75 Appears to have a virus

Discussion in 'Commercial Snow Removal' started by Chuck Smith, May 20, 2002.

  Chuck Smith

    Chuck Smith
    from NJ
    Messages: 2,317

    It appears that 75 (Rob) has a virus. I just received this e mail today. I hope I am wrong. The return path is 75's address.
    :( Sorry Rob!


    Subj: A very humour game
    Date: 5/20/02 2:32:48 PM Eastern Daylight Time
    From: support@lawnsite.com (support)
    To: csmith669@aol.com

    File: snoopy.zip (43668 bytes)
    DL Time (50666 bps): < 1 minute


    This is a humour game
    This game is my first work.
    You're the first player.
    I wish you would enjoy it.

    ----------------------- Headers --------------------------------
    Return-Path: rwcs@sympatico.ca
    Received: from rly-xd02.mx.aol.com (rly-xd02.mail.aol.com []) by air-xd04.mail.aol.com (v86.11) with ESMTP id MAILINXD42-0520143247; Mon, 20 May 2002 14:32:47 -0400
    Received: from tomts10-srv.bellnexxia.net (tomts10.bellnexxia.net []) by rly-xd02.mx.aol.com (v86.11) with ESMTP id MAILRELAYINXD210-0520143235; Mon, 20 May 2002 14:32:35 -0400
    Received: from Dmssyusv ([]) by tomts10-srv.bellnexxia.net
    (InterMail vM. 201-253-122-122-105-20011231) with SMTP
    id <20020520183208.DTV6837.tomts10-srv.bellnexxia.net@Dmssyusv>
    for csmith669@aol.com; Mon, 20 May 2002 14:32:08 -0400
    From: support support@lawnsite.com
    To: csmith669@aol.com
    Subject: A very humour game
    MIME-Version: 1.0
    Content-Type: multipart/alternative;
    Message-Id: 20020520183208.DTV6837.tomts10-srv.bellnexxia.net@Dmssyusv
    Date: Mon, 20 May 2002 14:32:34 -0400
  BRL

    BRL PlowSite.com - Veteran
    Messages: 1,277

    Yep! I got a couple from him today too.
  Pelican

    Pelican 2000 Club Member
    Messages: 2,075

    This came to me today with an attachment, didn't open it, just deleted.

    I haven't sent anything to Plowsite support since January so I was suspicious.
  Chuck Smith

    Chuck Smith 2000 Club Member
    from NJ
    Messages: 2,317

    That's the worst part of this virus. IT forges the from field of the mail. I got it twice yesterday sent to me from "myself". Checking the headers, it was clear it was sent by someone else. This virus takes addresses from the infected computer's address book, AND from Temporary Internet Files (cache) of the infected computer, and uses them in various combinations to entice people to open the mail, and download the attachment.

    As I have said before, update Windows weekly, Windows Update is right on your Start Menu. Update your virus protection program weekly too. I know downloading the latest version of Internet Explorer takes a loooooong time on a dial up connection, but it has all the security patches in it. These viruses are aimed at those who use Outlook and Outlook Express to read mail. The virus can also run automatically in older versions of Internet Explorer, if you read you e mail on the web. That is why updating Internet Explorer, AND Windows is important. The text of these e mails is a code that will cause the attachment to download and install itself without your knowledge.

  John Allin

    John Allin PlowSite.com Addict
    Messages: 1,327

    Great... just got rid of the Kles virus, and now this.

    I started using Spam Buster to preview all my messages, and then delete out anything I don't recognize before downloading....

    Chuck - do you think that is good enough ???
  75

    75 PlowSite.com Addict
    Messages: 1,382

    Yes, that's correct. :mad:

    My apologies to everyone, and I'll be "off-line" until I get things sorted out............................ :(
  GeoffD

    GeoffD PlowSite.com Veteran
    Messages: 2,266

    Rob how is the truck going?

  75

    75 PlowSite.com Addict
    Messages: 1,382

    Well, looks like everything is back in order and "de-virused". Again my apologies to everyone for the aggravation that was caused, about the only good thing I can say that came out of it is I've learned to be more careful...............

    As far as the truck project goes Geoff, it's been sitting for a little while as I iron some bugs out of the Harley. Truck frame is about 90% complete, cab bodywork about 50% done. New driveshafts have been made and are just waiting to go in once the engine/trans/transfer case are installed "permanent".

    And there will not be any computer in, on or near the 'ol truck when it's finished.......................
  Chuck Smith

    Chuck Smith 2000 Club Member
    from NJ
    Messages: 2,317


    Not to burst your bubble, but this morning I got the virus sent to me twice from your actual e mail address (which is in the headers of the e mail), so it isn't gone just yet. :(

    Go to http://housecall.antivirus.com and do a full scan and clean.

  Chuck Smith

    Chuck Smith 2000 Club Member
    from NJ
    Messages: 2,317

    I just gave Rob a call on the phone. He is going to the above website to remove the virus once and for all! :)

  Chuck Smith

    Chuck Smith 2000 Club Member
    from NJ
    Messages: 2,317

    I have kept this thread at the top, because Rob has been having a hard time removing the virus. It is still being sent out when he logs on. This is why he has not been posting much lately.

