|
Note: 10/4/03
I have not been infected by a Virus in other a year and a half, why ? First I scan all Emails coming in and out of my computer and I update the Virus program weekly. Secoundly I do not Preview my Email in the Preview Pane, it is disabled, I right click the Email and go to Properties, then the Details Tab, then click the Message Source button, I cannot get infected by anything that way. If it looks questionable I delete it and never open it up. If someone I know sends me an Attachment, I Save it to the Desktop, right click on it and run a Virus Scan on it, before I open it. I also run a Virus Scan on the Computer once a month or if it is acting funny. The major reason folks get infected is because of openning Attachments to Emails, if you scan them with your Anti Virus program first, it will catch most Viruses and disable that Preview Pane, Viruses can be in HTML docs to. To find out how to do that go to the Computer Help Section and go to the Outlook Link. Happy Computing.
A Viruses is, a small program
I received a virus to other day and it made me realize how important it is to have your E-mail Virus Scan on and updated, in Norton SystemWorks you open Norton and go to, Options, to turn it on, here is a link to a picture of it. I received the W95.Hybris.gen Worm Virus. It came with another E-mail and was called Snow white and the seven dwarfs. Norton caught it before it did anything. Here is a link to Symantec Anti Virus Research Center for information on Viruses and Repaire Tools. There is a new service on line, tried it yesterday 3/7/02 with my sons Computer, it found three Viruses and it deleted them, it is called House Call by Trend Micro's, check it out !! Also check Symantics Online Virus Checker Virus Checker. This is about a Virus I got and what I had do to rid my Computer of it:
W95.Hybris.gen
When the worm attachment is executed, the WSOCK32.DLL file will be modified or replaced. This will give the worm the ability to attach itself to all outbound email. The email attachment will have a random name but the filename extension is either EXE or SCR).
The worm attempts to connect to the newsgroup alt.comp.virus. After it connects successfully, the worm uploads its own plug-ins in an encrypted form to this newsgroup. It goes thru the subject header of the messages, and tries to match a specific format. The subject header will also specify the version number of the attached plug-in if these plug-ins are indeed present. If a newer version of plug-ins is found, the worm downloads these modules and updates its behavior. For example, there are known modules that give the worm ability to infect compressed files like ZIP.
If WSOCK32.DLL is being used by the system, the worm will be unable to modify this file. Thus, in this situation, the worm will add a registry key to one of the following subtrees:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
It will always alternate between these two trees mentioned above as the worm spreads from one machine to another. The worm hooks on the following exports on WSOCK32.DLL: send(), recv(), connect(). Whenever a user sends out an email to a person, the worm will also send out another email to the same person attaching a copy of itself using a randomly generated filename.
Removal:
Use Norton AntiVirus to repair the infected WSOCK32.DLL. Other files detected as W95.Hybris contain only the virus body and must be deleted
Some people E-mailed me after they had scanned their system and thought they had fixed this virus, it wasn't fixed, because with some viruses you have to manually correct some files. If you noticed with the W32.Sircam.Worm below, you need to edit the registry after Norton fixes it. So, make sure you have your E-Mail AntiVirus scan on all the time and update it weekly, this is where you are most likely to get a virus now days. As you can see, your regular virus program can not always correct the problems the viruses create. Prevention is your best weapon, I only run the E-Mail scan and manually run a scan once every two weeks or so and I update, every Saturday morning. The reason I do not run my Virus program full time, is because it creates shut down problems, slows my Computer, interfers with my games and isn't really needed, IF, you scan downloads and scan your Emails. If the kides are on the Computer all the time, leave it on and set it to automatically download updates.
* This is an Email from a lady who Emailed me a virus and an Email after we fixed the problems Sally *
W32.Sircam.Worm@mm
I was infected by this Virus 7/20/01 I openned a .doc file attached to an Email. I did not know I was infected until Zone Alarm asked if the SIRC32.exe could connect to the Internet, I clicked NO and openned Norton AntiVirus, updated the Virus Definitions and ran a Scan, sure enough, it found it. Norton fixed it, but I could no longer get into any of my programs, I had to Edit the Registry through MS-DOS using regedit and Deleted some entries before the Virus and it's effects were totally fixed. Here is a link to Symantics Info and Repaire of this Virus W32.Sir
Downloading files from the Internet:
I recently downloaded a file from the Net and Scanned it with Norton Antivirus, before I opened it. It was infected with the js.Trojan Horse Worm. Norton took care of it, so I was not infected. But if I hadn't right clicked on the file and had Norton Scan it, I would have been infected. The Email Scan is a must, but always Scan downloaded files before you open them, save them in a special folder, I call mine downloads, then I open a new folder inside that folder for each file I download and keep those Virus Definitions Updated Weekly. Be carefull with some files you download, check the Extension on the file before you download it, let say you are downloading a .mpeg make sure it is great.mpeg if it is great.mpeg.vbs thats a virus, don't even download it, if it has an extra extension like .doc .vbs .scr .exe I would avoid it.
Sharing Disks
The other way to get a Virus is to add some files to your Computer from someone elses floppy disk. Before I install information from someone elses floppy disk I will again, right click on the A: drive and have my Antivirus program scan the files before I put them on my system.
www
|
|