[vox-tech] [OT] Now I have a virus. Argh!!!!!

Peter Jay Salzman p at dirac.org
Sat Jul 17 20:47:37 PDT 2004 

On Sat 17 Jul 04,  5:20 PM, Jonathan Stickel <jjstickel at sbcglobal.net> said:
> Peter Jay Salzman wrote:
> >Ever have the feeling that you shouldn't have gotten out of bed?
> >
> >One of my systems, lucifer, is a dual boot (Debian/win2k).  The only
> >thing I use win2k for is to play Serious Sam, Serious Sam Second
> >Encounter, and Syberia.
> >
> >My wife checks her school email, which is web based.  Apparently, Opera
> >can't handle the Javascript, so when lucifer is in Linux, she uses
> >Galeon and when lucifer is in win2k, she uses IE.
> >
> <snip>
> >I googled on one of my Linux boxes, and after a little searching, found
> >that this is a worm called W32.HLLP.Kindal at MM.  I was able to verify
> >some of the claimed changes the worm made to the registry, although I
> >couldn't find the file that was supposed to contain the viral code.  I
> >saw a mention of it in the registry, and saw the key that has it run on
> >boot, but the file itself seems to be missing or isn't showing up.
> >Wierd.
> >
> >The only way this thing could've gotten onto my system that I can think
> >of is by Internet Explorer.  This OS is used for gaming (non-online
> >gaming), and checking school webmail with IE and absolutely nothing
> >else.  I know that 4 "critical vulnerabilities" were announced for IE a
> >couple of days ago, and another 3?  6?  a few days before that.
> >
> >Anyway, that's neither here nor there.  I've never had a worm before,
> >so I'm new to all this.  What's the standard procedure?  Reinstallation?
> >Can "virus checkers" also erase viruses?   What is a good "virus
> >checker" for this purpose?
> >
> 
> According to Symantec 
> (http://securityresponse.symantec.com/avcenter/venc/data/w32.hllp.kindal@mm.html), 
> this virus spreads by email and file-sharing software.  Maybe your wife got 
> it by web-based email?  Anyway, Norton Antivirus would get rid of it for 
> you.  You could probably use some other (free?) virus software also. You 
>  may want to scan your whole machine to see if you got something else, too.  
> Do you keep up with all the windows patches?
 
yeah, i actually do.   i see there was a free anti-virus suggestion
made.  i'll give that a whirl first.

from info i found on the web, i've disabled the virus from starting on
boot, but there's probably dormant copies of it laying around, so i
definitely need to scan the system.

on the proactive side, i installed mozilla which she can use to check
email.  in my defense, the only reason why i didn't install mozilla
before was that i didn't figure the computer stays booted long enough in
windows for something like this to happen.  we're talking only a couple
of hours a day.   but apparently, it was enough!

> Windows security is just awful these days.  I have some friends who use 
> dialup internet with windows.  The windows updates take so long on 
> dialup that they get frustrated and don't complete them.  About every 3 
> months they get infected with something new.

i know a woman from work whose win XP system was trahsed by windows
update.  she swore to never use the win update again.   very
unfortunate....

pete

-- 
In theory, theory and practise are the same.  In practise, they aren't.
GPG Instructions: http://www.dirac.org/linux/gpg
GPG Fingerprint: B9F1 6CF3 47C4 7CD8 D33E 70A9 A3B9 1945 67EA 951D

More information about the vox-tech mailing list