| || |
Some people have absolutely nothing better to do!!!
But actually, most virus' (the older ones at least) start out as jokes to
play on people. Then they get modified to do something else and they end up
being bad jokes.
Today though, I think most of these email virus' are made by the spammers in
order to collect address.
I don't care how careful you think you are, if your pc connects to the
internet, has a floppy drive, or has a CD drive...then you must have an
anti-virus package. Now just because you have an anti-virus package do not
think you are protected...update it daily or everytime you get on the
computer...whichever comes first.
Sections - (click on link below to goto a section on this
Is your Anti-virus software acting
can't uninstall and
Norton Removal Tool -
I need help removing one NOW!
- If you got a really "good" virus, in that I mean some virus'
have alot of different counter measures in them to make sure they survive and
can actually shut down or prevent install of an anti-virus package, then you
need to download Stinger from http://vil.nai.com/vil/averttools.aspx.
- Then find an "online" scanner, one that doesn't require you
to actually install something.
- Then get a anti-virus package that has "real-time" protection
(monitors all files being opened on your pc) and keep it
Virus Specific fixes
Zlob-media codec infections
System tray time has “VIRUS ALERT!” next to time
Properties general tab has “VIRUS ALERT!” where the Product key should
"sTimeFormat"="h:mm: VIRUS ALERT!"
Then go into
“Regional Date/Time settings…” in Control Panel
The ProductID that was modified here is under
***Note, this is
not your Product Key used to install Windows!
To retrieve your Product ID and restore it for above
key/value, you can find it under next value in the registry as
What? What the heck is that?
According to Wikipedia - http://en.wikipedia.org/wiki/Rootkit
A rootkit is a set of software tools frequently used by a
third party (usually an intruder) after gaining access to a computer system.
These tools are intended to conceal running processes, files or system data,
which helps an intruder maintain access to a system without the user's
knowledge. Rootkits are known to exist for a variety of operating systems
such as Linux, Solaris and versions of Microsoft Windows. A computer with a
rootkit on it is called a rooted computer.
The word "rootkit" came to public awareness in the 2005 Sony
CD copy protection controversy, in which Sony BMG music CDs placed a rootkit
on Microsoft Windows PCs.
But the biggest thing about them is:
The rootkit (which can intercept anything)
can actually "hide" files from the OS(or at least from you seeing
them). This is not by just setting the attributes, they do some low level
stuff and just dont show them...even at the DOS
Rootkit Revealer (but it only
shows you the files are there)
Blacklight (its beta and
only works till March)
I need to track where an email virus came from
How to figure out where it came from
You need to look at the "headers" of the email, the
information that is hidden and tells you everything about the email like
what machine it came from, server it came through...and a bunch of other
- Outlook Express - open the message, goto "File",
"Properties", "Details" tab.
- Outlook - open the message, goto "View", "Options",
"Internet Headers" (at bottom of window).
Look for the "Received: from" line, there will probably be
multiple of these lines, 1 for every mail server hop it made. Look for the
very last one before the Date, From, Subject.
This line might contain something that looks like a
machine name (like OWNER) and a server domain name (like
ATL.SOMECOMPANY.COM) and an IP address in bracket (like [188.8.131.52]).
So, in this case the message came from a PC called OWNER from the Atlanta
office(just a guess at the ATL of the SomeCompany).
This example shows a machine named "ownerxp" on the Business
RoadRunner network(good guess at the biz.rr) sent this email.
Trace routing this address will give you more of a clue where this business
might be located geographically.
Sometimes the server domain name won't point you to
the direct company, so take the IP address(the one in brackets) and use
the tools below to trace route where it actually came from. Trace routing an
IP might not get you all the way to a noticeable company name(usually
stopping at a firewall), but with some abbreviation resolution and watching
where the hops go you can get pretty close.
Trace Route and other cool tools - www.dnsstuff.com (awesome tool that looks up
an IP on every different kind of black list out there)
www.tracert.com - some of the servers don't
tracert stops at a big-ole-named firewall, look here for
abbreviations - http://www.sarangworld.com/TRACEROUTE/showdb.php
look up a domain name - http://www.networksolutions.com/en_US/whois/ or use
the above dnsstuff, but Network Solutions is like the originator of
controlling domain names.
My Internet start page always goes to some site I didn't
If everytime you open an Internet Explorer(browser) and the
start page goes to somepage you never even heard of and you set it to
something useful and it changes back...this is called a Hi-Jacking or
Start Page Virus. In its original creation, I think it is designed as
a advertising thing, kinda like popups...but the stupid thing is so annoying,
that they are really being considered a virus of sorts. Some of the anti-virus
packages have protection against "Start Page Virus'".
Q. Who really has the virus?
A. Usually it is someone that who it came from and who it went
to, have in common. Now that could be a colleague, friend, family member, or
someone you responded to.
The majority of email virus' run a little program on your
system that go through your files on your computer looking for email
addresses. Once it makes its list, then it starts sending itself
from someone in that list to someone in
that list...not necessarily from the person who the virus is running
Q. Will I see them in my "outbox"?
A. Not necessarily
Some of the virus' use their own "send mail"(smtp)
functions, in other words they really don't use your Outlook or Outlook
Express to send themselves.
The older email virus' used your email
client(software ie: Outlook Express) and you could actually see all the
people it sent itself to.
Q. How do I protect my email from virus'?
A. Have a virus protection package that actually
checks incoming and outgoing mail.
Most of the newer anti-virus packages have built-in
mail client plug-ins, so that when you send/receive it scans
Outlook also has a feature built-in that will warn
you when another application is trying to use it to send
- update your virus defs on your home pc's, especially if you
are corresponding with other internal people at your work via email or sending
things to your home account.
- tell your friends to keep their virus definitions updated
- make it a habit that everytime you turn on your home pc,
either update you virus defs immediately or check to see if they have been
updated within the last 2 days.
- be very leary of email attachments, some attachments look
really legitimate. some even a really long filename so you don't see the type
file it is like so:
.scr" , notice the scr is way over to the right.
- tell your friends to BCC you in emails, that way your
address is not somewhere on those 50 peoples computer. (read previous section
on email virus')
- just because you have virus protection doesnt mean your
protected- it has to be UPDATED frequently(almost twice a day)
- just because you have a "firewall" or Cable/DSL Router you
are protected- a firewall just stops people from seeing your pc easily from
DO NOT be nieve
DO NOT be nieve about virus' thinking that you never open
anything that looks suspicious, because some of them all you have to do
hi-lite them and it activates some code.
Cost (but usually it is cheaper than losing all your
Still can't find anything? go here http://www.thefreecountry.com/security/antivirus.shtml
Virus' around the world
Here is a map of virus statistics around the world.
You are here: Home-Computer Tips & Help-Virus
Previous Topic: Web Development Next Topic: Spyware/Malware