Anyone heard about this bad virus?

Last night a friend of mine got his computer infected with a virus. He opened an email from a trusted source, it had attachments, pictures of
his friends dogs. AVG put up the notice that a virus threat was detected and asked if it should it be moved to the vault. So my friend clicks yes and then instantly he gets the message across the bottom of the screen "HARD DRIVE FAILURE". So he shut the computer down and called his friend from whom he recieved the email. This guy knows computers pretty well and even though his email contained the virus none of his computers were infected. Anyway, he told my friend to restart his computer and press the F2 key. He does that and the BIOS recognized his hard drive. So he thinks that the drive is probably OK but is taking it to a local computer repair place to have them fix the drive. I use AVG and Agent. He uses Yahoo and Outlook AVG. This virus is bad enough that I'm leery of opening any emails even from trusted sources. Comments anyone? Eric
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
snipped-for-privacy@whidbey.com wrote:

Hi Eric,
Most likely explanation is that this email did not really come from your friend. It probably came from someone else who DOES have the virus and has your friend's email address in his address book.
That's often how these things work.
But for better protection, dump AVG immediately and get a subscription to Vipre.
When I got hit a few weeks back (an Earthlink security issue actually) Vipre was the only one that could identify the culprit. I'm very happy with it and it's not expensive at all.
http://www.vipreantivirus.com/Software/VIPRE-Antivirus /
Oh, lastly, your hard drive is probably just fine, but getting that crud scraped off may be a challenge.
--

Richard Lamb
http://www.home.earthlink.net/~cavelamb
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
wrote:

That vipre looks pretty good, $50 for apparently unlimited pyooters -- which almost seems too good to be true.... The tech help, if true and useful, is a big plus, as well.
I use TrendMicro, and just recently got a trojan in a windows dll that can't be eradicated by the program, and of course they won't tell you what to do.
Trend is better than the virus we know as Symantec Norton -- a shitty ripoff company if there ever was one -- but I think Trend is getting too big for its britches as well.
--
EA


>
>
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On Wed, 25 May 2011 15:47:49 +0000 (UTC), snipped-for-privacy@whidbey.com wrote:

They'll probably use a high-dollar viruscanner and find a few dozen virii the others missed.

Update your virus definitions daily (at minimum) and use a backup check at least weekly to catch those the first one missed.
I use Microsoft Security Essentials (Norton -is- a virus, McAffee has been totally unreachable in an emergency (for a client), AVG and Avast missed some data logging virii in the past) along with Advanced System Care.
And usually, when I'm downloading something, I keep a copy of Task Manager open to close virus installers without using the keys in that affected program.
-- Education should provide the tools for a widening and deepening of life, for increased appreciation of all one sees or experiences. It should equip a person to live life well, to understand what is happening around him, for to live life well one must live life with awareness. -- Louis L'Amour
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
Virus scanners do not detect webpages with fake scanners on them. When you hot "OK" you have installed it.
--------------
"Larry Jaques" wrote in message
Update your virus definitions daily (at minimum) and use a backup check at least weekly to catch those the first one missed.
I use Microsoft Security Essentials (Norton -is- a virus, McAffee has been totally unreachable in an emergency (for a client), AVG and Avast missed some data logging virii in the past) along with Advanced System Care.
And usually, when I'm downloading something, I keep a copy of Task Manager open to close virus installers without using the keys in that affected program.
-- Education should provide the tools for a widening and deepening of life, for increased appreciation of all one sees or experiences. It should equip a person to live life well, to understand what is happening around him, for to live life well one must live life with awareness. -- Louis L'Amour
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
The virus notice was the virus. Usually written in HTML or some other browser code and when you accept the scan or retaliation action you are installing the binary code from another website.
This virus detection virus happens all the time now. When you get it, hit <control alt delete> and kill the process. and you should be fine. Never accept the action as your scanner will not report it and ask anyway unless you have a stupid one.
They are all set up to look like your real AV scanner.
---------------------------
wrote in message
Last night a friend of mine got his computer infected with a virus. He opened an email from a trusted source, it had attachments, pictures of his friends dogs. AVG put up the notice that a virus threat was detected and asked if it should it be moved to the vault. So my friend clicks yes and then instantly he gets the message across the bottom of the screen "HARD DRIVE FAILURE". So he shut the computer down and called his friend from whom he recieved the email. This guy knows computers pretty well and even though his email contained the virus none of his computers were infected. Anyway, he told my friend to restart his computer and press the F2 key. He does that and the BIOS recognized his hard drive. So he thinks that the drive is probably OK but is taking it to a local computer repair place to have them fix the drive. I use AVG and Agent. He uses Yahoo and Outlook AVG. This virus is bad enough that I'm leery of opening any emails even from trusted sources. Comments anyone? Eric
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 5/25/2011 10:47 AM, snipped-for-privacy@whidbey.com wrote:

