FW: check for viruses

[Guest guest]

In a message dated 9/6/04 3:37:51 PM Eastern Daylight Time, fskelton@... writes:

I suggest that everyone WHO HAS MY PERSONAL ADDRESS IN THEIR ADDRESS BOOK

check for viruses in their compouter.

or, rather than alarming everyone, we can just narrow it down to New Jersey, as alluded to earlier. Specifically, someone on comcast who is in or around Audubon, NJ. (The email headers tell where the worm is from.)

If you don't have an antivirus

program you can do a free scan online at http://us.mcafee.com/ In the lower

left of that page click "Scan Now".

nope, that is *probably* wrong. At least for right now. As I've said, the worm is brand new (as of midnight this morning, according to the time stamps on the worm files). As such, mcafee doesn't have a definition on it as of this moment. At least not according to their list of new threats, which shows only W32/Mydoom.t@MM as newest:

http://us.mcafee.com/virusInfo/default.asp?cid=10007

However, they might have the new definition at any minute.

I'd expect this one to be somehow associated with the name BlackWorm, since that string is in the virus itself - and there used to be a Blackworm virus.

So a virus scan done right now would give a false negative - UNLESS the online scan also does 'heuristics' and the heuristics by an odd chance do succeed in detecting this one.

Btw, the (free) AVG is also not detecting it yet, even with heuristics turned on. TrendMicro doesn't have it yet, either.

--

Ken

[Guest guest]

In a message dated 9/6/04 5:16:30 PM Eastern Daylight Time, perspect1111@... writes:

If this is YOU, update your anti-virus, please and run it

occasionally - i.e. more often than once every three weeks. Thanks.

nope, please reread below. An AV won't be effective on a brand new worm. However, more effective advice to give to list members (most especially those with always-on dsl or cable) would be to install an applications based firewall (like the free Kerio). Then if a person gets infected, they won't be able to spew emails out to anyone lese, because the firewall will almost certainly block that. No maintenance or updates required, either - and less conflicts with the OS.

-

Ken

>the

> worm is brand new (as of midnight this morning, according to the

time stamps on

> the worm files). As such, mcafee doesn't have a definition on it as

of this

> moment. At least not according to their list of new threats, which

shows only

> W32/Mydoom.t@MM as newest:

> http://us.mcafee.com/virusInfo/default.asp?cid=10007

>

> However, they might have the new definition at any minute.

>

[snip]

>

> So a virus scan done right now would give a false negative - UNLESS

the

> online scan also does 'heuristics' and the heuristics by an odd

chance do succeed

> in detecting this one.

[Guest guest]

Someone on the list is sending a virus from their computer . This would be

someone who has my personal address in their address book.

I suggest that everyone WHO HAS MY PERSONAL ADDRESS IN THEIR ADDRESS BOOK

check for viruses in their compouter. If you don't have an antivirus

program you can do a free scan online at http://us.mcafee.com/ In the lower

left of that page click " Scan Now " .

[Guest guest]

Hi folks:

This sounds rather similar to the fellow whose computer, some months

ago, bombarded me with emails (about forty a day) for three weeks

purportedly from each of the addresses in his address book. I

finally wised up to the fact he was a member of this group when one

of the emails purportedly came from a CR address of some sort.

In that case I determined that he was a hobby ocean fisherman, living

in the Chesapeake bay region, who did Tai Chi and some weird religion

(I forget which one - not zoroastrian, but about equally weird). He

had a number of bait shops on his address book.

If this is YOU, update your anti-virus, please and run it

occasionally - i.e. more often than once every three weeks. Thanks.

Rodney.

> In a message dated 9/6/04 3:37:51 PM Eastern Daylight Time,

> fskelton@e... writes:

>

> >

> > I suggest that everyone WHO HAS MY PERSONAL ADDRESS IN THEIR

ADDRESS BOOK

> > check for viruses in their compouter.

>

> or, rather than alarming everyone, we can just narrow it down to

New Jersey,

> as alluded to earlier. Specifically, someone on comcast who is in

or around

> Audubon, NJ. (The email headers tell where the worm is from.)

>

> If you don't have an antivirus

> >

> > program you can do a free scan online at http://us.mcafee.com/

In the lower

> > left of that page click " Scan Now " .

>

> nope, that is *probably* wrong. At least for right now. As I've

said, the

> worm is brand new (as of midnight this morning, according to the

time stamps on

> the worm files). As such, mcafee doesn't have a definition on it as

of this

> moment. At least not according to their list of new threats, which

shows only

> W32/Mydoom.t@MM as newest:

> http://us.mcafee.com/virusInfo/default.asp?cid=10007

>

> However, they might have the new definition at any minute.

