possible virus attachment hybris.dll

I just received an email from hybris.dll@mm, with the subject line u sample desktop sample, which as soon as the mouse is put over it it opens and asks you to open the file.

sounds very dodgy to me

This message was edited Tuesday, Sep 18th 1:26 PM

Thanks for the warning Mark

Don't even open any attachment from anybody, that you were not expecting to receive!

Dave

Even if it's someone you know. If your friend is infected, it will appear that they sent it to you on purpose, but that may not be the case.

That's right, Martyboy. If you weren't expecting the attachment, even if it's from someone you know, don't open it.

And, if you are going to send someone else an attachment, send them a separate E-mail first, saying something like: "Hi, I'm going to send you an attachment. It's a word document that has my secret seed tradelist that only you can see". Then send it along.

Dave

Will keep an eye out for it....
-JSS

Thanks for the tips'''Sis'

On the virus subject...I'm with a company of 2500 people and our network has been down since 9am this morning due to "virus-like symptoms", according to our MIS dept. I'm the senior telecommunications analyst here and they won't even tell ME what's really going on...but I've heard they are working with Symantec to work it out. We had this problem with the Code Red virus several weeks ago.

This message was edited Tuesday, Sep 18th 2:04 PM

Martyboy: It's a new virus, just found this morning. It's a real "worm", not a virus, and it's causing havoc on all Windows servers on the internet.

Dave

They just confirmed it...It's called w32. something or other. It's really giving us a hard way to go right now. You'd think we'd be a little better protected than that.

Here's what they say we have (by the way, I'm using my "backup" connection right now...NetZero...LOL..:

NIMDA.A, W32/Nimda.A@mm

Description:
This Trojan spreads via email with an attachment readme.exe. It drops the file mepXXXX.tmp in the C:WindowsTemp directory, which is an eml format mail. This temp file contains the file attachment sent by the worm.

Quick note: Every server on the internet is affected by this, but only Microsoft run servers are actually being compromised.

The additional traffic between all the infected Microsoft servers is what is affecting those of us who aren't using Microsoft.

In other words... if there wasn't a single Microsoft server on the internet, this worm would be harmless.

I'm not trying to slam MS... Just letting people know that security problems like this are inherent with Microsoft's sloppy security. Corporations should think twice before trusting their systems to an untrustworthy piece of software.

Dave

Dave what if you have Norton anti virus system dose it still get through. FP

Hey Dave...come over and help these guys out!...LOL We're STILL down. No email, no file shares...and now they are telling us not to connect to the network AT ALL...until they get a cure for the virus. There's a whole lot of money going down the tubes...and fast. I'm using a dialup to Netzero, so I won't be around as much today.

Martyboy, you can thank your IS department and the upper-level mgmt who decided to use Microsoft's untrustworthy software for their servers, rather than a trusted solution like Unix.

Dave

We have a ton of Unix boxes around here too...but there are also a boat load of Win2K machines as well...mainly laptops. IIS doesn't get installed unless you check the box to install it when you install Win2K..correct? Maybe they shouldn't have installed IIS on everyone's Win2K machine from the start. Plus, we have a lot of techies around here and they have their own thing going on...like running a webserver from their workstation. I think this is just as much of a case of lack of control, as much as it is a problem with MS. I agree MS has problems, but our company should have been more proactive. Imagine if I had the phones and voice mail down for this long...they'd have my head on a platter. They got bit by the original Code Red a few months ago. You'd think they would learn their lesson.

Martyboy: In my opinion, you are letting Microsoft off the hook too easily. They have a monopoly, and at the same time they are not giving their customers good service.

A webserver should be secure, period. You can't blame your tech people for running web servers on their workstations. There shouldn't be anything wrong with that. The webserver itself should be secure.

Worms like this virus are constantly pointing out the need for better security from Microsoft, so why aren't we getting that? It seems like there is a new virus every week, and Microsoft releases a patch to stop that virus, and then a new one comes up next week.

Why no viruses for Linux/Unix? Because it is secure, with no nooks and crannies where a system can so easily be compromised. :-(

It astonishes me that folks don't understand that Microsoft is responsible for these viruses. Viruses should never happen. Ever.

Dave

oh dave, had we the public only realized that in the beginning. It was only you techie guys that could see that way back so long ago.

