ChristiansUnite Forums

Oklahoma Howdy to All,

Well, I thought my old computer completely died, but it survived. My ISP got hit with something that shut down their mail servers for the first time in years. I got the mass mailing worm going around and just got my computer working again. The message is actually sent in binary and and displays as code of some sort. I'm trying to get a little bit of education on this now, and I'll try to share.

Needless to say, be careful with your mail. DO NOT open attachments unless you are sure you trust and recognize the sender. If your mail program gives you a weird error message involving 7 bit ASCII or binary in a message, DON'T open the message at all, JUST DELETE IT. Keep your virus definitions up to date and BE CAREFUL. It is a particularly nasty worm and steels part of your address list to replicate itself and send to your friends and family on your personal mail address book.

I'll let you know when I find out more. For the time being, I think my old computer held together in bailing wire survived.

Love In Christ,
Tom

About the worm:

http://www.worldnetdaily.com/news/article.asp?ARTICLE_ID=36800

Oklahoma Howdy to JudgeNot,

Thanks very much for the information. This is exactly what got my ISP and myself. Every time I think that I've got some pretty good security, someone writes something new. Wouldn't it be nice to catch some of those guys writing the virus, worm, and Trojan programs. UM??, I wonder what a suitable punishment would be.   :D  Maybe they could be put in a pillory in front of City Hall, an add placed in the newspaper for all who have been hit with their programs to bring rotten tomatoes and fire away.   :D

In Christ,
Tom

I thought you seemed strangly absent Tom.  Glad to hear your PC is working again.  Good advice on the attachments.  I usually wont open anything ending in .exe, .bat, .com, even if I know the person.  Never know when one of your friends or family's pc's are acting on their own.

Grace and Peace!

Mr. BEP, sir;
If we were Muslim we could serve up the punishment of removing the fingers so he (or she?) could never use a keyboard again.
However, as Christians we must serve up a severe brow-beating followed by 30-years of community service - at the public stock-yard - shovelling you-know-what - with a tablespoon - barefoot.
 ;D

Oklahoma Howdy to JudgeNot,

 ;D  LOL - I loved it and needed that laugh. I spent almost 2 days straightening out the mess. That's a very original punishment, one that sounds very reasonable.   ;D

Love In Christ,
Tom

Oklahoma Howdy to 2nd Timothy,

Thanks Brother. My old computer is worn out, slow, and obsolete, but I guess it has one or two lives left.

You mentioned folks who don't know their computer has been turned into a slave to spread this stuff. That would really upset me if anyone ever did that to me. I can stand cleaning up a mess on my computer, but I would feel horrible if my computer infected the computers of my friends and family.

Reference the files extensions you mentioned, you really don't want to open those at all unless the person sending the mail to you has told you exactly what it is. Here's a better list of things not to open at all:

ADA
ADP
ASX
BAS
BAT
CHM
CMD
COM
CPL
CRT
DBX
EXE
HLP
HTA
INF
INS
JSP
JS
JSE
LNK
MDA
MDB
MDE
MDZ
MHT
MSC
MSI
MSP
MST
NCH
PCD
PIF
PRF
REG
SCF
SCR
SCT
SHB
SHS
URL
VB
VBE
VBS
WMS
WSC
WSF
WSH


Many Email programs, virus protection programs, and fire-wall programs can automatically block or quarantine the above extensions. I did all that with ZoneAlarm Pro Fire-Wall, the latest and best Norton Anti-Virus, and all of the security settings enabled on my Email program. They still got me, I just don't know how yet. I plan to find out.

The virus, worm, and trojan writers can use any or all of these with drastic results. Even if you take all precautions, they still figure out ways to get to you.

I like JudgeNot's idea of 30 years of community service, exactly as he described for those who are caught.   ;D

Love In Christ,
Tom

I just bought a simple little dell and was going ask ya if i should buy the macafee  protection stuff they keep  hounding me with?  Any clue Peas? any one?  What does a  worm do besides fish?  IF ya choose to answe make it an answer for a grandma computer dummy please :o

McAfee is the best (better than Norton).  You shouldn't have an unprotected PC.  My advice: get it.  (It will give you a firewall option also - you should have that, too.)

McAfee is also very easy - you don't need to be super-duper-computer literate to install and use it.  It will update automatically - all that good stuff.