>

> I'd expect this one to be somehow associated with the name

BlackWorm, since

> that string is in the virus itself - and there used to be a

Blackworm virus.

>

> So a virus scan done right now would give a false negative - UNLESS

the

> online scan also does 'heuristics' and the heuristics by an odd

chance do succeed

> in detecting this one.

>

> Btw, the (free) AVG is also not detecting it yet, even with

heuristics turned

> on. TrendMicro doesn't have it yet, either.

>

> --

>

> Ken

[Guest guest]

does this work for Macs as well as PCs?

From: bpinfo@...

Reply-

Date: Mon, 6 Sep 2004 18:54:17 EDT

Subject: Re: [ ] Re: FW: check for viruses

In a message dated 9/6/04 5:16:30 PM Eastern Daylight Time, perspect1111@... writes:

If this is YOU, update your anti-virus, please and run it

occasionally - i.e. more often than once every three weeks. Thanks.

nope, please reread below. An AV won't be effective on a brand new worm. However, more effective advice to give to list members (most especially those with always-on dsl or cable) would be to install an applications based firewall (like the free Kerio). Then if a person gets infected, they won't be able to spew emails out to anyone lese, because the firewall will almost certainly block that. No maintenance or updates required, either - and less conflicts with the OS.

-

Ken

>the

> worm is brand new (as of midnight this morning, according to the

time stamps on

> the worm files). As such, mcafee doesn't have a definition on it as

of this

> moment. At least not according to their list of new threats, which

shows only

> W32/Mydoom.t@MM as newest:

> http://us.mcafee.com/virusInfo/default.asp?cid=10007

>

> However, they might have the new definition at any minute.

>

[snip]

>

> So a virus scan done right now would give a false negative - UNLESS

the

> online scan also does 'heuristics' and the heuristics by an odd

chance do succeed

> in detecting this one.

[Guest guest]

Thanks, Ken, I'm impressed. That Mcaffee won't work on mine anyway, it needs ie 5.5. I'm trying to get my win 3.11 back on line and drive the kooks crazy. I was going to get a new machine and realized they're geared to the sw provided (registered). So I just fixed my old one as a backup - just for inet.

I've got my spyware ordered. Any feeling about brand?

Regards.

----- Original Message -----

From: bpinfo@...

Sent: Monday, September 06, 2004 3:25 PM

Subject: Re: [ ] FW: check for viruses

In a message dated 9/6/04 3:37:51 PM Eastern Daylight Time, fskelton@... writes:

I suggest that everyone WHO HAS MY PERSONAL ADDRESS IN THEIR ADDRESS BOOKcheck for viruses in their compouter. or, rather than alarming everyone, we can just narrow it down to New Jersey, as alluded to earlier. Specifically, someone on comcast who is in or around Audubon, NJ. (The email headers tell where the worm is from.)If you don't have an antivirus

program you can do a free scan online at http://us.mcafee.com/ In the lowerleft of that page click "Scan Now".nope, that is *probably* wrong. At least for right now. As I've said, the worm is brand new (as of midnight this morning, according to the time stamps on the worm files). As such, mcafee doesn't have a definition on it as of this moment. At least not according to their list of new threats, which shows only W32/Mydoom.t@MM as newest:http://us.mcafee.com/virusInfo/default.asp?cid=10007However, they might have the new definition at any minute.I'd expect this one to be somehow associated with the name BlackWorm, since that string is in the virus itself - and there used to be a Blackworm virus.So a virus scan done right now would give a false negative - UNLESS the online scan also does 'heuristics' and the heuristics by an odd chance do succeed in detecting this one.Btw, the (free) AVG is also not detecting it yet, even with heuristics turned on. TrendMicro doesn't have it yet, either.-- Ken

[Guest guest]

Hi JW:

FWIW, all free, try: Sygate Personal Firewall; AVG anti-virus; Ad-

aware; Spy Sweeper; and Spybot. But it seems I have somewhat more

recent equipment than you ; ^ )))

Rodney.

--- In , " jwwright " <jwwright@e...>

wrote:

> Thanks, Ken, I'm impressed. That Mcaffee won't work on mine anyway,

it needs ie 5.5. I'm trying to get my win 3.11 back on line and drive

the kooks crazy. I was going to get a new machine and realized

they're geared to the sw provided (registered). So I just fixed my

old one as a backup - just for inet.