The best defense for viruses I have heard of (and what I use) is as follows:
1) to put in a second slave drive (of a different size than the main drive) to the computer, store all your important files on that. The reason is that many destructive viruses will scramble the file system index, but only of the main hard drive (that the OS is running off of). When you reformat an infected system, the reformatting software will show the hard drive sizes, so you can tell from that which one is which. .... Also, just making a separate partition on the same drive, is not the same thing as adding another physical hard drive. You need to get a second hard drive installed, so that it resides on another disk controller.
2) run an antivirus, anything that is current (I use the Microsoft free one) but do not expect it will save you every time. No antivirus program catches everything all the time. Go to any support forum for any antivirus program and you will see plenty of people outraged about the one virus the program did not stop.
3) use Firefox with the NoScript plugin, which will block a large number of javascript attacks. Only give actual websites permanent NoScript permissions, and look through the NoScript whitelist every now and then to make sure nothing is in there that shouldn't be. Don't use Internet Explorer at all. For email, don't use Outlook, Thunderbird is a safer alternative.
4) install the Adobe and the Foxit PDF readers, but DO NOT set either Foxit or Adobe reader as the default PDF plugin. The reason for this is that then whenever the browser gets a PDF file, it will stop and ask you which one to use. If you know the file source is trusted, use Adobe to view it--otherwise, use Foxit. Foxit does not have all the features that Adobe has, but Foxit also doesn't have the virus vulnerabilities that the Adobe plugin has either.
5) lastly, expect failure. Have the OS system disk and all your siftware CD's/registration info in one place, so you can easily reinstall everything when you need to. You can easily spend 2-3+ hours chasing down a virus, trying to figure out exactly what it is and how to remove it, and even then you cannot be sure that it is 100% removed or that it didn't let something else in,,,,,,,, or you can reformat the MAIN hard drive and reinstall everything in ~1 hour, and then you can be certain that the virus is 100% gone. Which makes more sense?
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

I have a slightly different system. The Windows OS and My Documents etc are on separate partitions if the computer holds only one drive, like this laptop, otherwise they are on separate drives. I use the free Seagate or Western Digital version of Acronis True Image to back up the OS drive or partition to an external USB drive periodically, usually after scrubbing out the junk before manually installing software updates. The non-OS drive or partition can be simply copied to the USB drive. This separation keeps the size of the OS backup reasonably small so it might fit on a flash drive or DVD.
Acronis lets you make a bootable CD or flash drive (128MB is enough) that you can boot if the hard drive becomes corrupted or invisible, assuming you have placed them in the boot sequence. Recent versions of Acronis will detect the external USB drive and show you the date- stamped backups stored on it. Follow the instructions to restore the OS partition, even onto a new bare drive.
Both versions need to find at least one drive of their own brand, which can be the USB one.
jsw
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 05/25/2011 10:47 AM, snipped-for-privacy@whidbey.com wrote:

Comments anyone? Well, so far the best virus protection I know of is to run Linux instead of Windows. I have had my server hacked a few times, but never had event the slightest problem on my desktop machines. part of the problem is that Microsoft assumes it should run any program that is sent to you, whereas Linux assumes you DON'T want to run a program unless you specifically say to. Of course, the second thing is that a MS OS-executable virus won't run on Linux, but even the Java scripts usually try to do something that is not permitted under Linux.
Jon
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

I run Linux on desktops and servers, and I was never hacked.
i
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On May 25, 6:51pm, Ignoramus23924 <ignoramus23...@NOSPAM. 23924.invalid> wrote:

I need to stay in practice to administer clients' lab computers, generally former front-office machines.
The last time I used a Linux system at work I was yelled at for knowing and using more of it than its owner did.
jsw
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
Ignoramus23924 wrote:

I run CAD and video software that won't run under Nix...
So there!
--

Richard Lamb
http://www.home.earthlink.net/~cavelamb
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
CaveLamb wrote:

