Also known as Romeo & Juliet or Verona, the BleBla virus is the first to target several Outlook HTML mail vulnerabilities to enable a virus that launches its payload .exe attachment automatically when the user opens the message
I downloaded the trial McAfee and it told me the same thing basically. It's low-risk, NYB, and the way to get rid of it is re-boot using the disk included. I didn't get a disk included, I downloaded it. So if I go buy software, do I get a disk? Does it matter if I had WIN 98 that I upgraded to WIN ME?
Also, the way you get it is from booting off an infected disk. WTF ? I didn't do that.
Is Norton still the thing to get?
I tried booting off my WIN 98 restore CD (bootable CD), but my choices didn't seem appropriate. My memory is at 74% after booting. I can do anything I want, so at least it's not vicious, (YET?)
Collecting obsolete tape drives used to be an eccentric hobby. But now that corporate lawsuits can hinge on unearthing ancient digital data, stocking up on funky hardware is good business.
I guess I have to fork out some cash. They all want the 'included boot disk.'
I was able to create a boot disk from the Add-Remove programs area. It boots up in a:\ and I have no idea how to start the virus software from that. I think that's what they want me to do.
I bought a new computer today with Windows XP. Not taking it out of the box 'til I get rid of that pest, tho.
There was a really good web site that had downloads of old software. Wish I could remember what it was called. I lost all my bookmarks a week or so ago when I had to recover my hard drive.
well, ian, i'm determining right now if the product i work on at work is as good as our customers say it is. i've got 2 days worth of backups to attempt to restore, and i should be good to go. provided i didn't back up any system files that were corrupt.
I was infected with a "Backdoor Trojan" and a "Downloader Trojan" the other day. I think my daughter did it and I had a good long talk to her about virus's and not to be downloading ANYTHING without first asking me.
ian, its what my server is running right now (and, as my restore from tape is still in progress, the machine i'm sending this from). of course, it is a unix variant, and is thus much less friendly than windows.
but, its stable as hell. except for power failures, which the ups gracefully took care of, and linux kernel upgrades, and hardware changes, the machine's been running constantly for a couple of years now. and i literally mean just that 24x7 during that time. though i will have to pull the machine down here in a few more weeks to replace the ups thats on it with a higher capacity unit.
where the System Anti-Virus Administrator can further diagnose it.
The Email scanner reported the following when it scanned that message:
---
---uvscan results --- /var/spool/qmailscan/spot.yknet.yk.ca10197477703761405/strict.scr         Found the W32/Klez.h@MM virus !!! /var/spool/qmailscan/working/new/spot.yknet.yk.ca10197477703761405         Found the W32/Klez.eml virus !!!
looking at the email message i got back, i don't even think that was me sending the message. i don't send outgoing mail through visi's servers, which was where that mail originated from.
btw: I think it auto sent the message from your visi account. One of those worms that reads your addy's and autosends itself to people in your address book.
thx, i know. weird thing is, i use pine when logged in to my visi account, a unix program which has no "back doors" so to speak of like outlook does, so its not coming from there. and at home, its going through the mail server i run there (which is at the moment, in light of the current situation, shut down). i've also just got 2 bounce messages to people not even in my address book. weird.
bill, i make a habit out of deleting such messages as they arrive. without reading them. they waste my time.
I got hit by a worm a few years back. The e-mail addy it supposedly was sent from was from an ISP I no longer used and the addy didn't even exist anymore. The reason I knew I had the virus was because it sent itself from my old address to a couple of my other addresses.
btw: I believe those worms can read an e-mail address from anywhere in your computer such as those cc'd in an e-mail itself or a web page you've visited that's still in memory.
i just hunted down log entries from visi. turns out the email wasn't coming from my machines themselves, but rather from my brother's roommate's computer. that problem will be fixed. access terminated until the system is clean!
The first (?) Compaq- a computer in a suitcase. It has two 5-1/4" drives. I think it needs a boot disk which was not included. Anyone know where I can find one?
I had that happen once and managed to get the long rectangle piece of cover plastic off the front which allowed me enough space to knife the CD into position so it could open again. Then I just popped the plastic cover back on.
I have a computer up north here with windows 98. It's the one that ended up getting reformatted with the restore disk a couple weeks ago.
It seems to be working okay with one exception.
Now about half the websites I visit, I get error messages that give the choice to either ignore or close. The ignore option doesn't work. I have tried this with both IE - my browser of choice - and Netscape. The errors occur in the same places...and without fail.
I have cleared history and cookies and still the same sites give me consistent error messages. It's annoying to say the least. I'm ready to order me a new machine - once I get south again and can get deeper into the Dell site.
that's really, really weird, terry. i've got one idea, but its a long shot. pf here doesn't use javascript in
<script> tags. wx does. i also use them in my web site. click the link and see if it happens when you go there. also, what specifically is the error that's showing up?
