington DC, National Geographic (1964), from Donald MacDonald, Edinburgh :thumb:


Show unread posts since last visit.
Sponsor for PC Pals Forum