    I hate to say it Rob, but it may be time to:


  BushHogBoy

    BushHogBoy Senior Member
    Messages: 665

    Hey Rob I was going to send you an email today since I haven't in so long, but couldn't find your email address so I came here and saw this thread. Now I know your email, but I'm not going to email you until you get this taken care of. Don't wanna get infected :eek: ! Also I kinda think that if you have to format, you'd loose the email anyway, depending on how it's setup. Make sure and back up all important files to floppy disks or CD's before you format, if you do. Because you will lose everything you got if you don't. Save all your favorites too don't forget. Well, send me an email when you get this taken care of and I'll tell you what I've been upto.
    Best of luck with your PC nightmares!
  Chuck Smith

    Chuck Smith 2000 Club Member
    from NJ
    Messages: 2,317

    I spoke to Rob, and he is now using an old computer he has to go online. It is "clean". It is his newer computer that still has the virus, so I expect him to be around more often now.

    I am also unsticking this thread tomorrow.

  DaveK

    DaveK Senior Member
    Messages: 420

    I found a great free anti-virus program that has free regular updates. I was using Computer Associates InnoculateIT Personal edition 'till they backed out of there promised "free updates for life" promotion. They decided to drop the free updates and sell a new online service. After promoting themselves as a company that is more concerned with virus control for all user than just profits, and then backing out of it, I decided I would not buy from them.

    Anyway, AVG 6.0 Free Edition is available at www.grisoft.com . They do offer another version for sale, but the free version is quite good, and has saved me from more than one email virus.

    It sure make you wonder if using email is worth it.

    BTW, don't take Chuck's humorous image above seriously, It may may be difficult to remove some viruses (virii) but it can be done without formatting the hard-drive. I have heard about people replacing memory and hard-drives because of a virus, but that is due to lack of knowing how to remove the virus, (the easy way out).
    Last edited: Jul 16, 2002
  Chuck Smith

    Chuck Smith 2000 Club Member
    from NJ
    Messages: 2,317

    Yes, the formatting gif was a joke in a way, but also, Rob bought an AV program, that did not fully remove the virus. He tried to go to the site I gave above, and it would not fully download the drivers to do the scan. Meanwhile, the instant he logs on, the virus starts sending itself again. :realmad:

    Rob, maybe you can download the free program Dave mentioned above onto a zip disc, and then run it on your infected computer?

    While somewhat crude, formatting your hard drive WILL remove all traces of the virus in most cases...... AND after trying so hard to get rid of it, it can be an easy way out at this point. I'm sure your old computer that you are surfing with is much slower than your newer one.

  DaveK

    DaveK Senior Member
    Messages: 420

    While formatting is a way out, and that part is easy, reloading all your programs and data can be very time consuming. For me, formatting is NOT an option. For others, it not be a big deal, especially if it is a new PC that you haven't installed much on.

    As far as the anti-virus not fixing everything. Sometimes it can't. It will remove the virus, but can't always fix the things that the virus screwed up. The yaha virus, for example, puts a file in windows directory using a random 5 character name. The anti virus program has no way of knowing what the name of the file is. So with many viruses, there IS some manual fixing that YOU have to do.

    I just cleaned the yaha virus off a computer for a friend. This thing was a major PITA. It puts an entry in windows system registry, and loads itself at start-up. After using MS-System Info program to see what programs where running, I found the virus program hidden in the "recycled" directory (couldn't see it since it was flagged as a hidden file). Had to reboot to DOS mode, go to the recycled directory, change the file from hidden to non-hidden and delete it.

    That was just the begining. When windows restarted, besides getting many error messages, it wouldn't run any exe files. Had to rename regedit.exe to regedit.com just to open the system registry.

    Ok, that may have been a bit too technical for a few of ya, but that was definately the hardest virus I have every had to remove. And I've removed a LOT from PCs at GM while working at EDS. Engineers are like virus magnets. :rolleyes:

    Here are some excellent tools for virus removal AND can often repair the damage that was done. The DOS version is free and can be unzipped and put on a CD (to large for floppy) or even a flash disk and then you can run it on other computers. No installation is needed (since it is a dos program).

    Lower on the page are removal tools and instructions for most of the new viruses. I hope this helps. They are all free.http://www.europe.f-secure.com/download-purchase/tools.shtml I just noticed that there is a yaha removal tool. doh
    Last edited: Jul 18, 2002
  75

    75 PlowSite.com Addict
    Messages: 1,382

    Dave and Chuck - many thanks for your suggestions, advice and links you've posted in this thread. I will try taking the "non-format" approach first, with the resources available in the links Dave posted.

    Of course, I realize (now - :( ) that the inital cause of the whole mess was my computer's virus protection not being fully up to spec. I'll admit I'm a lot more familiar with how mechanical things work than electronic things, I suspect the reason the Housecall link wouldn't download fully was that the virus had made enough of a mess of things that it made the download not possible.
  DaveK

    DaveK Senior Member
    Messages: 420

    On top of that, it also disables most of the best know brands of anti-virus. So there is a bit of manual fixing to do to help the anti-virus do it's job.

    Here are two very good articles worth reading.

    The Two-Step Virus Lurks by John Dvorak (PCmag.com)

    Here is a what is possible in the very near future. Worst case virus scenarios by John Dvorak (PCmag.com)