Sorry that this is off-topic, but I thought that I should warn my fellow forum members. Last night I received an email entitled "hi, it's me" from supposedly a paul.douglas at cox.com. Norton antivirus did not recognize it as a virus or Trojan so I opened it. The message said "I have your password ". It had an attachment, so immediately alarms went off in my head. I decided to quarantine it and send it to Symantec (Norton) to be analyzed. During this process I guess that I inadvertantly clicked on it, and up poped Norton Password Manager. I immediately attempted to shut down my internet connection, and them my desktop photo disappeared.

After shutting down the connection I attempted to scan my computer for viruses. My virus program would no longer work. I went back onto the internet to the Symantec web site and did an online virus scan. No viruses or Trojans were found.

Then came the horrible part, photos and documents started disappearing from My Documents, only to be replaced by folders with random letters for names that contained only a blurry image of a notebook page. By this time I was not a happy camper. I unhooked and unplugged my computer, and spent a good part of the night on my wife's computer and the phone changing passwords to important web sites and canceling the credit card whose information was stored in Norton Password Manager.

Today was spent getting the local computer repair center to check my computer. It turned out that the email attachment was a type of the My Doom virus/Trojan. I lost about 2/3 of my photos and files. Naturally it had been about 4 months since my last backup of these files , so many will be lost permanently.

Moral of the story, Never trust a virus program to be 100% accurate, and never open (even accidentally!!!) any attachment that you are unsure of. Note to self, "You idiot-when are going to learn to do regular backups!!!!!?"

Maybe my experience will prevent someone else from going through what I did. I certainly would not wish this on anyone . By the way, when does the season open on computer hackers and what is the bag limit? Do you use a medium or a big bore, a bolt or a double, softs or solids, or maybe you just reach out and touch them with a 50 BMG ?

mbogo375,

Sorry to hear about your problems. I know this spam and virus business is getting out of hand.

We have talked about this sort of thing on these forums, but probably not on the African Forum.

I get at least 1,000 email messages a day. At least 90% of them are spam. I have tried using spam filters, but found out they cannot work for me, as the best ones are those that use what they call a "white list". This means they will only allow mail from people who you have pre-approved.

Getting mail from members of our forums did not get through.

So, I removed the spam filters, and found the best way is to log into my mail servers website, look at the senders and subject line, and if I do not recognize either, I delete the messages.

This I do with the browser, rather than a mail program.

The list ends up much shorter, and then I log in and download the message which are relevant to me. At this time I use my mail program - Eudora - and download them.

Also, as an additional precaution, I delete any message with any attachments, unless I know where they are coming from.

This proceedure has worked for me so far.

I would prefer up close and personel. Something like a hot poker up the ass.

Dave

Mbogo375 and all



This is the MYDOOM virus that started spreading last week . I know Mcafee has updates to account for it but not sure about Norton. It is a nasty worm and current estimates have over half the PC's in the world exposed. please all be very carefull with incoming email ! some times even seemingly familiar names and subject lines are not safe as the worm can mimic things found in the senders address book.

Tux rocks...

Got root?
Scott

Saeed - Regarding SPAM...we have been working with Sunbelt IHateSpam's latest version (ver 1.5, Server Edition), which is MUCH better overall than the previous one. Detection is greatly improved, and false-positives are reduced. A threshold of 150-200 seems reasonable. It also allows one to build an exclusion list that does not flag words commonly used within your business. Users still needs to check the "quarantine folder" from time to time and add to the "white list", but this process is easier too by a new "Outlook form" that manages the white and black lists.

Regards, Bill

I was hit with a MYDOOM virus a few weeks ago and it literally destroyed my computer.

We tried in vain to get it off (with the same results as Mbogo375) and finally had to transfer all non-corrupted files to my wife's computer, pull the CD burner out and re-install it in her computer (half a day's work) and start over.

As a side note, be careful about opening or responding to e-mails stating a need for information about bank/credit card accounts, or services you susbscribe to--for example, we are on Earthlink, and frequently get e-mails saying we need to re-verify our account information, or that the credit card we used to pay the monthly connection bill is about to expire and we need to re-enter the information with a current expiration date. These messages APPEAR to come from legitimate sources but in reality are spammers trying to get SSAN's and credit card numbers so they can steal from us!

