Hi,

Can everyone please scan their computer for viruses using the product of your choice, online via web browser:

http://housecall.trendmicro.com/ Or

http://security.symantec.com/sscv6/vc_scan.asp

Or Download

AVG's Free Anti Virus http://www.grisoft.com

==>EDIT<==
Online Trojan Test:

http://www.anti-trojan.net/en/onlinecheck.aspx

Userfull tool
http://216.180.252.218/~spywareinfo.com/downloads/tools/hijackthis.zip



Regards,

Richard

Clean here.....

I run Antivirus, updated at least twice a week, 2 anti trojan and 2 adware/spyware progs and keep my software patches up to date to ensure I do not cause this sort of havoc. I am reasonably certain that most persons who read this forum do something similar.

But what about the bloody idiots who just go "Der?".

Maybe we could send them an email to pull their head out of the sand and be responsible?

:D

Clean with AVG, and Trend Micro. Thank goodness, i'd hate to be the one breaking everyone else's connections.

DSL_ENG,

You can presumably see the IP address of the offenders. It might be worth giving each one a call.

BTW, I use VET (updated daily), The Cleaner and AD-Aware.

Originally posted by DSL_ENG
Hi,

Can everyone please scan their computer for viruses using the product of your choice and:

http://housecall.trendmicro.com/


Regards,

Richard

Why should I use Trendmicro's products ?

Originally posted by dazzling9
I run Antivirus, updated at least twice a week,

I am reasonably certain that most persons who read this forum do something similar.


:D

Why are you reasonably certain ??


seims

Originally posted by SMR
Why should I use Trendmicro's products ?

Perhaps it has been 'suggested' because

1 it is free and relatively easy to use
2 has reasonably up2date virus definition files

If your virus checker is working and your definition files are up to date and you have scanned and do scan regularly I wouldn't bother with Trend....

cheers
seims

Hi,

That was a hasty posting, just giving a free / easy option.

It found trojbrok.a in C:\windows\system32\audio.exe on

One customer's computer decided to email out 1100 spams in less then 1hr.

Not much info on it, doubt that its an email worm anyway.

[================ EDIT ===============]

TROJBROK.A
http://www.sophos.com/virusinfo/analyses/trojbroka.html

TROJAQ.B

Edit* 7737 spaming host showed up:

PE_BUGBEAR.B
PE_BUGBEAR.B-O
(also known as W32/Kijmo.A-mm and W32.Shamur)

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=PE_BUGBEAR.B

[================ EDIT ===============]

TrojaQ.A / B

What this virus does is that the initial file of TrojaQ.a is a parent of that TrojaQ.b. Each subsequent uses of Kazza or any other programs that has those spywares (the file that i did not record ___.dll executes this :) ) will actually execute the TrojaQ.a. So the only way to get rid of it is to delete ALL traces of the file TrojaQ, when you delete "A" but not "B"; "B" will create a child and so on. You can find this out when u use anti-trojan 5.5.4.. its nice n handy program that shuts down ports when too much traffic is going through then tells you what files are actually causing this

Trojan.Qhosts

http://securityresponse.symantec.com/avcenter/venc/data/trojan.qhosts.html
http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=100719

Add Sobig and AVF to this list

Downloader.1stbar.U
Downloader.Brok.B


Mostly they seem to be hide in the shadows.

Richard

It found trojbrok.a in C:\windows\system32\audio.exe on one of the customers computer that decided to email out 1100 spams in less then 1hr.


Can't find anything on this. My guess is that the client's system is hopelessly out of date wrt their av solution.

They do seem to have bugbear, and if their AV didn't pick that up, what else is lurking on their systems?

There are a lot of braindead users out there; it's not exactly difficult to keep your systems up to date in this regard, yet so many don't ...

"You can presumably see the IP address of the offenders. It might be worth giving each one a call."

Sysadmins are calling the customers we identify; as you say it is very easy to spot who they are.

