Hahaha. That really sucks for the victems of the virus but i think that it's pretty clever. Pay me $100 or your PC will explode in 20 min! lol
It's clever, until it happens to you, or your friends or family! What's clever about barring you from using your own PC?
Not so much clever as they just have an understanding of active scripts...I wouldn't be surprised if this isn't just a "standard" virus tweaked to attack a different folder...Do you know if your pc is running malware right now?? Open a command prompt and type... netstat -an | find ":6667" If you get nothing then you are ok If you get something like this.... TCP 192.168.1.101:1026 70.13.215.89:6667 ESTABLISHED How quick can you pull the plug? Or is it just running an ident server for anybody doing a portscan? netstat -an | find ":113 " Again a blank line is good....but something like this... TCP 0.0.0.0:113 0.0.0.0:0 LISTENING Time to pull the plug?? Kill any IRC clients before trying these....that's what the test is for...hidden irc clients, used by hijackers to steal your machine to attack others.. have fun
Gave me a fright when It showed an established connection!, then I closed IRC then all was fine -Mike
The Importance of the Limited User, Revisited If you use a computer powered by Microsoft Windows to surf the Web, check your e-mail and so forth, the single most important step you can take to protect your machine from viruses, worms and hackers is to use a "limited user" account for everyday computer use. By running Windows the way Microsoft ships it -- using the all-powerful administrator account -- you expose yourself to huge security risks. If a Trojan horse or virus makes it onto your machine while you're using an administrator account, it can get its hooks deep into the operating system (often without your knowledge.) However, by regularly using Windows under a limited account, you can safely avoid the vast majority of malware out there today, simply because the limited-user account does not have the right to install programs or change system settings. As a result, when malicious Web sites try to use security weaknesses in the operating system or your Web browser to conduct "drive-by" spyware and malware installs, for example, that installation process fails. I have written several times before about the importance of using non-administrator accounts on Windows, but the topic came up again on a talk show I was invited to speak on today (the Kojo Nnamdi Show on National Public Radio's WAMU American University Radio station) about online scams. As such, I'd like to point again to a recent blog post I wrote on "DropMyRights," a free program from Microsoft that makes it easier to run Internet browsers and other Internet-facing applications under less powerful user accounts. Also, in last week's Security Fix Live online chat, a reader asked how he could keep his kids from installing programs and otherwise monkeying with his computer settings. I offered a quick-and-dirty tutorial on how to switch from using an administrator account to a limited-user account for everyday use. Basically, this uses the opposite approach from the DropMyRights program: All of the programs on your PC are run under a limited account, and the user is forced to supply a password before installing any program or run it as a user with full rights. I thought it might be helpful to call special attention to that advice in a blog post for readers who may not have been able to join us for that chat: Chances are that the user account you are using on your machine at the moment is the all-powerful administrator account (it might be named something else, but if you go to Start, Control Panel, and then User Accounts, you should see all of the accounts you have on the system. There are probably at least two accounts in there, one with administrator rights and another Guest account (which should be turned off: if it's not, turn it off). Assuming the main account is an administrator account (it will say so under the name), and that the only other account you have listed is an inactive Guest account, go ahead and create another administrator account. If you have kids or others who use the computer and you'd like to keep them from changing the settings on the machine, assign the administrator account a password (not one that your kids or other household users will guess but also one that you can safely remember (see our password primer for help here). If you are the only one using your computer, you are using Windows XP, and you're relatively confident about the physical security surrounding the PC, it is actually safer to leave the administrator account without a password assigned to it. That's because Windows XP accounts with no passwords can only be used if you are physically in front of the computer: non-password protected administrator accounts in XP cannot be used for accessing the machine over a network. Next, go to the main menu and enable "Fast User Switching," which should allow you to have more than one accounts logged in at the same time, so you if you need to you can toggle back and forth between the administrator account and the limited user account you're about to create. Once you've created the second administrator account, change the account privileges of the one you are currently using. From the main User Accounts page, click on the admin account you're currently using and then click on the button that says "Change Account Type." Then switch it over to a limited account, and you should be all set. You will not be able to make any more changes to the system settings, however, until you log into the computer using the administrator account, so you'll notice a few of the options in the User Accounts menu are now no longer available to you. If you want to try it out now, just download a piece of software and try to install it. It should fail. Now, if you right click on the file you downloaded and select "Run As" it will prompt you to select the account with administrator privileges and then for the password (assuming you've assigned one to the account). Enter both and you should be able to install the program, no problem. go here to read it all http://blog.washingtonpost.com/securityfix/2006/05/the_importance_of_the_limited.html
