Re: HELP!!! PLEASE!!! old virus reinfestation????

From: David H. Lipman (DLipman~nospam~_at_Verizon.Net)
Date: 02/28/04

  • Next message: Jupiter Jones [MVP]: "Re: Suggestion" 
    Date: Fri, 27 Feb 2004 18:20:20 -0500

    Michele:

    Since it is a corporate PC, all I can suggest is that you perform a web based scan of your
    platform.

    You *must* work with your IT department whether you think their competency is in question or
    not. That is their job, it is your companies PC and not yours to make decisions on or
    about. My company has very strict rules about the use of the computers we provide our
    personnel and the most important one is that the users can not, under *any* circumstances
    install any software with the advice, assistance and/or permission of the MIS/IS group.

    Please go to one or more of the below online scanners and perform a scan of your platform
    then report back your results.

    Trend:
    http://housecall.antivirus.com
    http://housecall.trendmicro.com

    McAfee:
    http://www.mcafee.com/myapps/mfs/default.asp

    Panda:
    http://www.pandasoftware.com/activescan/

    Symantec:
    http://security.symantec.com/

    In addition:
    If you post to UseNet with your TRUE, not a munged, email address then you have invited the
    Swen Internet worm [aka; W32/Gibe-F] to visit you.

    The Swen is news spelled backwards. The reason it is called this is because the Swen worm
    harvests email addresses from UseNet News Groups. It has an engine that allows it to post
    itself to UseNet News Groups as well as it has its own email engine. From the list of
    email addresses that it has harvested, it will then email itself to those addresses.

    So realize that YOUR actions will now cause your company to receive the Swen worm because
    you felt you had to bypass your MIS/IS group.

    Dave

    "Michele" <m n a s h @ co.kern.ca.us> wrote in message
    news:376301c3fd86$652ed980$a301280a@phx.gbl...
    | I know this is going to be long but I need to give you a
    | little back ground to work with. I am on a networked PC
    | (Windows 2000)and my email is on a group server. Awhile
    | back my pc was infected with virus/trojan and it look
    | like a hacker was even getting into it. It had to have
    | the hard drive completely reformatted and and everything
    | redone. My problem is that when this happened my
    | groupwise email started having problems a remote mailbox
    | was setup on my pc and I did need one there and my sent
    | mail folder went missing. I won't say it was deleted
    | because I can find the items I sent but I just can pull
    | the folder up and I had to create a new one. This
    | happened the same time all the RPC, Telephony and remote
    | procedures started operating on a windows 2000 operating
    | system that runs over a T1 line. I started disconnecting
    | from the network everynight but one night I forgot and I
    | don't know exactly what happened but all of a sudden I
    | came in one day after and my harddrive had been
    | reformatted and repartitioned my CDRW & CDR drives were
    | in constant boot state with nothing in the drive, and I
    | could no longer access my email or shared network
    | directory. I turned the PC over to the IT guy and try to
    | convince them I was hacked or had a virus but it was
    | clear they did not believe me because they said they had
    | the latest update of Virus scan running and it was being
    | updated daily. Now I have my PC back but the problems
    | started again. Progams I didn't install are showing up,
    | things are changing on my configuration constantly and I
    | files that say that they are one thing but on closer look
    | they are in fact commands and other actions totally
    | different. Is there any why that the old virus could
    | have reinfested itselfs self again on my pc and go
    | undetected because the IT guys here say that if I had a
    | virus/trojan it would be dectected because we get updated
    | on a daily bases. If anyone out there can help me with
    | this it would be great. Now that I using XP it is even
    | harder to convince the IT staff that somethings going on
    | and even harder to get my work done.

  • Next message: Jupiter Jones [MVP]: "Re: Suggestion"

    Relevant Pages

    • Re: desperately need help - outlook express virus
      ... You are NOT going to get help if you leave out pertinent facts. ... The following "the virus is all over my computer." ... The reason it is called this is because the Swen worm ... itself to UseNet News Groups and well as it has its own email engine. ...
      (microsoft.public.security.virus)
    • Re: Virus
      ... |>harvests email addresses from UseNet News Groups. ... |>|>My system has got a virus that has disabled my Norman ...
      (microsoft.public.scripting.virus.discussion)
    • Re: Requesting Virus Scan???
      ... What Anti Virus software do you have installed? ... itself to UseNet News Groups as well as it has its own email engine. ... and "d" drive is storage (for my word files). ... | some program) continues to "request virus scan" delaying my work. ...
      (microsoft.public.security.virus)
    • Re: Swen Internet Worm(W32.Swen.A@Worm)
      ... Petition your ISP to install AV software on their respective email servers. ... |> itself to UseNet News Groups and well as it has its own email engine. ... |> | i got the Swen Worm but i deleted it. ...
      (microsoft.public.scripting.virus.discussion)
    • Re: Mascarade Email from "Microsoft" : W32.Swen.A@mm attached !
      ... The reason it is called this is because the Swen worm ... harvests email addresses from UseNet News Groups. ... itself to UseNet News Groups as well as it has its own email engine. ... There are several Internet worms that masquerade as patches from Microsoft. ...
      (microsoft.public.security.virus)