>

> I've got my spyware ordered. Any feeling about brand?

>

> Regards.

> ----- Original Message -----

> From: bpinfo@a...

>

> Sent: Monday, September 06, 2004 3:25 PM

> Subject: Re: [ ] FW: check for viruses

>

>

> In a message dated 9/6/04 3:37:51 PM Eastern Daylight Time,

fskelton@e... writes:

>

>

>

> I suggest that everyone WHO HAS MY PERSONAL ADDRESS IN THEIR

ADDRESS BOOK

> check for viruses in their compouter.

>

>

> or, rather than alarming everyone, we can just narrow it down to

New Jersey, as alluded to earlier. Specifically, someone on comcast

who is in or around Audubon, NJ. (The email headers tell where the

worm is from.)

>

> If you don't have an antivirus

>

>

> program you can do a free scan online at http://us.mcafee.com/

In the lower

> left of that page click " Scan Now " .

>

>

> nope, that is *probably* wrong. At least for right now. As I've

said, the worm is brand new (as of midnight this morning, according

to the time stamps on the worm files). As such, mcafee doesn't have a

definition on it as of this moment. At least not according to their

list of new threats, which shows only W32/Mydoom.t@MM as newest:

> http://us.mcafee.com/virusInfo/default.asp?cid=10007

>

> However, they might have the new definition at any minute.

>

> I'd expect this one to be somehow associated with the name

BlackWorm, since that string is in the virus itself - and there used

to be a Blackworm virus.

>

> So a virus scan done right now would give a false negative -

UNLESS the online scan also does 'heuristics' and the heuristics by

an odd chance do succeed in detecting this one.

>

> Btw, the (free) AVG is also not detecting it yet, even with

heuristics turned on. TrendMicro doesn't have it yet, either.

>

> --

>

> Ken

[Guest guest]

In a message dated 9/7/04 12:05:09 PM Eastern Daylight Time, jwwright@... writes:

I've got my spyware ordered. Any feeling about brand?

YEEEESSSSSSSSSSSSSSS!!!

Cancel your order Here's why:

Years ago, I extensively used Ad-Aware (when it was still free). It found some things, but none were important. So I stopped using it. But a couple of months ago, I downloaded a recent version (but am not 100% sure that it was ad-aware or it's #1 competitor) to just see what might have accumulated on my machine. After the whole process of download and install, it progressed to a certain point and then asked for money before actually doing anything. I thought that was deceptive, since no warning was given beforehand.

Anyways, I said "no" to the ~$20 or $30, whatever. Lo and behold, it ofered a cheaper price, I said "no" again and it eventually offered to do it for maybe $1. So, if you really want a spyware detector, that'd be the way to go... if you want best price.

Side note: I still keep an older version of M$ Media Player, because the newer ones, IIRC, "phone home". If I watch a video of a heart exploding because of bad nutrition, I'm not doing anything nefarious but I still don;t want Bill Gates to have a record of that.

--

Ken

[Guest guest]

In a message dated 9/7/04 11:54:35 AM Eastern Daylight Time, perspect1111@... writes:

FWIW, all free, try: Sygate Personal Firewall; AVG anti-virus; Ad-

aware; Spy Sweeper; and Spybot. But it seems I have somewhat more

recent equipment than you ; ^ )))

Rodney, please see my response to Jack on Ad-Aware and advise if this correlates with your experience on it still being free. I have only a casual interest in spyware detectors, and so don't want to mislead anybody. My experience with Ad-Aware is current as of 2 months or so ago. [Privacy is *very* important, but I haven't had a problem needing cleaning - UNLESS your machine starts acting inexplicaby funny and therefore spyware (like gator) might be a cause. In general, as you know, always say "NO" to any popup that asks, "would you like to install and run this program" unless you are sure you know that it is perfectly okay. Some of the absolute biggest threats to privacy were posed by M$ and Intel, both of which made attempts to assign a unique serial number to you and me, expressly to facilitate tracking - oops, I mean they wanted to do it for our own good. Uh huh].

Also, I run AVG lately, but went years without problem with no AV whatsoever. The reason? I refuse to use M$ Outlook as an email client, and so am mostly safe on that score alone.

Once upon a time, two summers ago, M$ programs on computers were being whacked by the millions with a virus. (It is very mostly Microsoft software that gets hit all the time.) In the midst of that, a news channel anchor was introducing Bill Gates to comment, the inro being as so: "And now, I'd like to introduce a man who knows more about computer security than anybody: Bill Gates". When all logic, reason, and respect for truth goes out the window (sic) like that, what can you do?