Yup, I have a number of CAD applications that need some kind of Windows. So, I run Win 2K Pro as a guest OS under Linux via VMware, and never do web surfing using the Windows system. Win 2K runs reliably for months in this environment, much better than it does on real hardware.
Jon
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
Ignoramus23924 wrote:

hacks allowed alterations of the scripts that would be called to run a remote print job. Apache also had a vulnerability.
There were also a few other unsuccessful attempts that scared me, but nobody was able to do much except use my system to store files for nefarious uses. I had a wiki here for a while, but shut it down when it was used that way.
Anyway, I installed denyhosts and set very tight limits on failed login attempts, and it has been enormously successful in keeping the hacker botnets locked out. Each IP in a botnet only gets two login failures every 2 weeks, if they exceed that then that IP gets locked out for months. The botnets actually probe to find the limits of my security, I can see them limiting their probing to stay off the hosts.deny list, but at that rate they will NEVER crack my passwords. Active accounts are EXTREMELY limited on the server.
But, a desktop behind a firewall with bare minimum servers and no IP access to the WAN should NEVER be able to be compromised. If it is, then it is due to appallingly stupid OS security. It is totally incomprehensible why MicroSoft is STILL having vulnerabilities discovered in their OS after all the publicity of their weaknesses.
Jon
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
You haven't experienced Win 7. Nothing runs unless you have OKed it now or before as a rule.
HTML code and Java run and that is what these viruses are written in until you install the meat and potatoes of it by clicking to "SCAN" or "clean" then out. These viruses emulate and look exactly like your installed scanner and fool the user.
Linux and other rare O/Ses are only behind in development of nasties as their isn't a large enough audience to warrant grandstanding to them.
----------
"Jon Elson" wrote in message
Comments anyone? Well, so far the best virus protection I know of is to run Linux instead of Windows. I have had my server hacked a few times, but never had event the slightest problem on my desktop machines. part of the problem is that Microsoft assumes it should run any program that is sent to you, whereas Linux assumes you DON'T want to run a program unless you specifically say to. Of course, the second thing is that a MS OS-executable virus won't run on Linux, but even the Java scripts usually try to do something that is not permitted under Linux.
Jon
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
Josepi wrote:

Or large enough base to warrant useful applications, for that matter...
--

Richard Lamb
http://www.home.earthlink.net/~cavelamb
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
Josepi wrote:

Right there is a good reason to run Linux. Reducing the size of my "target" is a perfectly good strategy!
Jon
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
Ran the "oddball" O/Ses back in the 80s and fought the sheeple. The support was very poor and the apps were very low in quantity. Had enough.
Now I stick with the massive support base O/S and the crowd. Done fighting only to be obsolete every year and replacing worn out wallets..
--------------
"Jon Elson" wrote in message
Right there is a good reason to run Linux. Reducing the size of my "target" is a perfectly good strategy!
Jon
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 2011-05-26, Josepi <J.R.M> wrote:

    There also isn't as much of the "If this is executable, let's run it and *then* ask the user whether he *wants* it to run." philosophy. And things which are executable, but don't *look* executable, such as ".scr" (screensaver) files. And, based on some virus e-mails which I have received, also you can have something with an extension for something like an image (e.g. ".jpg", which actually is a ".exe" file (as determined by the "magic numbers" embedded, and apparently, the e-mail program does not pay attention to the extension and pass it to the proper program, but instead tries to execute it, depending on the system to pass it to the proper program -- thus cheerfully running the virus for you. :-) (Yes, I have seen these, but I don't use Windows to read e-mail -- or do much of anything else. :-)
    Enjoy,         DoN.
--
Remove oil spill source from e-mail
Email: < snipped-for-privacy@d-and-d.com> | Voice (all times): (703) 938-4564
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
wrote:

I just wanted to say thanks to everyone who posted comments about the virus I posted about. It turns out that my friend did indeed recieve a hijacked email. Even though it looked like it came from his friend with pictures of his dogs his friend had not sent my friend that email, instead, he had sent it to someone else and somewhere along the line the email was hijacked. And also, when my friend clicked on the message about whether to put the virus in a vault that was when the virus did its dirty work. It's nice to be able to get some good info from several folks about things which I don't know so much about. Niether does my friend. When I told him what I read in the posts he confirmed it all because that's what the computer repair place told him. Eric
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

Polytechforum.com is a website by engineers for engineers. It is not affiliated with any of manufacturers or vendors discussed here. All logos and trade names are the property of their respective owners.