[bold]Sophos Cracks Ransomware Trojan Code[/bold] Matt Chapman, vnunet.com 01 Jun 2006 Antivirus firm Sophos has cracked the password needed to unlock files held to ransom by the Archiveus ransomware. A nurse in Greater Manchester became one of the first people in the UK to have her files encrypted by a ransomware program that demanded money before it would unlock them. Users trying to access the files are directed to a new file containing instructions on how to recover the data. "Do not try to search for a program that encrypted your information - it simply does not exist in your hard disk anymore," the file says. "Reporting to police about a case will not help you, they do not know the password." The letter also warns people not to report the contact email address unless they want to risk losing touch with the blackmailers and never getting their files back. However, experts at Sophos have disassembled the Archiveus Trojan, also known as MayAlert, and recovered the password which is: mf2lro8sw03ufvnsq034jfowr18f3cszc20vmw Read the rest @ http://www.vnunet.com/vnunet/news/2157399/sophos-cracks-ransomware-code
HP Hit With Funlove Virus Again Company inadvertently distributed a virus with a printer driver, security vendor says. Robert McMillan, IDG News Service Friday, June 02, 2006 Hewlett-Packard yesterday pulled a printer driver from its Web site after security vendor BitDefender reported that the software was infected with the same computer virus that infected HP's drivers more than five years ago. Advertisement A BitDefender partner notified the security vendor of the infected driver software earlier this week, and the company's security researchers soon determined that it had the same Funlove virus that had plagued HP in December 2000. BitDefender notified HP of the problem on Wednesday and the infected printer driver was removed from HP's Web site early Thursday, said BitDefender spokesman Vitor Souza. Until then, the virus was being distributed with the Korean version of the Windows 95/98 driver for HP's Officejet g85 All-in-One printer. HP no longer sells the all-in-one printer, and the current antivirus products are able to block it. So while the oversight is an embarrassment for HP, it's unlikely that many users were affected by Funlove. Similar Situation Previously, HP had inadvertently distributed the Funlove virus in Japanese printer drivers that were made available on the company's Web site. Souza believes that HP most likely neglected to remove this particular infected driver back in 2000. "Its just like nobody had run a test against antivirus [software]," he said. Even for users who fall prey to the virus, the consequences are not severe. When it gets installed, the Funlove pops up a text message that reads "Fun Loving Criminal," and then attempts to reboot the PC. On Windows NT machines, it attempts to change system settings so that files that can normally be seen only by administrators are visible to all. HP executives were not immediately available to comment for this story. BitDefender is owned by Softwin SRL, based in Bucharest, Romania. http://pcworld.com/news/article/0,aid,125955,00.asp
McAfee AVERT Stinger Stinger is a stand-alone utility used to detect and remove specific viruses. It is not a substitute for full anti-virus protection, but rather a tool to assist administrators and users when dealing with an infected system. Stinger utilizes next generation scan engine technology, including process scanning, digitally signed DAT files, and scan performance optimizations. How do I use Stinger? The Stinger for W32/Polip can be found here 1. Download v2.6.0 [1,144,839 bytes] (4/5/2006) 2. NOTE: The file has been renamed to circumvent anti-stinger tactics used by Sober.r Download ePOStg256.Zip EPO deployable version (for EPO administrators). Instructions for EPO 2.5X and EPO 3.X are available. 3. This version of Stinger includes detection for all known variants, as of February 2, 2006: Variant Names: BackDoor-AQJ BackDoor-ALI BackDoor-CEB BackDoor-JZ Bat/Mumu.worm Downloader-DN.a Exploit-DcomRpc Exploit-LSASS Exploit-MS04-011 HideWindow IPCScan IRC/Flood.ap.dr IRC/Flood.bi.dr IRC/Flood.cd NTServiceLoader ProcKill PWS-Narod PWS-Sincom.dll W32/Anig.worm W32/Bagle@MM W32/Blaster.worm (Lovsan) W32/Bropia.worm W32/Bugbear@MM W32/Deborm.worm.gen W32/Doomjuice.worm W32/Dumaru W32/Elkern.cav W32/Fizzer.gen@MM W32/FunLove W32/IRCbot.worm W32/Klez W32/Korgo.worm W32/Lirva W32/Lovgate W32/Mimail W32/MoFei.worm W32/Mumu.b.worm W32/MyDoom W32/MyWife.d W32/Nachi.worm W32/Netsky W32/Nimda W32/Pate W32/Polybot W32/Sasser.worm W32/Sdbot.worm.gen W32/SirCam@MM W32/Sober W32/Sobig W32/SQLSlammer.worm W32/Swen@MM W32/Yaha@MM W32/Zafi W32/Zindos.worm W32/Zotob.worm 4. When prompted, choose to save the file to a convenient location on your hard disk (such as your Desktop folder). go here to download http://vil.nai.com/vil/stinger/
Anyone that wants to keep up to speed on security problems and fixes should just go and find Packet Storm Security, they're always listing the newest holes and offering links to the newest stories on IT security.
The_Fiend no need to as my pc is behind a pix firewall,your pix this is pasted on both sides of my puter,no virus or cockroaches can get in.
I have a problem too! I turn my pc on and when i get past the password on mcafee i get asked to allow access to a windows programme and I deney it, it then disables my firewall. Then when I access the internet I'm being asked to grant windows internet access in order to get onto the web, if I deney them my connection is at a speed of 1k-25k.
uk_gamer i would post ye info here ye might have a virus...or melware http://forums.afterdawn.com/forum_view.cfm/166