Oklahoma Howdy to Sister Reba,

You can't go wrong with McAfee products. McAfee and Norton usually run neck and neck for the absolute best every year. You get automatic updates of virus definitions with both of them. They are both excellent in keeping up with the virus, worm, and trojan writers. In fact, they try to stay one step ahead of them.

A virus is designed to simply tear up and destroy the file structure on your computer. A worm or trojan can both do the same thing, but some of them can actually make your computer copy and distribute the havoc to other folks, usually the ones on your personal Email address book.

In short, I highly recommend McAfee or Norton, either one. I do have a page on my web site about computer security. However, you might not want to read it now that you know my system was hit and taken down.   :D

http://www.sirinet.net/~blkidps/comptips.html (http://www.sirinet.net/~blkidps/comptips.html)

I think there's still some good stuff on the page, it just wasn't enough.   :D

Love In Christ,
Tom

So make a new file says the dumb blond... Guess i sould just shutup and learn to spell

Oklahoma Howdy to Sister Reba,

 ;D  I bet that McAfee has been automatically taking care of your computer since you got it, probably with little or no problems for you. If so, get it. If you have a credit card, McAfee is completely trustworthy. They will give you a registration code with detailed instructions of how and where to type in the registration. If you use a credit card, you usually get the registration by Email in just a matter of minutes. I bought an Email program from them several months ago, and the credit card transaction was complete with me getting the registration in less than 3 minutes. Their support and customer service is also excellent, usually ranking number 1 or 2 in the entire industry every year.

You've already got McAfee installed on your machine. If it hasn't caused you any headaches, registering it will be the quickest and easiest way to know you have top-notch virus protection. All of their products are always either at the top or close to the top every year. I would also say they are on the cutting edge of technology for making it easy for customers to install and maintain their state-of-the-art products. Their prices are very reasonable, especially when you consider that you are getting the best.

I agree with JudgeNot that you should also get a fire-wall. My personal preference is ZoneAlarm Pro, but they got me. McAffee also makes an outstanding firewall. If I have any more problems, I may get their firewall. You really can't go wrong with one-stop shopping with all of McAffee's products. They are an old and very respected company.

Love In Christ,
Tom

Thanks warden

 ;D  You are quite welcome Governor.

Wow-Bep. I'm sorry to hear about your situation. I hate it, too.

I agree-Judge Not has the right idea. Hear, hear! I say we appoint him assistant to the resident cyclops.

Here's another alert for everyone, too.

VIRUS ALERT! Win32/Mydoom.A@mm
January 27, 2004 - RAV AntiVirus Team is alerting all computer users
that a dangerous Internet worm, called Win32/Mydoom.A@mm,  is
reported to have a high infection level in the last 24 hours. This
worm is classified as "Potentially destructive" by RAV Team
and its spreading process has been carefully followed in the last 24
hours.

The signature of Win32/Mydoom.A@mm is included in the database of RAV
Engine starting with January 27, 2004. All RAV AntiVirus products
using daily updates after this date are able to detect and clean the
worm.

A short description of the worm is available below.

1. Description
2. How to recognize the worm
3. How to disinfect your computer
4. Evilness
5. More info


1. Description
Win32/Mydoom.A@mm is a highly spreading mass mailer internet worm,
with a complex structure and is also able to spread using Kazza file
sharing network. It is packed with UPX and its size is about 22.5Kb
long packed and about 33Kb long unpacked.

The worm is able to spread using Kazaa file sharing network, and will
try to copy itself in the Kazaa Shared Folder using one of the name:
"winamp5", "icq2004-final",
"strip-girl-2.0bdcom_patches", "rootkitXP",
"office_crack", "nuke2004" and one of the
extension: ".pif", ".scr", ".exe",
".bat".

To be less suspicious, when is executed will drop a file named
"message" with random content, and will spawn a
"notepad.exe" process to open that file.

The worm will create a mutex object called "SwebSipcSmtxS0"
to avoid running more than one copy of itself in the same time. In
the "%system%" folder will be dropped and then loaded a
library named "shimgapi.dll". Also Win32/Mydoom.A@mm will
copy itself as "taskmon.exe" in the "%system%"
folder. The "shimgapi.dll" library will then set itself,
using specific registry key, to be loaded by "explorer.exe"
at each computer restart. To be started each time Windows starts, a
new entry called "TaskMon" will be created in the
"Software\Microsoft\Windows\CurrentVersion\Run" registry
key, with the "taskmon.exe" path as value.