An error has occurred in your program. To keep working anyway, click Ignore and save your work in a new file. To quit this program click close. You will lose information you entered since your last save.
The Ignore doesn't work. After clicking on close (the only other option) I get this message:
This program has performed an illegal operation and will shut down.
The details for that error is this...and it's consistent in IE: IEXPLORE caused a general protection fault in module GDI.EXE at 0005:000001dc. Registers: EAX=000082d9 CS=052f EIP=000001dc EFLGS=00000246 EBX=00000058 SS=12d7 ESP=00006052 EBP=0000607e ECX=00000001 DS=6346 ESI=00000792 FS=6316 EDX=000000b0 ES=678f EDI=00000000 GS=1836 Bytes at CS:EIP: 67 8b 04 46 26 89 05 66 83 c2 02 83 c7 02 49 7f Stack dump: 54be1836 17fb0000 00000000 00000000 00ff000a 0000001f 00000000 00006316 0100ff1f 14360000 00000000 027460a0 678f0000 00580058 00000792 25a06346
I get similar errors with AIM and got the same message earlier when I tried to copy the error messages into a word document to compare them. The details of those errors are different, but the initial error messages have been the same.
Sometimes I get those messages when first entering or attempting to enter a web site. Other times it's after I get into them a bit. For example, world crossing sometimes lets me log in - other times I can't do that...but I can't get beyond that.
On the Dell website earlier, I got into wanting to select a particular computer and then got the error. It happens in both browsers in the same places.
ahh. one of thoseerrors. and 98 doesn't even give you the opportunity to get a dr. watson log to find out what dll is causing the problem either. or if it does, i don't know how to get it to.
an aside:you've got an aim screen name? looks like i need to add yet another to my buddy list. ian, you too. i know you tried to im me once upon a time.
I have an AIM name - but I can't open AIM here without one of those errors popping up. I don't have your AIM name either.
Ian uses more than one. I have one that's current and a couple that I don't use anymore. Once we get south again on Monday, I'll have to email my AIM name to you.
ian, boot sector virii are always interesting beasts. short of the advice already given, i don't have anything else to give to ya.
What Bill said, plus don't you or your son open any attachments you aren't expecting to get.
plus don't you or your son open any attachments you aren't expecting to get.
I learned that the hard way! :-)
If you use MS Outlook you don't even have to open the attachment.
Here's one quick example. I don't use Outlook so I never concerned myself with the issue too much.
http://www.slipstick.com/problems/virus.htm
Also known as Romeo & Juliet or Verona, the BleBla virus is the first to target several Outlook HTML mail vulnerabilities to enable a virus that launches its payload .exe attachment automatically when the user opens the message
Well, that sucks
I downloaded the trial McAfee and it told me the same thing basically. It's low-risk, NYB, and the way to get rid of it is re-boot using the disk included. I didn't get a disk included, I downloaded it. So if I go buy software, do I get a disk? Does it matter if I had WIN 98 that I upgraded to WIN ME?
Also, the way you get it is from booting off an infected disk. WTF ? I didn't do that.
Is Norton still the thing to get?
I tried booting off my WIN 98 restore CD (bootable CD), but my choices didn't seem appropriate. My memory is at 74% after booting. I can do anything I want, so at least it's not vicious, (YET?)
... and now my CD-ROM and CD burner aren't working ...
System Properties: Device Manager
Primary IDE controller (dual fifo)
Secondary IDE controller (dual fifo)
This device is either not present, not working properly, or does not have all the driver installed. (code 10)
http://www.salon.com/tech/feature/2002/04/22/computer_forensics/index.html
Collecting obsolete tape drives used to be an eccentric hobby. But now that corporate lawsuits can hinge on unearthing ancient digital data, stocking up on funky hardware is good business.
OK, so I downloaded Norton...
I guess I have to fork out some cash. They all want the 'included boot disk.'
I was able to create a boot disk from the Add-Remove programs area. It boots up in a:\ and I have no idea how to start the virus software from that. I think that's what they want me to do.
I bought a new computer today with Windows XP. Not taking it out of the box 'til I get rid of that pest, tho.
So now I've got PC's with:
If I could just find that elusive WIN 1.0 !
Windows 1.0
There was a really good web site that had downloads of old software. Wish I could remember what it was called. I lost all my bookmarks a week or so ago when I had to recover my hard drive.
Anyway, I'll keep a look out for ya.
Ha !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
The following viruses have been exterminated:
"...I get by, with a little help from my friends"
Thanks, Ares
(Good Luck with YOURproblem)
well, ian, i'm determining right now if the product i work on at work is as good as our customers say it is. i've got 2 days worth of backups to attempt to restore, and i should be good to go. provided i didn't back up any system files that were corrupt.
