NOTICE: Check your a/v?

[news.rcn.com]

Two viruses found their way into my a/v protected computer this morning or
yesterday despite my running AVG and Spybot immunisation etc

Luckily AVG found them and claims to have neutralised at least one on its
scan this morning (test results says it deleted both AND mentions a third,
also in the _restore position which it moved to the vault) so hopefully
there will have been no damage done but I thought I should let people know

IRC/BackDoor.flood and Win32.Parite

I wonder if one of these is responsible for my receiving a flood of junk
email which Outlook sends straight to my deleted items bin recently? I
wonder if my computer was being used as an e-mail client to flood the
internet with these?

 

[David H. Lipman]

From: "news.rcn.com" <news.rnc.com>

| Two viruses found their way into my a/v protected computer this morning or
| yesterday despite my running AVG and Spybot immunisation etc
|
| Luckily AVG found them and claims to have neutralised at least one on its
| scan this morning (test results says it deleted both AND mentions a third,
| also in the _restore position which it moved to the vault) so hopefully
| there will have been no damage done but I thought I should let people know
|
| IRC/BackDoor.flood and Win32.Parite
|
| I wonder if one of these is responsible for my receiving a flood of junk
| email which Outlook sends straight to my deleted items bin recently? I
| wonder if my computer was being used as an e-mail client to flood the
| internet with these?
|

Chances are that you downloaded the IRC Trojan that was infected by the Parite virus.

I have seen IRC Trojans infected infected with the Parite before and I even mentioned it in
this News Group within the last fortnite.

 

[news.rcn.com]

From: "news.rcn.com" <news.rnc.com>

| Two viruses found their way into my a/v protected computer this morning
or
| yesterday despite my running AVG and Spybot immunisation etc
|
| Luckily AVG found them and claims to have neutralised at least one on
its
| scan this morning (test results says it deleted both AND mentions a
third,
| also in the _restore position which it moved to the vault) so hopefully
| there will have been no damage done but I thought I should let people
know
|
| IRC/BackDoor.flood and Win32.Parite
|
| I wonder if one of these is responsible for my receiving a flood of junk
| email which Outlook sends straight to my deleted items bin recently? I
| wonder if my computer was being used as an e-mail client to flood the
| internet with these?
|

Chances are that you downloaded the IRC Trojan that was infected by the
Parite virus.

I hate to admit it, and under different circumstances I wouldn't but in the
last fortnight I have received some suspicious looking Postcards which I
just downloaded to my desktop and ran a.v scan on. I was suspicious as it
was an .exe file. I thought that a real postcard should be a URL. They
reported them as being infected so I deleted them immediately and deleted
them from my recycle bin. One came in again (a different one) so I thought
that it was probably safe INSTEAD to go to the site to see if it was bona
fide, on the basis that if it wasn't my SpybotS&D would immunise me from the
DNS?

 

[David H. Lipman]

From: "news.rcn.com" <news.rnc.com>


|
| I hate to admit it, and under different circumstances I wouldn't but in the
| last fortnight I have received some suspicious looking Postcards which I
| just downloaded to my desktop and ran a.v scan on. I was suspicious as it
| was an .exe file. I thought that a real postcard should be a URL. They
| reported them as being infected so I deleted them immediately and deleted
| them from my recycle bin. One came in again (a different one) so I thought
| that it was probably safe INSTEAD to go to the site to see if it was bona
| fide, on the basis that if it wasn't my SpybotS&D would immunise me from the
| DNS?

BINGO ! That's it !

It was a psuedo greeting Card in a SFX EXE file.

I don't understand this question... "...my SpybotS&D would immunise me from the DNS? "

 

[news.rcn.com]

BINGO ! That's it !
I thought so but I am baffled that one can infect a computer simply by
extracting an exe file from an email message: I thought that this was an
urban myth and that you had to run the exe file to self-infect. I think
the urban myth was that you can selfiinfect by putting your cursor above the
infected e-mail.

It was a psuedo greeting Card in a SFX EXE file.

I don't understand this question... "...my SpybotS&D would immunise me
from the DNS? "

What exactly does immunisation do? I thought it blocked access to
potentially dangerous URLs?

 

[Beauregard T. Shagnasty]

From: "news.rcn.com" <news.rnc.com>
| .. I have received some suspicious looking Postcards ..

BINGO ! That's it !

It was a psuedo greeting Card in a SFX EXE file.

On those rare times when I receive a "postcard" or a "greeting card"
notice, I will write back to the sending person and request they stop
having them sent to me. If there is a file instead of a link, it goes
directly to the bit bucket. And I never visit the link either.

There was a time (maybe still is) when some of the greeting card sites
were email address harvesters for spammers. They would sell both the
sender's and the recipient's address.

 

[David H. Lipman]

| I thought so but I am baffled that one can infect a computer simply by
| extracting an exe file from an email message: I thought that this was an
| urban myth and that you had to run the exe file to self-infect. I think
| the urban myth was that you can selfiinfect by putting your cursor above the
| infected e-mail.


I don't know what actions were taken nor if vulnerabilities were exploited but apparently
the EXE file was executed and you were hit by the payload.


| What exactly does immunisation do? I thought it blocked access to
| potentially dangerous URLs?


The DLL in SpyBot S&D only blocks IE from known sites and is ONLY for IE.

 

[Heather]

On those rare times when I receive a "postcard" or a "greeting card"
notice, I will write back to the sending person and request they stop
having them sent to me. If there is a file instead of a link, it goes
directly to the bit bucket. And I never visit the link either.

Well.....there goes your Xmas present!! And I was including a cheque
too.....LOL!!

So I will just wish you a Merry Christmas right now and forget sending
the card!!

XX Figgs

 

[news.rcn.com]

| I thought so but I am baffled that one can infect a computer simply by
| extracting an exe file from an email message: I thought that this was an
| urban myth and that you had to run the exe file to self-infect. I
think
| the urban myth was that you can selfiinfect by putting your cursor above
the
| infected e-mail.


I don't know what actions were taken nor if vulnerabilities were exploited
but apparently
the EXE file was executed and you were hit by the payload.



| What exactly does immunisation do? I thought it blocked access to
| potentially dangerous URLs?


The DLL in SpyBot S&D only blocks IE from known sites and is ONLY for IE.

I thought that this immunisation was what TeaTimer was for? I almost never
use IE. FF is so much better nowadays?

 

[David H. Lipman]

From: "news.rcn.com" <news.rnc.com>


| I thought that this immunisation was what TeaTimer was for? I almost never
| use IE. FF is so much better nowadays?


To get specific information, I suggest posting a query in the SpyBot Forums.
http://forums.spybot.info/

 

[Beauregard T. Shagnasty]

Well.....there goes your Xmas present!! And I was including a cheque
too.....LOL!!

So I will just wish you a Merry Christmas right now and forget
sending the card!!

XX Figgs

Well hey! Merry Christmas to you too, Figgs. If I give you a snailmail
address, will you still send the cheque?

 

[Heather]

Well hey! Merry Christmas to you too, Figgs. If I give you a
snailmail
address, will you still send the cheque?

Shoot, won't the card do? Besides, our dollar isn't worth all that much
in Yankee Land.

XX Figgs