Depending on the current time, the Win32/Mydoom.A@mm will try to
initiate a DoS attack to www.sco.com by sending at regular time
intervals HTTP GET requests from up to 63 threads simultaneous. Also,
depending on the current system time the worm will not spread any
more.

Win32/Mydoom.A@mm will listen for connections from a large range of
ports, working this way as a proxy server.

For a complete description of the worm, please read http://www.ravantivirus.com/virus/showvirus.php?v=205



2. How to recognize the worm
The worm can arrive as a mail attachment, with double extension. The
first extension can be ".txt" followed by a big number of
spaces and the second extension can be: ".pif",
".exe", ".cmd", ".scr",
".bat". The file name will be randomly chosen from one of
the following:
- "document",
- "readme",
- "doc",
- "text",
- "file",
- "data",
- "test",
- "message",
- "body".
The attachment can also be present as a zip archive.

Both the "from" and "to" fields will be spoofed
and randomly set to one of the combinations from the worm hard-coded
list.

The "Subject" field will be set to one of the possible
values:
- "test",
- "hi",
- "hello",
- "Mail Delivery System",
- "Mail Transaction Failed",
- "Server Report",
- "Status",
- "Error".
And the message body can contain one of the following :
- "test",
- "The message cannot be represented in 7-bit ASCII encoding and
has been sent as a binary attachment.",
- "The message contains Unicode characters and has been sent as
a binary attachment.",
- "Mail transaction failed. Partial message is available.".


3. How to disinfect your computer
a. click Start>Run and type "regedit";
b. browse to
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] OR
to [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
and delete the following registry key:  
"d3update.exe" = "%system%\bbeagle.exe"
c. update your RAV AntiVirus software;
d. scan and delete all files reported by your RAV AntiVirus product
as infected with Win32/Mydoom.A@mm.
e. restart your computer.

Note1: Incorrect changes to the registry could result in permanent
data loss or corrupted files. We strongly recommend that you back up
your system registry before making any change.
Note2: If you are using Windows Millennium Edition (ME) or Windows
XP, you should disable the System Restore feature before scanning the
system with RAV AntiVirus and re-enable it afterwards. Please contact
your system administrator for information on how to disable this
feature.


4. Evilness
Potentially destructive (corrupts data while replicating).


5. More info
The latest details about Win32/Mydoom.A@mm and a complete description
can be found on our website:

http://www.ravantivirus.com/virus/showvirus.php?v=205

Ya'll hear that deafening sonic boom from the far west?  That was the biggest part of Whitehorse's post going right over my head at extremely high speed...
 ;D

      BEP;
    Sorry to hear that you were hit, but glad that you are up and posting agein. I've got norton with my E-mail settings set at the highest no e-mail enters my puter if the addy not in myaddres book, allso earthlink has started scaning all mail to earthlink users I've had 5 in the past 2 weeks with subject heading of microw windows patch.

Oklahoma Howdy to Forrest,

Brother, it is great to see you back on the forum. I missed you.

I think that I have most of it cleaned up now. From everything that I'm reading, I might have gotten hit with more than one kind of virus. I don't have any hint that my computer infected any of my friends, family members, etc. I do have confirmation that this specific virus did hit me, but so many other weird things happened that I'm almost positive I got hit with other stuff too. My Christian and Law Enforcement web site makes me a fairly regular target.

Love In Christ,
Tom

    I'm testing my signature graphics, test one

test 2


(http://www.sirinet.net/~blkidps/paul2d.gif)

test3

test4

   It works! sorry it took so long to figure it out.

                                                Paul2

   It stopped working! whats going on here?

      it works when you go to the actual post pages but not when you look at "top ten posts", I get now. Sorry everybody ;)

LMHO

I'm getting queezy...

AMISH VIRUS:



You have just received the Amish Virus. Since we do not have electricity nor computers, you are on the honor system.
Please delete all of your files.

Thank thee.

Oklahoma Howdy to Brother Forrest,

 ;D   ;D  Thanks, I needed that laugh.

I only have one question. Since my only computer is an abacus, I guess that means I have to go in and move all the beads around, right?   ;D

I just got another laugh thinking some of the younger folks won't have a clue what an abacus is...........  Forrest, I'll tell you a secret, but don't tell anyone else. I have all of my files backed up on a second abacus.  

Love In Christ,
Tom