Dave T-S

I believe I have found out why my PC has been crashing out of Scoobynet the last few days......

I was sent an Email from Italy at the weekend from somebody I was expecting a reply from. I got two messages. The first one was legit, the second one had an attachment called "Jimi Hendrix". I thought he had sent it to me in error or something so did what we would all do (or me anyway), against all the advice, and clicked on the attachment.

Nothing happened, or so I thought.....then I started getting problems.

This is a known W95.MTX variant worm virus (or now I know this – hindsight eh??). It also manifests itself under a whole list of names including “hanson.scr” (which I accidentally sent to Webmaster after it had infected me - OOPS sorry Simon SIR).

It also has the capability to block access to certain web sites – sounds familiar?

What it does is that the worm component makes a copy of Wsock32.dll and names it Wsock32.mtx. It then allows the virus to mail a copy of the worm infected with this virus in parallel to the person any legitimate mail is sent to. You click on the Jimi Hendrix (or hanson.scr) attachment, and you can guess the rest.

According to Symantec’s website it can be a bit of a pig to remove.

Further information can be obtained from

Lee

This virus is certainly doing the rounds - I've had loads of reports from my server where people have tried to send email with it attached.

Thank god for server based email virus scanning eh !

Dave T-S

Lee
Thank God for having updated my Norton AV - oh bugger - about a year ago

Guess what i'm doing tonight??

Puff The Magic Wagon!

iTrader: (2)

Lee

Yup! + auto update enabled

Scored 5 virus's in the last few days on our network.

I even got my brother-in-law to send me an email 'cos he was told he had a virus but not what! (So I could tell him what it was )

Caught & killed

Every time we get a virus, my pager goes off - bit tedious...

Dave T-S

James
So exactly which bit of that post is supposed to make me feel better then??

Peter Ford

I fell foul to the 'kak' worm virus a while ago, from an email- and this one you dont even have to click on. It manifests itself in a signature in the email, in some sort of active x scripting, so as soon as you opened the email, your infected.

David Lock

Peter,
Being a computer muppet (well nearly) and working from home (not surrounded by IT gurus) I am very nervous about viruses. Do I take your post to mean that by just reading an e-mail I can catch something?? I know of course about opening dodgy attachments but I really didn't think reading e-mails carried a risk. Can somebody put me right? Thanks in advance. BTW I do use Norton and so far, touch whatever no problems. I haven't a clue what active x scripting is. David

ChrisB

David,

You are indeed at risk if you use Outlook Express with the Preview Pane.

For instance, one of the variants of KAK (http://vil.nai.com/vil/virusChar.asp?virus_k=10509) can be activated by viewing an infected message 'with' the Preview Pane.

Things to do...

1) Ensure your anti-virus software is updated (at a minimum get an update every month) and enabled.

2) Use

Dave T-S

I've run the Symantec W95.MTX fix and reloaded Win 98 - looks like I am back in business guys - getting update version of Norton System Works tomorrow and gonna install a firewall - then go gunning for the ba5stard that infected me

1000 posts here I come.....

Dave T-S

By strange coincidence I was looking at those three firewalls this morning after my little visitor earlier in the week....

Mrs T-S is at home today so she very kindly loaded me one this morning.....been to PC World (UGH - but convenient) in my lunch hour to get an update of my viruschecker with auto online update - that should tighten things up - live and learn eh guys??

Puff The Magic Wagon!

iTrader: (2)

OH NO!

Quick someone, send him some more viruses!

Glad to know your sorted

David Lock

Chris B,

Many thanks indeed for your helpful reply. I will spring into action. Cheers, David.

Peter Ford

As well as updating my virus checker I also got a software update patch thingy from micro$oft, which stops the loop hole in outlook that allows worms like kak into the system.
Good to know you got everything sorted out dave. The few I've had in the past have meant whole hd formats!

Markus

win85.mtx

Nastiest virus I've ever come across. We had a problem with a a few weeks back. one of the PC chaps got sent an email and this crashed our mailserver, on closer inspection it was something to do with some file called 'metalica.mp3.pif' that he was trying to send. Which he was not.

I grabbed the file on my mac and opened it up and had a scan through the info, and found out what it was.

You should have seen their faces when I looked it up on the symantec site.

Trully horrible little bast. Glad I've got a mac, which can't get infected by it.

ChrisB

David,

I'd also recommend running a personal firewall. I use ZoneAlarm on my Windows 2000 PC at home (