| |
| CWNET
COMPUTER VIRUS & SECURITY CENTER. |
 |
Alert! Spywares interferes with Microsoft patch!
Read the link above then download the programs to remove spywares below:
http://www.lavasoftusa.com/software/adaware/
http://www.safer-networking.org/en/mirrors/index.html
Currrent threat.
(Click the link below to get more info and virus removal tool)
What is computer virus?
Malignant software that attempts to affect your computer without your
permission. Viruses do not spontaneously generate; they are written by
someone for a specific purpose. Many false warnings, or virus hoaxes,
circulate on the Internet.
What is anti-virus software?
A program that scans your computer for known computer viruses.
It will fix and remove the virus. The software needs to be updated regularly
in order to protect your system from the new viruses being discovered
every day.
What is a firewall?
An Internet firewall can help prevent outsiders (hackers,worms,etc)
from getting to your computer through the Internet. Firewalls come in
two forms, software or hardware, and they provide a protective boundary
that helps screen out unwanted Internet invaders.
Why
Do I Need a Firewall?
A firewall can screen for malicious Internet traffic such as hackers,
worms, and certain types of viruses before they can cause problems on
your system. In addition, firewalls can help keep your computer from participating
in attacks on others without your knowledge. Using a firewall is especially
important if you are always connected to the Internet, such as when you
have a broadband cable or digital subscriber line (DSL or ADSL) connection.
Click here to get your firewall.
Notice: Computer virus is in no way affiliated with CWNet or any CWNet
services. While we will do our best to assist you, this is ultimately
a end-user problem and is not supported by CWNet. We will provide links
and vital information but may not be able to walk you through the complete
removal of this virus. If you don't have anti-virus software installed
on your PC, buy it and install it now! Click
here for a list of top rated anti-virus softwares review.
Download Virus Removal Tool: http://securityresponse.symantec.com/avcenter/tools.list.html
Previous threat, Sobig / MSBlast virus:
Sobig
Yet another member of the Sobig virus family is loose. Sobig.f
(w32.sobig.f@mm) spreads via e-mail and shared network files and could
slow e-mail servers with excessive traffic. Like its siblings, Sobig.f
has a built-in termination date, September 10, 2003, and can attempt to
retrieve, download, and finally execute a Trojan to steal credit card
numbers and other personal account information.
Tthe purpose of getting Sobig
onto the computer is not to cause damage or purely to drive wide and rapid
spread, but to gain control of machine, by downloading a Trojan and gain
access to information such as bank details for the purpose of fraud. Such
tactics effectively hand control of the machine over to the virus writer.
It will also enable unscrupulous
marketers to disguise the source of spam by abusing victim's computers
and identities.
With teleworking on the increase,
and home security often less watertight than security within an organization’s
own four walls, companies are warned to be aware that home users can represent
their "Achilles heel".
How it works
Sobig.f arrives as an e-mail with the following characteristics:
The From and To addresses are
collected from infected PCs, from files ending with the extensions .dbx,
.eml, .htm, .html, .txt, and .wab.
The Sobig.f subject line reads:
- Re: Details
- Re: Approved
- Re: Re: My details
- Re: Thank you!
- Re: That movie
- Re: Wicked screensaver
- Re: Your application
- Thank you!
- Your details
Its body text reads:
- See the attached file for
details
- Please see the attached
file for details.
The file attached to Sobig.f
is:
- application.pif
- details.pif
- document_9446.pif
- document_all.pif
- movie0045.pif
- thank_you.pif
- your_details.pif
- your_document.pif
- wicked_scr.scr
When executed, the worm will
add the following to the system registry:
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrayX" = %windir%\winppr32.exe /sinc
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TrayX" = %windir%\winppr32.exe
/sinc
Prevention
In general, do not open e-mail attachments without first saving them to
hard disk and scanning them with updated antivirus software. If you do
not have automatic antivirus signature file updates, contact your antivirus
vendor to obtain the most-current antivirus signature files that include
Sobig.f.
Removal
Most antivirus-software companies have updated their signature files to
include this worm. The updates will stop the infection upon contact and,
in some cases, will remove an active infection from your system. For more
information, see Central Command, Computer
Associates, F-Secure, McAfee, MessageLabs,
Norman, Panda, Sophos, Symantec, and Trend Micro.
MSBlast
MSBlast (alias Lovsan, Blaster, and Posa) is an Internet worm
that takes advantage of the Distributed Component Object Model (DCOM)
Remote Procedure Call (RPC) interface buffer overflow flaw. Although Microsoft
issued a patch on July 17, 2003, many people have yet to patch their systems.
Ironically, the worm threatens to shut down the windowsupdate.com site,
the source of Microsoft security patches. Because MSBlast is spreading
quickly via the Internet and could shut down infected machines, this worm
rates a 7 on the CNET Virus Meter.
How it works MSBlast does not spread via e-mail. Instead, it scans the
Internet on port 135 looking for vulnerable computers. When it finds one,
it attempts to exploit the DCOM RPC buffer overflow, create a remote root
shell on TCP port 4444, then use FTP to download a file called msblast.exe
onto the infected computer.
MSBlast contains a denial-of-service (DoS) attack aimed at Microsoft's
windowsupdate.com. The attack will start on August 15 and continues throughout
the end of the year. MSBlast updates the system Registry with the following
line so that it will run each time the computer is rebooted.
Hkey_local_machine\software\Microsoft\Windows\CurrentVersion\ Run "windows
auto update" = msblast.exe I just want to say LOVE YOU SAN!! Bill
Prevention
The best prevention is to install the patch from Microsoft. Users who
have not yet patched
their Windows 2000, NT, and XP systems should do so.
Removal
A few antivirus software companies have updated their signature files
to include this worm. This will stop the infection upon contact and in
some cases will remove an active infection from your system. For more
information, see Central Command, F-Secure, McAfee, Symantec, and Trend Micro.
Get your firewall.
A firewall is built into Microsoft
Windows® XP. Click
here to get instructions on how to install your firewall with Windows®
XP. If you have a
computer with an earlier version of Windows, and it is connected directly
to the Internet, you should purchase a firewall and use it. Check below
for Firewall Software reviews, the link will bring you to a list of top
firewall softwares. Buy one and install it for peace of mind.
Anti-Virus and Firewall Software Reviews
Cnet - Antivirus software reviews
Firewall
Guide - Firewall software reviews
CNet - Firewall software reviews
Additional
Links
Go
here for the latest update on virus activity and removal process.
CNET Virus Alert Center.
Symantec Security Response
McAfee Security
CA Virus Information Center
|
