W32.Netsky.P@mm

For the last couple weeks I have been getting a couple messages a day from
NIS telling me that a file is infected on my computer. It deletes it every
time. It seems to happen when I get my mail. Should I be worried? The
files in question are named something like cc42.tmp. Im using winxp with
service pack 2, OE 6.00, and NIS2005. I suspect it is 'just' someone
sending me virus spam which is then blocked by norton, but I worry because
this only just started the last few weeks. Should I be worried, and is
there a way to stop it?

In news: Adam Russell typed:
> For the last couple weeks I have been getting a couple messages a day
> from NIS telling me that a file is infected on my computer. It
> deletes it every time. It seems to happen when I get my mail.
> Should I be worried?

No as long as NIS is blocking it.

> The files in question are named something like
> cc42.tmp. Im using winxp with service pack 2, OE 6.00, and NIS2005.
> I suspect it is 'just' someone sending me virus spam which is then
> blocked by norton, but I worry because this only just started the
> last few weeks. Should I be worried, and is there a way to stop it?

Adam, the only way to stop it is to report the IP address of the infected PC
to the ISP that the virus is sent from.

You will have to learn how to read email headers and learn how to decode
where the virus came from.

Helpful tools are SamSpade and emailabuse.org:
http://www.samspade.org/t/
http://www.emailabuse.org/

Adam Russell wrote:
> For the last couple weeks I have been getting a couple messages a day from
> NIS telling me that a file is infected on my computer. It deletes it every
> time. It seems to happen when I get my mail. Should I be worried? The
> files in question are named something like cc42.tmp. Im using winxp with
> service pack 2, OE 6.00, and NIS2005. I suspect it is 'just' someone
> sending me virus spam which is then blocked by norton, but I worry because
> this only just started the last few weeks. Should I be worried, and is
> there a way to stop it?
>
>

Start using Firefox for your browser and Thunderbird for your e-mail.
Here is a quote from Panda-
"Netsky.P is automatically activated when the e-mail message is viewed
through Outlook's Preview Pane. It does this by exploiting a
vulnerability in Internet Explorer, which allows e-mail attachments to
be automatically run. This vulnerability exploit is known as
Exploit/iFrame."
-max
--
Virus Removal Instructions: http://home.neo.rr.com/manna4u/
You can find my e-mail address on my pages.

What's in a name?,

Since the OP is using IE version 6.x, the issue you discuss is not
applicable. The following is quoted from the text available at;

http://www.microsoft.com/technet/se...n/MS01-020.mspx

(Begin Quote)
Microsoft Security Bulletin (MS01-020)
Incorrect MIME Header Can Cause IE to Execute E-mail Attachment
Does this vulnerability affect IE 6?
No. You can eliminate the vulnerability by upgrading to IE 6. However, if
you are running Windows 95, 98, 98SE or ME, you should be aware that you
will need to install IE 6 in a certain way. Specifically, you will need to
choose either the Full Install or Typical Install option. (The default
installation type is Typical Install). If you choose Minimal Install or
Custom Install, the files containing the vulnerability might not be
upgraded, and your system could remain vulnerable.
Customers running Windows NT 4.0, Windows 2000, or Windows XP do not need to
concern themselves with this contingency, as IE 6 does not provide either a
Minimal or Custom Install option when installing on these systems. Any
upgrade to IE 6 on one of these systems would fully eliminate the
vulnerability. More information on this is available in Knowledge Base
article Q308411.
(End Quote)

--
Sir_George


"What's in a Name?" <spamthis@nomail.afraid.org> wrote in message
news:AcNqe.23513$iu.18477@tornado.ohiordc.rr.com...
> Adam Russell wrote:
>> For the last couple weeks I have been getting a couple messages a day
>> from
>> NIS telling me that a file is infected on my computer. It deletes it
>> every
>> time. It seems to happen when I get my mail. Should I be worried? The
>> files in question are named something like cc42.tmp. Im using winxp with
>> service pack 2, OE 6.00, and NIS2005. I suspect it is 'just' someone
>> sending me virus spam which is then blocked by norton, but I worry
>> because
>> this only just started the last few weeks. Should I be worried, and is
>> there a way to stop it?
>
> Start using Firefox for your browser and Thunderbird for your e-mail.
> Here is a quote from Panda-
> "Netsky.P is automatically activated when the e-mail message is viewed
> through Outlook's Preview Pane. It does this by exploiting a vulnerability
> in Internet Explorer, which allows e-mail attachments to be automatically
> run. This vulnerability exploit is known as Exploit/iFrame."
> -max
> --
> Virus Removal Instructions: http://home.neo.rr.com/manna4u/
> You can find my e-mail address on my pages.

Sir_George wrote:
> What's in a name?,
>
> Since the OP is using IE version 6.x, the issue you discuss is not
> applicable.

That still doesn't change the fact that the OP would be safer using
another browser(Firefox) and e-mail client(Thunderbird).
-max
--
Virus Removal Instructions: http://home.neo.rr.com/manna4u/
You can find my e-mail address on my pages.