PDA

View Full Version : Netsky virus/worm



macpegbj
10-06-2004, 09:11 AM
I have, in the last two or three days, had messages "returning" e-mails that I certainly had not sent that were supposed to contain viruses. I have Norton System Works 2004, with the virus checker kept up to date, and I have Zone Alarm fire wall. The messages were supposed to be to "service@registerdirect.co.nz" and "admin@simplywebsystems.com@blacklisted" and the virus was identified as "Win32/Netsky.Zworm" and "Win32/Netsky.Z@MM!Zip".
Has someone taken over my machine or is this a hoax?

Bruce Mackay

Jim B
10-06-2004, 09:20 AM
See this thread (http://pressf1.pcworld.co.nz/thread.jsp?forum=1&thread=48076&message=278627&q=#278627)

Capt.Hook
10-06-2004, 09:22 AM
Check out the thread....Virus Problems...by Chemicai Ali.....there may be some useful info in that thread for you.

mark c
10-06-2004, 09:26 AM
I get emails in my Outlook Express quite often where some part of contains "MailDelivery" or "AdminMail" or "ErrorMailDelvery", things like that that seem to be an authentic mail delvery report but I suspect are just hoaxes or virus bearers. I don't open them because I can't identify what email they are refferring to. (I very seldom send from OE).

Jim B
10-06-2004, 09:37 AM
Obviously most people just post on the forum and never read anything.

These are not hoaxes, they are genuine returned emails but they do not contain a virus.

If you very seldom send with OE what do you use then, are you saying you very seldom send email at all, just curious.

Capt.Hook
10-06-2004, 09:41 AM
> Obviously most people just post on the forum and
> never read anything.

You got that right Jim

Murray P
10-06-2004, 09:50 AM
Hmm.. mac doesn't say his connection is hobbled or that anything else is wrong. Just the returned emails.

These could be returns because his address has been picked up from someone elses infected machine.

Run the tools anyway to be sure, make sure your virus definitions are up to date and your operating system is patched.

Cheers Murray P

Billy T
10-06-2004, 11:09 AM
> > Obviously most people just post on the forum and
> > never read anything.
>
> You got that right Jim

?:|

It is a bit hard to post without reading, unless you are referring to new posters and they usually arrive with a big (to them) problem and limited knowledge. Nine posts since 2002 doesn't make for a lot of experience.

They can be forgiven for not searching first, it takes time to get used to using an online forum and to learn how to get the best out of it. If we didn't want to answer questions we wouldn't be here..............would we?

Give him a fair go.

Cheers

Billy 8-{)

whiskeytangofoxtrot
10-06-2004, 11:38 AM
Below is the message I send to stacks of customers (slightly modified).

<template>

The reason you are receiving these is most likely because someone you know is infected with a virus. Most viruses operate by picking two addresses at random out of an address book, setting one as the sender, and one as the recipient. This is why you are receiving mail from someone you do not necessarily know. Unfortunately there is no easy way of tracking back the original infected source, or a way of blocking these messages from coming through.

Your ISP may scan your e-mail for viruses as they arrive at their server. This will protect you against known e-mail viruses before they reach your machine. They will only be able to detect incoming e-mail viruses, so you will still need a virus scanner on your home computer as well to protect you against internet, disk based and file sharing viruses.

If you have a virus scanner on your machine such as Norton Antivirus, PC-Cillin or similar make sure you have run the update feature to get the latest virus information. If you haven't run the updates for some time it is advisable to run the update a few times to ensure all the available software upgrades have been downloaded.

There are many good free alternatives to commercial virus scanners - if you don't have a virus scanner it would be worthwhile installing one of the following:

ClamWin
http://www.clamwin.net

AVG Virus Scanner
http://www.grisoft.com

Antivir Virus Scanner
http://www.free-av.com

These are available for free download from the internet and require regular updates as you would with a normal commercial Antivirus Solution.

If you are looking for more information on a virus, or assistance with repairing or removing a virus visit the link below and search for the virus name as identified by your virus scanner - this should provide you with plenty of information on any virus you may encounter.
http://www.symantec.com/avcenter/vinfodb.html

Usually the incidence of these will die down as people realise they are infected and remove the virus.

</template>

Jim B
10-06-2004, 11:51 AM
>
> They can be forgiven for not searching first, it
> takes time to get used to using an online forum and
> to learn how to get the best out of it. If we didn't
> want to answer questions we wouldn't be
> here..............would we?
>
> Give him a fair go.
>
> Cheers
>
> Billy 8-{)

Amen

whiskeytangofoxtrot
10-06-2004, 11:56 AM
>
> Amen
>

Be careful around priests Jim ;-)

mark c
10-06-2004, 12:33 PM
Fair enough Jim B, take your point, should have read the thread you posted.

Nicely cleared up now anyway.

I use Yahoo.

Have a nice day :)

Susan B
10-06-2004, 02:10 PM
Might I suggest that whiskeytangofoxtrot make his "template" into a FAQ for the benefit of the forum?

It would fit nicely as "FAQ #18 Why am I getting emails saying I have a virus?" or similar.

If whiskeytangofoxtrot does not have time or does not wish to make a FAQ from the template would it be OK for me to do so (with acknowledgements, of course)?

Susan B
10-06-2004, 02:23 PM
> Obviously most people just post on the forum and never read anything.

You will probably find that problem is not exclusive to Press F1 but happens on all the other forums as well.

On Press F1 I believe it doesn't help that the number of threads per page default is set to a miserable 15 which is nowhere near enough. A lot of visitors and new people to the forum wouldn't think to increase it to a more sensible 30 or 50 threads per page and don't bother looking further than the first page.

whiskeytangofoxtrot
10-06-2004, 02:58 PM
> If whiskeytangofoxtrot does not have time or does not
> wish to make a FAQ from the template would it be OK
> for me to do so (with acknowledgements, of course)?

Yup... go nuts.

aronking
11-06-2004, 02:56 AM
Awomen

To be totally PC ...

:-)