We talked with Earthlink and they stated they would never e-mail us for information--they have put warnings on their web site.

Most recently we received an e-mail supposedly from PayPal, the internet escrow service used to pay for e-transactions, especially auctions like eBay. It said our account was being accessed by a 3rd party and we needed to re-verify information. This was another attempt to gain information in order to steal.

It is now our policy never to open attachments from people we don't absolutely know, and never to give out information about accounts via the Internet--only by phone to a number we are SURE goes to the actual vendor.

Knock on wood, it can happen to me, but so far I've avoided the bullet. I don't use anti-virus software, doesn't seem to help much of the time anyway, BUT I tell everyone I know that they MUST send a relevant subject line or I'll delete it in a heartbeat. I expect the same treatment for them and tell them I will ALWAYS have a current subject line. If I don't know them and the heading is not specific, or it is any kind of "general" greeting it's gone. Of course, I'm not running a business, so don't expect or have to respond to unknown senders.

Bill,

Thank you for the information.

I have been using Eudora ever since I got connected to the Internet.

But, my main concern is getting the email sent by members of our forum through. So the method I am using right now seems to work most of the time.

Attachments are the worst culprits, and these I don't even bother with them unless I know where they're coming from.

Sometimes, it is very easy to see that a virus is going around. As one can see several attachments, of roughly the same size, from different senders. This means hit the DELETE button quickly, and so far I have never gotten a virus yet.

Walter seems to get infected quite often. So he has tried to use LINUX, and after a few days gave up and went back to XP.

I will be very happy to feed those idiots who write the virus to our crocs - preferable alive!

There is a really simple solution to most all this virus stuff - Apple Computers. 99% of all this crap is directed towards Microsquish and their sorry a** operating systems. I bought my first Apple about 4 months ago and couldn't be happier - all those supid dll's and exec programs can't run on the UNIX operating system. Personally I'll never buy another Windows computer...

I'll have to second Hunt4Fun's Apple MacIntosh suggestion. As a very long time MS Windows user, my switch to the Mac was easy and very rewarding. Seems cleaner, leaner, more efficient, not to mention more fun to use.

I got one too, just the other day, it's a damn worm, Norton sniffed it out:

Quote:

---

Norton AntiVirus removed the attachment:
ranking.com.
The attachment was infected with the *W32.Netsky.B@mm* virus.

---

It was from "samzb@aol.com" (bogus) and was titled "fake".
The message text said "here, the serials"

Virus description

Another hack to watch out for is having your browser hijacked: Hijacker description

Mbogo, I'm sorry I did not post this sooner, but just had to deal with this issue for a client. If you have not already scrubbed the hard drive and started over, there may be hope.

The MYDOOM/F virus does indeed delete images as well as .doc (Word documents) and .xls (Excel Spreadsheets) files. However, there is a $40 program that can recover these files from the hard drive, as when they are "deleted" they are not really deleted until the space on the drive is re-used. MYDOOM/F simply deletes the files and does not "fill the space", and unless you reloaded the operating system or ran disk utilities, the images should be recoverable. I don't have the package name handy, but pls email me if interested and I'll get it for you tomorrow. Regards, Bill

Gentlemen, thanks for the commiserations. I got another suspicious email today, but you can bet that it went straight to the trash . It still wasn't flagged by my antivirus program, but had a zipped attachment.

Bill C,
Thanks for the reply. I will email you, but I am afraid that I don't know exactly what utilities the repair center may have used. It would certainly be worth a try. If it makes any difference the version was W32.Mydoom.F @mm.

Jim

Once you go Mac, you never go back!!

Mbogo375... your virus scan will not pick up most of the virus' sent till they execute... ie till you open them, then they will be intercepted and quarenteened... the best thing to do is take a few minutes and do a live update every 2-3 days if you have Norton... I'm not that familiar with the others as I've been strictly Norton for years... but by keeping any of them updated on a regular basis and screening incoming mail, looking for stupid stuff in the subject line etc you can eliminate 99.99% of all this mess...

BTT