We are trying to help those people fix their problems but in those cases where we can't help fix the problem we are forced to firewall their email thus preventing them from using our mail servers.

So there is a fairly severe "punishmnent" or, at least inconvenience, for not running a proper anti-virus program.

Hi Gstark,

The Troj Brok.a is 0ct 03 in sophos, yes the PE. strain of bugbear was found using that web AV, they didn't have any AV software.

Like forumadmin says its bad for all concerned.

Richard

So there is a fairly severe "punishmnent" or, at least inconvenience, for not running a proper anti-virus program.

I think it's an entirely appropriate response on your part. If these people cannot be entrusted to ensure their own systems' well being, you have a need and a duty to protect your systems.

And hopefully, at the very least, it will prompt a support call to you so that they can fix their problem (which they'll no doubt report to you as a problem in your system :confused: )

Richard,

they didn't have any AV software.

No AV software ?? What sort of a vacuum do they live in?

You would be surprised how many people have no protection at all. They are just ignorant of what is necessary. There are many free antvirus like AntiVir but one has to know of their existence.

The Bugbear worms find their way on to systems through a security flaw that also needs patching to avoid again. You would also be surprised how many people don't install security patches. I would see at least 2 systems a week where people have ignored the "balloon popup" to download a security update. These are usually intelligent people with XP who have not even turned on the Firewall. They just don't know what to do and it has been a low priority to find out.

It may be a good idea to write a mandantory requirement into the Swiftel install or system requirement/instructions?

You would be surprised how many people have no protection at all.

Actually, I wouldn't. :) The stupidity of the general public knows no bounds, and it takes quite a bit to overcome my overwhelming cynicism.

I happen to be of the belief that there's a great many people out there who should never, ever be let anywhere near a pc.

Originally posted by gstark
Actually, I wouldn't. :) The stupidity of the general public knows no bounds, and it takes quite a bit to overcome my overwhelming cynicism.

I happen to be of the belief that there's a great many people out there who should never, ever be let anywhere near a pc.

Ignorance and stupidity are not the same. I work with ordinary people who use computers every day and I often hear "Oh yes I have an antivirus, it was installed when I got the computer 4 years ago" And then I find it has never been updated and they dont realise that it needs to be. They are not stupid ppl, simply ignorant.

I am curious what swiftel are doing to prevent this happening in the future. Of course swiftel know far better than I what is feasable and it would be very presumptious for me to make suggestions. But my curiosity has got me thinking and wondering if swiftel will implement something like some sort of limit that blocks any more than 100 emails an hour. Of course for those with large mailing lists, they could have a special server that is unlimited. At least that would limit the damage. Alternatively, set up an administrative alert when any user exceeds a certain number of emails in an hour so at least it gets noticed quickly and the user notified and/or blocked until it is fixed. Of course swiftel may not want to reveal what preventative measures they will be taking - for obvious reasons.

The real world reality is that no matter what you do, there will always be people who don't have up to date antivirus so this sort of thing will happen again.

We provide dial in and broadband access to our staff. To use this they must show evidence that they are running an up2date virus scanner, their machines are fully patched and they must sign a declaration that this will be carried out in future.

All machines are scanned and any vulnerabilities or indications of virus/worm activity automatically disables their access.

I suspect that it is only a matter of time before commercial operators place the same duty of care on their clients.

seims

Hi,

Yes ive seen a ZoneAlarm or some other product that integrates firewall and AV connection policys.. Locks users from a certain network zone if they arn't up2date... especially important to VPN.

Richard

Originally posted by gstark
I happen to be of the belief that there's a great many people out there who should never, ever be let anywhere near a pc.

I always said Gary Stark was one of them . . . :-)

(Now, Gary, you have to figure out who this is )

I was running zone alarm and an antivirus aswell untill I found Norton internet security 2003 (2004 now available) This program is excelent providing a tough firewall, Nortons trusted antivirus, and also popup stopper and is quite user freindly. Ive had it installed for 3 weeks and I receive around 2 to 3 trojans every day tryng to get in from all over the world. It aslo scans your incomming and outgoing emails for problems aswell. All round protection and a must for all broadband users.

