...More talk of the Sircam Worm ...

[tad]

This worm is particularly evil, so I think we should continue to discuss it.
(I plead guilty to the 'start a new thread' ploy)

The worm gets deep into the registry, but you can't use regedit.exe because any exe file ACTIVATES the little shit.
Both these sites give info, and McAfee gives about 4 pages of instructions on how to get it out. (you run regedit as a bat file).

http://www.mcafee.com/anti-virus/viruses/sircam/

http://www.symantec.com/avcenter/ven...m.worm@mm.html

Wayne's method of reformatting the hard drive will also work, but a bit severe.
Plus, I think this one is going to be coming around a lot, so it behooves us to be prepared.
And THAT can lead to the question of how one protects their data. I personally use DriveImage4 and duplicate the whole computer, OS and all. Yes, it takes a while.

BTW, has anyone found a patch to close holes in Microsoft Office ???
Searching the Microsoft site can take years.

Regards,,,,,,,,,,, Tad

[tad]

This worm is particularly evil, so I think we should continue to discuss it.
(I plead guilty to the 'start a new thread' ploy)

The worm gets deep into the registry, but you can't use regedit.exe because any exe file ACTIVATES the little shit.
Both these sites give info, and McAfee gives about 4 pages of instructions on how to get it out. (you run regedit as a bat file).

http://www.mcafee.com/anti-virus/viruses/sircam/

http://www.symantec.com/avcenter/ven...m.worm@mm.html

Wayne's method of reformatting the hard drive will also work, but a bit severe.
Plus, I think this one is going to be coming around a lot, so it behooves us to be prepared.
And THAT can lead to the question of how one protects their data. I personally use DriveImage4 and duplicate the whole computer, OS and all. Yes, it takes a while.

BTW, has anyone found a patch to close holes in Microsoft Office ???
Searching the Microsoft site can take years.

Regards,,,,,,,,,,, Tad

[bcdeb]

The Help Desk at my ISP sent it's subscribers an email today about the worm, and strongly advised us to go to this website for preventative/curative measures. I'm passing this URL on just in case other people's ISPs haven't been so helpful:

http://www.sarc.com/avcenter/venc/da...m.worm@mm.html

It's a download preventative/curative program. Check it with your virus scanner in case my ISP is stupider than I suppose...

[Erik Heyninck]

I just got my first one.

It is quite easy to recognise.

Someone you know and trust, sends you an e-mail, beginning with "hello, how are you" and ending with "thank you", asking you to check out an attachment.

This is called something (in my case HDWELLS) with a double extension. The last one, the real thing, is a .COM extension.

my ideas:

NEVER OPEN A FILE WITH A DOUBLE EXTENSION

IN CASE OF DOUBT, KEEP IN QUARANTAINE AND CONTACT THE SENDER TO ASK INFO.

AS LONG AS YOU DON'T OPEN THE ATTACHMENT, NOTHING HAPPENS. SHIFT DELETE THE MAIL SO THAT IT DOESN'T EVEN GO TO THE DUSTBIN


Luckily, I have webmail, so I can check online and delete from the server.

[Peter Clifton]

There are two parts to the Network Associates Dr Solomon's (or McAfee) Virus scanner

The DAT files which should be updated often and the Scanning engine which should also be updated as required.

If you fire up either the Virus scan console then do Help / About or right click on the Vshield Icon in the task bar and select about it will list the version of the DAT file and the scanning engine.

All Virus descriptions posted by McAfee have a required versions list and you should check both the DAT file and the Scanning engine versions meet the requirements to detect the Virus

Here is a link to the requirements for the SirCam Virus for the McAfee Virus Scanner.

http://vil.nai.com/vil/dispvirus.asp?virus_k=99141

HTH

Peter

[roman]

I got 3 from the same address... to d/l 300 kb email on ISDN 64 that can make one crazy. Lately there were storms in our region and few people got killed by lighting (or how it is named). Probably not the right target. God should send lighting on those people who create such stupid things like this.

[Erik Heyninck]

When you have ISDN, chances are that you can check your mail online. If you can't: Peter Clifton mentionned this great app in another thread: http://www.netcomuk.co.uk/~kempston/smb/index.html You can eventually also use Telnet.

If you use Outlook Express, you can set preferences for automatically deleting mail from this or that person, with a certain title and bigger that "yourchoice".

I also use a code with the people I know: we always include something personal in the title, for example the name of the dog, a child, a nickname etc. so that when I get an 'Hallo" or "Check this out" or "Funny Joke" title, I know what it is and simply delete it.

As for McAfee: one out of three times that I updated the scan engine, my whole system crashed. So no more of these bodyguards for me.


And let's not panic: it is not another Tchernobyl.
And even then...

[img]/infopop/emoticons/icon_cool.gif[/img]

If you don't work against time, time often works for you.