Hey Dave...maybe XP will fix all of our problems...you think? LOL I doubt it.
Yep, they have trouble and that's a problem. But, if this company chooses to use MS, then they need to take more precautions. One thing we did where I used to work was strip off any attachment that was not a Word doc or image file for example. We definitely stripped .exe files. We should at least do that here. There's no reason I can think of for employees to be sending executable files back and forth via email. If they really need to, they can zip it first and then send it. At least that would help out some. Most of the culprits that are responsible for opening these attachments are the HR and Sales types. Boy, if we could only get rid of them...LOL I agree with you that MS has problems they need to work out. Hopefully they will do it sooner, rather than later. Have you read Steve's statements on GRC.COM? It's very interesting. (I think his name is Steve.) It would be nice if we had more people with his skills to go after these idiots who continue to illegally exploit MS and cost the business community millions of $. But again, I agree MS needs to get their act together and stop it from happening in the first place.

We agree on both parts, Martyboy. Just because Microsoft makes it so easy for people to exploit their software, does not free the virus makers from blame!

Regarding your statement: "maybe XP will fix all of our problems". Of course, you followed it with a "LOL", but the entire city of Lenoir City heard me scream in frustration. First, it was "maybe DOS 6.0 will fix all our problems". Then it was "Windows 95 is going to fix everything". Then, "Windows 2000 is Microsoft's final win". Now, W2000 is here, and everyone is hoping XP will solve their problems.

Sorry, but it's been like 15 years now, and Microsoft has demonstrated very capably that they are not interested in making security a high priority. Why should they? They have a monopoly.

I thank God I still have a choice on the server, where I can still run Linux and interoperate with the rest of the world. Microsoft is trying to change even that. There may be a day when, if you want to run a webserver, you don't have a choice but to use Microsoft, just as it is on the desktop. Thankfully there are still some out there who care, and are trying to prevent this from happening.

Cheers (and trying to smile)

Dave

On 8/5 I had a icon appear with all kinds of stange letters.I deleted immediately.Has any one seen this happen.I did not open any attacements but did get a few loan e-mails.I have Microsoft ME.

hey martyboy, can you point me to the av program you're using? I have one, but not sure it covers this.

I'm using Norton Antivirus. I don't think there was a cure for this latest virus when it came out the other day. We are STILL down right now at work. I think they have us shut down on purpose while they track it down so it doesn't propagate itself anymore...and then they will bring us back online.
You can go to www.antivirus.com and they have a free online scanning tool you can use. It's usually the most up to date, but the first time you do it, it may take away to get it setup. Go to the home user and free tools section.

Hemental - Gotta know why that username. ;-)

Without more info about the icon you saw, it's hard to say what it could have been. If you installed any software or downloaded anything off the web, that might explain it, but who knows...

Go to Symantec.com (Norton Antivirus) at http://www.symantec.com and download the demo version of Norton Antivirus 2001.

Run it on your system and check it out. That's the only way to know for sure - virus scan your system.

You can also scan your hard drive for viruses and trojan horses right from their site by going here: http://security1.norton.com/us/home.asp?j=1&langid=us&venid=sym&plfid=20&pkj=VPTIVVBENOTGXIBVEMB

For the online virus scan, you will need to have ActiveX enabled on your browser. Symantec has more information about that on their site.

HTH!
Kimberley


This message was edited Wednesday, Sep 19th 7:43 PM

Our internet was down all day at work because of this nimda worm. Our computer guys had posted that Microsoft has an antivirus program at their web site for home users to download that will take care of this thing.

If you're still watching this thread Dave, you may find this amusing. Our IS dept had told everyone that they would have to have their PC's partitions wiped out and then reformatted and then a reload of Windows. I had most of my stuff backed up anyway, so I didn't get too upset about it. But, there are a lot of people who would have lost a large amount of important data. They appear to have backed off some and are now saying they will review each machine one by one and determine what to do after that. Since we aren't using an Exchange server for everyone yet (we're converting) that would mean all of your saved email would be wiped out too because we don't store it on the server (unless you keep a copy yourself)! There are close to 1500 people at the main office. So anyway, I got the message not long ago that my laptop is done. In the meantime, we still have no VPN or dialup connectivity to our network while they figure all this out (they won't allow anyone to reconnect until they touch every machine). So far we've had 2 full days of no network at all. That's big $. I did see what the virus does though. On the C drive under inetpubscripts, it puts a bunch of files there. I've seen my boss's laptop get infected just by having it connected to the LAN and IIS running.

I'm still watching the thread, Martyboy, and I couldn't find any humor in your post. It's really sad. :-( Millions of $$$ are lost each time this happens, and it's all because of Microsoft's pitiful security. :-(

Dave

Dave,...I'm beginning to get the feeling you prefer Linux?...LOL

Slightly. ;-)