I recieved this this A.M. in an email

Skip Cole · From: North Mississippi

This message has been processed by Symantec AntiVirus.

mail.hta was infected with the malicious virus W32.Feebs and has been deleted because the file cannot be cleaned.

Thought this may be helpful to someone ; only thing i understand is that is was infected with a virus. The sender was " Dick Dunlap".

Skip

------------------
"I Can Only Imagine"

Wiz Feinberg · From: Mid-Michigan, USA

If you did not have an up to date anti-virus program scanning incoming email, like Norton, and you simply opened the attached .hta file, the commands in it would have begun a series of events that would disabled almost any security programs it found, installed a web server on you computer, downloaded backdoors and other fun stuff.

quote:

Arrives as an attachment with a .HTA extension. When the .HTA file is viewed, a malicious JavaScript downloads a base-64 encoded file from one or more of the following locations: < snip locations >

Extracts a Windows executable file from the base-64 encoded file and saves it as:
C:\recycled\userinit.exe

Adds the value:
"Stubpath" = "C:\Recycled\userinit.exe"

Lots of Registry modification so that it runs every time Windows starts

Sends emails to all addresses found on the compromised computer. It combines pre-programmed strings into From email addresses that sound compelling to the recipient, and vary with the version of the Worm.

You can read all the activities and consequences here and here, at the Symantec Security Response Center.

In this dangerous time for PC users there is not excuse whatsoever for not having up-to-date virus protection that scans email or watches for threats about to be activated and halts them before they can install themselves. If you cannot afford to purchase or renew a commercial anti virus product there are several very good free products available for downloading. Infected computers spread viruses to other computers via email and file sharing programs.

If you don't want to even take the barest precautions by installing an anti virus program, the least you can do is reduce your Internet browsing account to Limited User status. By running with Limited privileges you cannot install any programs or viruses or spyware into the system or browser itself, nor can viruses or spyware write to the Local Machine tree of the Windows Registry. This prevents them from launching.

Practice safe Hex y'all!

------------------
Bob "Wiz" Feinberg
Moderator of the SGF Computers Forum
Visit my Wiztunes Steel Guitar website at: http://www.wiztunes.com/
or my computer troubleshooting website: Wizcrafts Computer Services,
or my Webmaster Services webpage.
Learn about current computer virus and security threats here.
Read Wiz's Blog for security news and update notices

Skip Cole · From: North Mississippi

I have Norton Antivirus Professional Edition from ' 03 , and i recieve the updates when they send them automatically. Every now and then i recieve an email that Norton has dumped an email due to virus detection in an attachment. Since i'm barely computer savy, i depend greatly on those of you on the Forum that are well versed on the subject. Thanks to the Wiz and others for the warnings.
Skip

------------------
"I Can Only Imagine"

Donny Hinson · From: Glen Burnie, Md. U.S.A.

Chris Brooks · From: Providence, Rhode Island

Donny, you're not stupid. It's good advice.

If users want an easy, non-notebook way to keep e mail addresses for individual or mass mailings, they can simply work with a Word document.

Line up all the e mail address in a list. When doing e mail, keep the Word document open and simply Copy and Paste!

Works for me--but I am no expert.

Chris

Forum Index > Computers		Next oldest topic :: Next newest topic

All times are GMT - 8 Hours	Jump to: