Virus Warning
Archiver
Posts: 46,084
The virus Pretty Park has been spreading itself around. I found it on my
computer and you may have gotten it also.
I have bad news. What your computer sent me, without you knowing it, is a
trojan horse worm program. (It's similar to a virus, but "bigger" in that
it's a self-contained program.) When you ran the program, it infected your
system. Now it has mailed itself out to everyone in your e-mail address
book. Some of the recipients will run it, it will infect their computers,
and so on.
You're going to have to disinfect your system, and it wouldn't be a bad idea
to warn everyone in your address book about it. Hopefully, they can avoid
running the program. If they did run it, they need to know how to clean up
from it.
The easiest way to tell if you have been infected with Pretty Park is to
do a file search for: files32.vxd, if this file is on your computer you
have been infected.
Go to http://www.getvirushelp.com and download their free program to
remove Pretty Park.
Charlie
computer and you may have gotten it also.
I have bad news. What your computer sent me, without you knowing it, is a
trojan horse worm program. (It's similar to a virus, but "bigger" in that
it's a self-contained program.) When you ran the program, it infected your
system. Now it has mailed itself out to everyone in your e-mail address
book. Some of the recipients will run it, it will infect their computers,
and so on.
You're going to have to disinfect your system, and it wouldn't be a bad idea
to warn everyone in your address book about it. Hopefully, they can avoid
running the program. If they did run it, they need to know how to clean up
from it.
The easiest way to tell if you have been infected with Pretty Park is to
do a file search for: files32.vxd, if this file is on your computer you
have been infected.
Go to http://www.getvirushelp.com and download their free program to
remove Pretty Park.
Charlie
Comments
I did not open the attachment.
The message itself is empty.
Regards
ECO
From: "Berze P
ATTACHED FILE !!
Justin.
Original Message
From: ECO [noparse]/noparse]mailto:[url=http://forums.parallaxinc.com/group/basicstamps/post?postID=9DIbSe18ZIzAlhAG1m51ZPTNd77GTz6-E3BQOLmRe98P-VrAXKOs89LLMmyCTeB8Gr6XK02SLisv]ecourt@b...[/url
Sent: 21 December 2001 09:17
To: basicstamps@yahoogroups.com
Subject: [noparse][[/noparse]basicstamps] Virus Warning
Is the following message a virus ?
I did not open the attachment.
The message itself is empty.
Regards
ECO
From: "Berze P
>I did not open the attachment.
>The message itself is empty.
>Regards
>ECO
>
.....
>With an MP3 attachment.
>
Make sure that attachments don't have a double file extension,
like filename.mp3.exe. Windoze will hide the second extension
by default. Double click on what you think is an mp3 file, and
you launch the application: you're infected.
> >Is the following message a virus ?
> >I did not open the attachment.
> >The message itself is empty.
> >Regards
> >ECO
> >
>.....
> >With an MP3 attachment.
> >
>
>Make sure that attachments don't have a double file extension,
>like filename.mp3.exe. Windoze will hide the second extension
>by default. Double click on what you think is an mp3 file, and
>you launch the application: you're infected.
Windows can and *SHOULD* be configured to show all extensions. In WinMe
you would do that as follows. (I assume other Win versions would be similar.)
Click START | Settings | Control Panel | Folder Options
and there select the View tab. Look for the setting saying something like
"Hide extensions for known file types" and uncheck that setting. Now you
will see all extensions, so where you might have seen "CLICKME.MP3" before,
you now see "CLICKME.MP3.EXE" (or .SCR, or one of many other executables).
With proper Windows setup, a good virus scanner, and preferably a mail
client not made by Microsoft and not configured to render HTML or anything
containing scripts, pretty much the only way folks can "get you" is by
"social engineering" - tricking you into clicking on something the virus
scanner doesn't catch.
Jim H
I'm using win98. My Control Panel has no File Options, but there is a File
Option shown separately when I click on Start/Settings.
Sid
>For Jim H.
>
>I'm using win98. My Control Panel has no File Options, but there is a File
>Option shown separately when I click on Start/Settings.
Excellent. Between that and the info I gave, I'd guess 95% of folks have
the info they need to show all file extensions, if they choose to. Thanks!
Jim H
Original Message
From: <Newzed@a...>
To: <basicstamps@yahoogroups.com>
Sent: Friday, December 21, 2001 11:14 AM
Subject: Re: [noparse][[/noparse]basicstamps] Virus Warning
> For Jim H.
>
> I'm using win98. My Control Panel has no File Options, but there is a
File
> Option shown separately when I click on Start/Settings.
>
> Sid
>
> To UNSUBSCRIBE, just send mail to:
> basicstamps-unsubscribe@yahoogroups.com
> from the same email address that you subscribed. Text in the Subject and
Body of the message will be ignored.
>
>
> Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
>
read this before)
Keeping A Virus From Spreading Via Your Address Book
Thought this was worth passing on..hopefully it does work..especially
for those wthout virus protection..It is worth the try and can't hurt.
Here's a computer trick today that's very important and ingenious in its
simplicity.
As you may know, when/if a worm virus gets into your computer it
heads straight for your email address book and sends itself to everyone
in there, thus infecting all your friends and associates. This trick
won't keep the virus from getting into your computer, but it will stop
it from using your address book to spread further, and it will alert you
to the fact that the worm attacked your system.
Here's what you do: first, open your address book and click on "new
contact" just as you would do if you were adding a new friend to your
list of email addresses. In the window where you would type your
friend's
first name, type in !000 (that's an exclamation mark followed by 3
zeros).
In the window below where it prompts you to enter the new email
address, type in "WormAlert," which of course, isn't a real email
address.
Then complete everything by clicking add, enter, ok, etc.
Now, here's what you've done and why it works: the "name" !000 will be
placed at the top of your address book as entry #1. This will be where
the worm will start in an effort to send itself to all your friends. But
when it tries to send itself to !000, it will be undeliverable because
of the phony email address you entered (WormAlert). If the first attempt
fails (which it will because of the phony address), the worm goes no
further and your contacts will not be infected.
Here's the second great advantage of this method: if an email cannot
be delivered, you will be notified of this in your Inbox almost
immediately. Hence, if you ever get an email telling you that an email
addressed to WormAlert could not be delivered, you know right away that
you have the
worm virus in your system. You can then take steps to get rid of it!
Thought this was worthwhile since cyber terrorism may be on the rise...
please pass it on.
_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com