Attention!!! Virus Warning Virus Warning

  1. 1. DELETE EMAILS FROM SUPPORT@MICROSOFT.COM

    This issue of WOW is going out earlier than usual because we wanted to make sure all our readers knew about the latest email worm doing the rounds.

    If you get a message from support@microsoft.com, and it has an attached file, don't open it.

    I know I sound like a broken record, but SoBig/MankX/PalyH, a newly revitalized virus with three different names, is making the rounds. Most people get infected by opening (actually, running) a file attached to an email message. The message claims to be from support@microsoft.com. Of course, it isn't. Microsoft never, ever sends out patches attached to email messages. Never.

    Usually the attachment is a PIF file which recent versions of Outlook won't let you directly execute anyway, but some people will manage to bypass the protections in place.

    I know that quite a few of you are infected because I'm getting bunches of PalyH messages.

    Quick check: right now, look in your Windows folder for a file called msccn32.exe. If you have it, you're infected. Run over to http://securityresponse.symantec.com...obig.b@mm.html and pick up the free removal tool.

    Even if you're not infected and your version of Outlook blocks PIF files, you should get the latest anti-virus update anyway. Most AV software would have been updated in the last day or so to deal with this new nastie.

    Normally the infected message has text saying 'all information is in the attached file' in an attempt to lure you into opening the attachment. The attachment name varies but always ends in .pif.

    The email subject varies, we've seen 'My Details' 'Cool Screensaver' 'Screensaver' 'Approved (Ref: nnnnn)' 'Movie' and there's doubtless other variations around and coming.

    Any email from support@microsoft.com should be deleted immediately.

    Even if Microsoft did use that address to send messages in the past you can bet they'll never use it in the future
    •  
  2. 7 Comments

  3. by   gwenith
    Thankx Betts you are a real Trooper! I have sent this thread on to all my e-mail freinds.
  4. by   nowplayingEDRN
    Thanks fo rthe heads up betts!! Kudos to you
  5. by   USA987
    Thanks Betts! I actually found this virus in my mailbox this a.m. It was detected and I deleted it right away!!!

  6. by   Rustyhammer
    This is why I run 2 anti-virus programs.
    -R
  7. by   Jay-Jay
    Belt AND suspenders?? LOL! Wise man!
  8. by   tattooednursie
    Don't people have better things to do with their time then try wrecking other peoples computers? Gee Whiz, they need to get a hobby or something. thanks for the warning.
  9. by   betts
    Rusty and others.........READ>

    By Al Fasoldt
    Copyright 2002, Al Fasoldt
    Copyright 2002, The Post-Standard

    Can you go too far in protecting your Windows PC from viruses and other dangers? This excellent question comes from reader Jim Hollands.
    "Over the past year," he writes, "I have become so concerned about viruses that I am wondering if I am over protecting my computer, thus hindering its performance. I use Norton AntiVirus, with automatic updates, AVG antivirus software, also with auto-updates. I use the ZoneAlarm Pro firewall, a program called Ad-Delete to get rid of spyware and one called Ad-Aware, which you have recommended, to do the same thing.
    "I have Windows XP. and to the best of my knowledge my computer is clean. I also am not in the habit of opening unknown e-mails, and I have the preview option turned off (I have to double-click to open them). My question is -- am I over-protected? And if so, which programs would you suggest deleting?"
    Hollands uses the Road Runner cable Internet service. It is always on and therefore exposes users to more danger than a dialup system. He probably is going a little far, but he's doing the right thing. He's missing only two protective measures, which I'll describe shortly. First, let's look at what he's arming himself with.
    He's put a wall around his Windows PC with ZoneAlarm Pro, a highly regarded software program that hides his PC from Internet interlopers. ZoneAlarm Pro also blocks inside jobs, too; it tries to keep sneaky programs that got through the firewall from sending signals back out to their home bases.
    He's using good antivirus software. But he doesn't need two of them. They'll interfere with each other if they are each checking files in the background. I prefer AVG over Norton, partly because AVG is free -- updates are free, also - and because AVG comes from a company that cares about what it is doing.
    I haven't used Ad-Delete, but I depend on Ad-Aware to clean out spyware. They don't run in the background (you run them now and then to find and erase programs that spy on you), so there's no conflict. Having two is OK.
    One measure I'd add is a hardware firewall. There are many consumer router-firewall devices to choose from. My favorite (and the one I have used for many months) is made by Linksys. Go to a good computer store and ask for a Linksys router-firewall. They'll know what you are talking about.
    But what's also missing is a script blocker. Because Windows wasn't designed to be secure, corporate, university and individual Windows users need to do something on their own to plug a gigantic hole in the security of all Windows computers. They need to install a script firewall, so to speak.
    How dangerous are scripts? They're the standard way that most worms (a form of computer virus) infect Windows PCs. I prefer Script Sentry, a free script blocker. I refuse to run any of my Windows PCs without it.
    Hollands will gain more than safety by using a script blocker. He'll be able to use the preview pane in Outlook (or Outlook Express) again, because the real danger of the preview pane is that it allows Windows to run ANY script in a message whether you have opened it or not. (Simply viewing a message is enough to tell Windows to run any script hidden in the text, and that's how Windows computers get infected.) A script blocker restores safe functionality to the preview pane.

close