Back to the main page

Mailing List Logs for ShadowRN

From: Dvixen dvixen@****.com
Subject: [Gridsec] Virus Alert! (Gee, ya think?)
Date: Fri, 05 May 2000 10:16:22 -0700
Well, I thought of sending this info to the list yesterday, honest.
Someplace along the day, I forgot. :(

Here are some links for more information, including removal. 2 more
variants were discovered this morning, and more are sure to come... (5 at
this point are known) *sigh*

-As someone posted, it attacks jpg, and mp* files. It also will take out a
few of the web site scripting files. (java, vb, and css)

--There have been reported cases of the virus showing only a .txt
extension, and not the .vbs that it really is! This is most common on
machines that don't show the file type.

To set your file types to always display (Windows 9x users) Right click on
my computer, >View>Folder Options>View> and unselect Hide File extensions
for known file types. I personally have Show All Files selected as well.
Cluttery, maybe, but you get used to it, and it's nice knowing exactly what
you are launching.... ;)

---Deleting all infected files with the *.vbs extension might cause more
damage. (eek!)

I STRONGLY recommend using a AV proggie you trust to remove this. Most, if
not all, decent AV software providers had the fix/detect information in
place within hours of it being reported.

Links for different AV users below:

McAfee: http://www.mcafee.com/viruses/loveletter/
Norton: http://www.symantec.com/avcenter/venc/data/vbs.loveletter.a.html
Sophos: http://www.softek.co.uk/sophos/new_ide_files.htm
Proland Protector Plus: http://www.pspl.com/virus_info/worms/loveletter.htm
Norman/ThunderBYTE: http://www.norman.com/documents/loveletter.shtml

Some of these sites are rather slow, so be patient.

Now repeat after me! NEVER OPEN ATTACHMENTS UNLESS YOU KNOW WHAT IT IS, WHO
SENT IT, AND TRUST THE SENDER! (Running a AV that scans incoming mail won't
hurt, either!)
--
Dvixen - dvixen@****.com - Vrianna
Gallery - http://members.home.com/dvixen
Herkimer's Lair - http://shadowrun.html.com/hlair
"What's your sign?" - "Trespassers will be shot."
Comments/Questions accepted, flames dropped into the abyss.

Disclaimer

These messages were posted a long time ago on a mailing list far, far away. The copyright to their contents probably lies with the original authors of the individual messages, but since they were published in an electronic forum that anyone could subscribe to, and the logs were available to subscribers and most likely non-subscribers as well, it's felt that re-publishing them here is a kind of public service.

Thwap!