Well I have an alternative opinion about nortons stuff... In my professional opinion nortons make the worst firewall in the business. It is a big resource hog and has been know to cause problems outside its proper sphere of influence. Nortons disk doctor is a bit of a Dr Kevorkian as it has in some cases stuffed up a computer. Nortons cleansweep is occasionally a little too enthusuastic and cleans up important system files.
Until recently I would recommend norton antivirus but too many times I have seen it cause problems with other programs. Especially office. AVG make an excellent free antivirus. The best firewall is a hardware one like you get if you get a nat router. Nothing is foolproof however.

Oh and the best popup stopper is the google toolbar Never seen it cause a problem and it's free and non invasive.

my 2 cents:)

I agree re Nortons but please don't scare off too many people. I make good money cleaning up where Nortons has been. (Nortons is also very good at false positives)
Don't know about AVG though.
The Aussie NOD32 is probably the best.

AntiVir is a great free. low resource user, auto update and scans everything.
ZoneAlarm is free, easy to install, works well and is easy to use. With it set to Medium Security behind the NAT, you've got a sound firewall.

Plus a couple of AntiTrojan scanners and a Adware/Spy scanner.

And all the Windows patches need to be up to date e.g. Blaster and Bugbear.

Anything less and you are fooling yourself.

Yes, I work on an IT Service Desk and some of my colleagues here don't bother with an AV scanner on thier home PC's. They're on unlimited broadband and when their machine becomes too slow due to numerous infections, they just re-ghost it. They claim it's easier and quicker than keeping their PC's upto date and patched all the time.

T.

If you're behind a nat hardware router... what chance is there of the port based worms (Welchia, Blaster etc) getting through?

I rely on the router's stateful inspection firewall, only forward required ports, and don't bother with AV software and I haven't been infected by any worms yet. Email is a diff story but I have other measures to take care of that.

Originally posted by thomashouseman
Yes, I work on an IT Service Desk and some of my colleagues here don't bother with an AV scanner on thier home PC's. They're on unlimited broadband and when their machine becomes too slow due to numerous infections, they just re-ghost it. They claim it's easier and quicker than keeping their PC's upto date and patched all the time.

T.

I think that is bloody irresponsible. Whilst they aren't 'bothering' their machines are hammering our bandwidth and trying to reinfect my machine or yours or the rest of the internet. And they are on unlimited broadband !!!!


I cannot believe that these people 'work in IT'

Dammit I have to clean up the mess on large networks I see the cost in time and money.

I just cannot believe this post is real !!!!

seims

Yes, I agree and have told him off about it numerous times, however he doesn't seem to care much and thinks of it as a bit of a joke. Whenever I complain about spam in my mailbox from him he just re-images again. What more can I do? Bloody annoying, but there it is. It does happen and even from intelligent (even though somewhat irresponsible) people who know better.

(Thankfully though, he's not with Swiftel)

T.

I too work as a Techo in a PC store and spend the majority of my day cleaning out and rebiulding peoples machines due to virus infections. My PC runs nearly 24 hour a day at home and the ones at work the same. We both use internet security and so far it has proven its worth. And when you refer to a resorce hog yes It may be in a P2 400 but with the high end machines we use today its harldy noticable. As far as as office is concearned yes it does play havock with certain applications but a firewall and antivirus should be the last things installed on the pc and if you do this it all works fine. And if you need to install another program disable the two before doing so. And yes a hardware firewall is the best but who is going to spend $200 + on a nat router especially if thay dont run multiple pc's when a properly configured firewall can do a good job on its own. AVG is good and that was the anitivirus I used untill inslalling norton but that didnt stop the good o'l MSBLAST from poping into my pc in a reglar basis.

(Im rambling again);)