--

Ken

P.S. If you are using the default Czech server (free.grisoft.com) for udates with AVG, make a note of www.grisoft.com for use when the default server gets overloaded and you can't get in.)

P.P.S. AVG has a rep for not updating often enough. Avast is a new free one that supposedly does better on that score, *if* that is important to any particular person.

[Guest guest]

In a message dated 9/7/04 10:26:47 PM Eastern Daylight Time, cccucc@... writes:

does this work for Macs as well as PCs?

nope, sorry.

But searching the web shows:

http://www.google.com/search?hl=en & lr= & ie=UTF-8 & q=mac+firewall+free

which shows me:

http://www.mac-net.com/386482.page

which lists ZoneAlarm for Mac as free, with both anti-virus and firewall. If you try either, keep an eye for funny things happening, such as unexpected shutdowns or freezes. Uninstall if you end up with problems. I used to use ZoneAlarm on my PC, but stopped when it gave me such problems. ZoneAlarm was once the big dog in firewalls, and got a lot of early attention with its online service that actively scanned your computer for security holes (like trying all of your doors and windows to see if they were properly locked). But, modesty being put temporarily aside, I'd have to say that the online security scanner which I wrote after theirs was better, and many knowledgeable people agreed Pardon me But I did as a result learn the phrase "cabelznetwerk sicherheiten", which is about all the German I know.

(If you search, be aware that MAC also refers to "MAC address" which is a technical internet thing having nothing to do with Apple/MacIntosh.)

Good luck, but you can take a little assurance in knowing that most viruses/worms are geared toward PCs. You would not have been susceptible to the worm which appeared on this group.

--

Ken

[Guest guest]

Hi Ken:

I don't know whether AVG is still free or not. I just update their

virus list each week and run it and I haven't paid for it.

Sygate Personal Firewall is still free but they have made it very

difficult to find the free download on their website!

I have found that Ad-aware, Spy Sweeper and Spybot find different

problems that the other two do not find. So I run all three weekly.

I also have one piece of Spyware on my computer that none of them

find. I know because my firewall tells me when it tries to transmit

out. Probably we all have lots of them that no one yet has realized

are spying on us.

Rodney.

> In a message dated 9/7/04 11:54:35 AM Eastern Daylight Time,

> perspect1111@y... writes:

>

> > FWIW, all free, try: Sygate Personal Firewall; AVG anti-virus; Ad-

> > aware; Spy Sweeper; and Spybot. But it seems I have somewhat

more

> > recent equipment than you ; ^ )))

>

> Rodney, please see my response to Jack on Ad-Aware and advise if

this

> correlates with your experience on it still being free. I have only

a casual interest

> in spyware detectors, and so don't want to mislead anybody. My

experience

> with Ad-Aware is current as of 2 months or so ago. [Privacy is

*very* important,

> but I haven't had a problem needing cleaning - UNLESS your machine

starts

> acting inexplicaby funny and therefore spyware (like gator) might

be a cause. In

> general, as you know, always say " NO " to any popup that

asks, " would you like

> to install and run this program " unless you are sure you know that

it is

> perfectly okay. Some of the absolute biggest threats to privacy

were posed by M$ and

> Intel, both of which made attempts to assign a unique serial number

to you

> and me, expressly to facilitate tracking - oops, I mean they wanted

to do it for

> our own good. Uh huh].

>

> Also, I run AVG lately, but went years without problem with no AV

whatsoever.

> The reason? I refuse to use M$ Outlook as an email client, and so

am mostly

> safe on that score alone.

>

> Once upon a time, two summers ago, M$ programs on computers were

being

> whacked by the millions with a virus. (It is very mostly Microsoft

software that

> gets hit all the time.) In the midst of that, a news channel anchor

was

> introducing Bill Gates to comment, the inro being as so: " And now,

I'd like to

> introduce a man who knows more about computer security than

anybody: Bill Gates " . When

> all logic, reason, and respect for truth goes out the window (sic)

like that,

> what can you do?

>

> --

>

> Ken

>

> P.S. If you are using the default Czech server (free.grisoft.com)

for udates

> with AVG, make a note of www.grisoft.com for use when the default

server gets

> overloaded and you can't get in.)

>

> P.P.S. AVG has a rep for not updating often enough. Avast is a new

free one

> that supposedly does better on that score, *if* that is important

to any

> particular person.