I was infected with a "Backdoor Trojan" and a "Downloader Trojan" the other day. I think my daughter did it and I had a good long talk to her about virus's and not to be downloading ANYTHING without first asking me.
"Backdoor Trojan"
I didn't know the product was so specialized.
Good one Jethro!
I didn't know the product was so specialized.
ba-da-ba!
Eeeeewww!
LOL!
http://www.debian.org
I haven't checked this out, but it's a free operating system for 386's ??
I find that stuff cool as hell. I just don't have the time to play around which is probably good cuz otherwise I'd be attached to a keyboard 24/7.
ian, its what my server is running right now (and, as my restore from tape is still in progress, the machine i'm sending this from). of course, it is a unix variant, and is thus much less friendly than windows.
but, its stable as hell. except for power failures, which the ups gracefully took care of, and linux kernel upgrades, and hardware changes, the machine's been running constantly for a couple of years now. and i literally mean just that 24x7 during that time. though i will have to pull the machine down here in a few more weeks to replace the ups thats on it with a higher capacity unit.
isn't this nice? and mcafee did a nice job showing a couple of infected files on my computer this morning!!!
Return-Path:
<>
Received: from spot.yknet.yk.ca (spot.yknet.yk.ca [199.247.146.3]) by bran.mc.mpls.visi.com (Postfix) with SMTP id 9C6F04A39 for
<jdm@visi.com>; Thu, 25 Apr 2002 10:16:11 -0500 (CDT)
Received: (qmail 1417 invoked by uid 3926); 25 Apr 2002 15:16:11 -0000
Date: 25 Apr 2002 15:16:11 -0000
Message-Id:
<20020425151611.1416.qmail@spot.yknet.yk.ca>
From: "System Anti-Virus Administrator"
<virusalert@yknet.yk.ca>
To: jdm@visi.com
Subject: Virus found in sent message "Your password"
X-Tnz-Problem-Type: 40
Mime-Version: 1.0
Content-Type: text/plain
--------------------------------------------------------------------------------
Attention: dbparkhill
<dbparkhill@aol.com>.
A Virus was found in an Email message you sent.
This Email scanner intercepted it and stopped the entire message
reaching it's destination.
The Virus was reported to be:
the W32/Klez.h@MM virus !!!
Please update your virus scanner or contact your I.T support
personnel as soon as possible as you have a virus on your system.
Your message was sent with the following envelope:
MAIL FROM: jdm@visi.com
RCPT TO: twister@yknet.yk.ca
... and with the following headers:
From: dbparkhill
<dbparkhill@aol.com>
To: twister@yknet.yk.ca
Subject: Your password
Message-ID:
<20020425151559.47D758250@conn.mc.mpls.visi.com>
Date: Thu, 25 Apr 2002 10:15:59 -0500 (CDT)
The original message is kept in:
spot.yknet.yk.ca:/var/spool/qmailscan/quarantine
where the System Anti-Virus Administrator can further diagnose it.
The Email scanner reported the following when it scanned that message:
---
---uvscan results ---
/var/spool/qmailscan/spot.yknet.yk.ca10197477703761405/strict.scr
        Found the W32/Klez.h@MM virus !!!
/var/spool/qmailscan/working/new/spot.yknet.yk.ca10197477703761405
        Found the W32/Klez.eml virus !!!
---
Man, what the hell makes someone want to infect someone's computer with a virus?
3 words, and we've had this discussion before: because they can.
what's worse is that i don't even know if i'm really infected. arrrgggh. gonna have to scan the whole damn system now.
3 words, and we've had this discussion before: because they can.
Sorry, that don't work in this instance. I find it psychopathic to want to do damage to someone you don't even know.
ok. because they can and they're psychopathic.
looking at the email message i got back, i don't even think that was me sending the message. i don't send outgoing mail through visi's servers, which was where that mail originated from.
Wasn't the message saying the virus was found in a message TO you?
nope. MAIL FROM: jdm@visi.com
it was at least originated with my FROM address. but from a machine inside visi's core network.
btw: I think it auto sent the message from your visi account. One of those worms that reads your addy's and autosends itself to people in your address book.
Just guessin'.
thx, i know. weird thing is, i use pine when logged in to my visi account, a unix program which has no "back doors" so to speak of like outlook does, so its not coming from there. and at home, its going through the mail server i run there (which is at the moment, in light of the current situation, shut down). i've also just got 2 bounce messages to people not even in my address book. weird.
bill, i make a habit out of deleting such messages as they arrive. without reading them. they waste my time.
I dunno Ares.
I got hit by a worm a few years back. The e-mail addy it supposedly was sent from was from an ISP I no longer used and the addy didn't even exist anymore. The reason I knew I had the virus was because it sent itself from my old address to a couple of my other addresses.
btw: I believe those worms can read an e-mail address from anywhere in your computer such as those cc'd in an e-mail itself or a web page you've visited that's still in memory.
i just hunted down log entries from visi. turns out the email wasn't coming from my machines themselves, but rather from my brother's roommate's computer. that problem will be fixed. access terminated until the system is clean!
The first (?) Compaq- a computer in a suitcase. It has two 5-1/4" drives. I think it needs a boot disk which was not included. Anyone know where I can find one?
i haven't seen one of those in a decade, ian. starting a museum there? :)
i haven't seen one of those in a decade, ian. starting a museum there? :)
My wife calls it a junkyard...
Does it want to open but is stuck from the CD?
I had that happen once and managed to get the long rectangle piece of cover plastic off the front which allowed me enough space to knife the CD into position so it could open again. Then I just popped the plastic cover back on.
Hey, what happened to the stuck CD?
one man's junkyard is another's museum.
I decided to try the eject, and he must have gotten it out this morning. We messed around for an hour last night.
It just disappeared on me is all.
:-)
actually, most cd drives have a hole that you can stick an elongated paper clip in to eject a stuck disc.
Yeah, that didn't work for me though.
There's too much crap loaded on here. I'd forgotten how much 'remodeling' I had to do when I got my last computer.
...and I have to set up all my Favorites, transfer graphics, setup Outlook, etc.
eff it, I'm going to bed. NITOL
Ian, are you saying browsing the web seems faster or just your programs are faster?
My new computer came with 128k, and I'm going to add the one I took out to the new one-256k
I guess I meant that browsing the web seems faster, but I'm also using IE 6.0 now-I don't know if that makes a difference.
If I asked my wife about it, she'd say it's because the computer is new, and I haven't had time to f*ck it up.
actually, the one thing i noticed after initially installing xp on my machine was that it really did boot a lot faster than win2k did.
For all the techies around here....
I have a computer up north here with windows 98. It's the one that ended up getting reformatted with the restore disk a couple weeks ago.
It seems to be working okay with one exception.
Now about half the websites I visit, I get error messages that give the choice to either ignore or close. The ignore option doesn't work. I have tried this with both IE - my browser of choice - and Netscape. The errors occur in the same places...and without fail.
I have cleared history and cookies and still the same sites give me consistent error messages. It's annoying to say the least. I'm ready to order me a new machine - once I get south again and can get deeper into the Dell site.
Any other suggestions?
that's really, really weird, terry. i've got one idea, but its a long shot. pf here doesn't use javascript in
<script> tags. wx does. i also use them in my web site. click the link and see if it happens when you go there. also, what specifically is the error that's showing up?
No problem with your website.
The error message that shows up is this:
IExplore
An error has occurred in your program. To keep working anyway, click Ignore and save your work in a new file. To quit this program click close. You will lose information you entered since your last save.
The Ignore doesn't work. After clicking on close (the only other option) I get this message:
This program has performed an illegal operation and will shut down.
The details for that error is this...and it's consistent in IE:
IEXPLORE caused a general protection fault
in module GDI.EXE at 0005:000001dc.
Registers:
EAX=000082d9 CS=052f EIP=000001dc EFLGS=00000246
EBX=00000058 SS=12d7 ESP=00006052 EBP=0000607e
ECX=00000001 DS=6346 ESI=00000792 FS=6316
EDX=000000b0 ES=678f EDI=00000000 GS=1836
Bytes at CS:EIP:
67 8b 04 46 26 89 05 66 83 c2 02 83 c7 02 49 7f
Stack dump:
54be1836 17fb0000 00000000 00000000 00ff000a 0000001f 00000000 00006316 0100ff1f 14360000 00000000 027460a0 678f0000 00580058 00000792 25a06346
I get similar errors with AIM and got the same message earlier when I tried to copy the error messages into a word document to compare them. The details of those errors are different, but the initial error messages have been the same.
Sometimes I get those messages when first entering or attempting to enter a web site. Other times it's after I get into them a bit. For example, world crossing sometimes lets me log in - other times I can't do that...but I can't get beyond that.
On the Dell website earlier, I got into wanting to select a particular computer and then got the error. It happens in both browsers in the same places.
ahh. one of thoseerrors. and 98 doesn't even give you the opportunity to get a dr. watson log to find out what dll is causing the problem either. or if it does, i don't know how to get it to.
an aside:you've got an aim screen name? looks like i need to add yet another to my buddy list. ian, you too. i know you tried to im me once upon a time.
I have an AIM name - but I can't open AIM here without one of those errors popping up. I don't have your AIM name either.
Ian uses more than one. I have one that's current and a couple that I don't use anymore. Once we get south again on Monday, I'll have to email my AIM name to you.