PDA

View Full Version : Virus alert (yes, IL2 Related)



XyZspineZyX
08-21-2003, 07:39 AM
No IL2 does NOT have a virus. But someone on these forums does. I recently got a bunch of returned E-mails from people who I dont know that had the virus Sobig.F virus on it. Also, I got PM's here from forum members that said someone is sending them E-mails in my name with the virus on it. The only conclusion is that someone here with my E-mail addy in there address book has this virus. I hope everyone here checks there computer ASAP. Here is info about the virus, how to detect it, and how to remove it.

Sobig.F virus itself is not harmful, but it allows hackers to install programs on your system without you knowing it. When your infected, it sends itself out to everyone in your E-mail address book in someone elses name randomly chosen from his E-mail address book.

Symantec has released a FREE took to remove the file from your PC. This is free, and there is NO reason NOT to do it. Please fallow the link and check your computer!!!

http://www.symantec.com/avcenter/venc/data/w32.sobig.f@mm.html

Sorry if this does not fallow forum guidelines, but it is IL2 "comunity" related.

Gib

I am now accepting donations to help get the PBY flyable.

<center><form action="https://www.paypal.com/cgi-bin/webscr" method="post">
<input type="hidden" name="cmd" value="_xclick">
<input type="hidden" name="business" value="gibbage@lycos.com">
<input type="hidden" name="item_name" value="Gibbages IL2; FB PBY Catalina Fund">
<input type="hidden" name="no_note" value="1">
<input type="hidden" name="currency_code" value="USD">
<input type="hidden" name="tax" value="0">
<input type="image" src="http://gibbageart.havagame.com/donations.gif" border="0" name="submit" alt="Make payments with PayPal - it's fast, free and secure!">
</form></center>

XyZspineZyX
08-21-2003, 07:39 AM
No IL2 does NOT have a virus. But someone on these forums does. I recently got a bunch of returned E-mails from people who I dont know that had the virus Sobig.F virus on it. Also, I got PM's here from forum members that said someone is sending them E-mails in my name with the virus on it. The only conclusion is that someone here with my E-mail addy in there address book has this virus. I hope everyone here checks there computer ASAP. Here is info about the virus, how to detect it, and how to remove it.

Sobig.F virus itself is not harmful, but it allows hackers to install programs on your system without you knowing it. When your infected, it sends itself out to everyone in your E-mail address book in someone elses name randomly chosen from his E-mail address book.

Symantec has released a FREE took to remove the file from your PC. This is free, and there is NO reason NOT to do it. Please fallow the link and check your computer!!!

http://www.symantec.com/avcenter/venc/data/w32.sobig.f@mm.html

Sorry if this does not fallow forum guidelines, but it is IL2 "comunity" related.

Gib

I am now accepting donations to help get the PBY flyable.

<center><form action="https://www.paypal.com/cgi-bin/webscr" method="post">
<input type="hidden" name="cmd" value="_xclick">
<input type="hidden" name="business" value="gibbage@lycos.com">
<input type="hidden" name="item_name" value="Gibbages IL2; FB PBY Catalina Fund">
<input type="hidden" name="no_note" value="1">
<input type="hidden" name="currency_code" value="USD">
<input type="hidden" name="tax" value="0">
<input type="image" src="http://gibbageart.havagame.com/donations.gif" border="0" name="submit" alt="Make payments with PayPal - it's fast, free and secure!">
</form></center>

XyZspineZyX
08-21-2003, 07:43 AM
Its been a nightmare at work this week patching servers etc, thanks for the link Gibbage pretty sure Im clean but no harm in checking.

JG4_Tiger

XyZspineZyX
08-21-2003, 07:43 AM
Thanks for the info.

Will follow your advice immediately.

*****Only left handed people are in their right minds.*****

<center>http://www.ghosts.com/images/05.jpg

XyZspineZyX
08-21-2003, 07:46 AM
I had 5 different emails come in infected tonight. They came in my web account, so I caught them, even though MaCaffee said they were scanned and clean, I know better. I deleted them without opening them.

Tsisqua

http://www.cherokee.org/Culture/images/proctorZeke.jpg
"My ancestors didn't come over in the Mayflower--they met the boat."


http://www.theinformationminister.com/press.php?ID=612345111

XyZspineZyX
08-21-2003, 09:42 AM
Yes, its been a nightmare of a few weeks for our network, more to the point for me.

Just remember to have Anti Virus Software running and uptodate and also a Firewall. That should keep you safe.



Cpt-Madcowz
Comsa (http://www.comsa.co.uk)



"When the hunter comes, the tiger runs with the deer."

XyZspineZyX
08-21-2003, 09:46 AM
My wife's emails were full of this all week, one of her mail groups had it and she got at least 10 mails with the virus.

Luckily she uses Yahoo and deleted them all, but several members of her group still seem oblivious to the virus.





<center>
http://blankgiro.freewebspace.com/IL2/soapy112th.jpg
</center>

XyZspineZyX
08-21-2003, 03:00 PM
Biggest virus yet known. Bigger than the lovebug.

IL2 related also because it will affect our online experience.

XyZspineZyX
08-21-2003, 03:06 PM
Best solution = STOP USING OUTLOOK.

I use Eudora and I've neer had a virus..

Beta tester for nTrap????
C&C Generals,Independance War 2, Starfleet Command 2,Settlers IV, Tzar, Allegiance, Starfleet Command,MAX 2, Defiance

michapma
08-21-2003, 03:13 PM
Gibbage, I think you might not have the right idea about how this virus works or is being spread. I didn't either until this morning, I got several returned mails. Below I've included a text from one of our server admins that explains how the unexpected behavior is coming about. The main point is this: "the virus uses randomly adresses it finds as fake sender adresses when sending itself to infect other machines. Some badly configured mail servers (not ours!) send a notification to the sender of that virus mail."

Any information in the post is for people using our server for email, so ignore instructions from the sys admin to those people.

Cheers,
Mike

<hr>
Yesterday Tuesday August 19th at about 13:00 a new variant of an old Virus called Sobig-F started spreading. The virus-scanner producing companies didn't know about the virus until the same day, so that the virus could spread without resistance.

Our mail server did block the new virus already after 50 minutes of its first appearance and looking at the virus checking logs it seems as though no machine was infected (that wasn't notified by us). Anyway if you are using Windows it is a good idea to make an update to your virus checker. Make also sure that you configure your virus checker to check all file extensions including 'pif'.

You are not going to get this virus from our mail server, since the virus checker software is blocking them all (at a rate of about 10 per minute), but you might still get confusing mails which are related to its spreading: the virus uses randomly adresses it finds as fake sender adresses when sending itself to infect other machines. Some badly configured mail servers (not ours!) send a notification to the sender of that virus mail. It might happen that some virus did choose your adress as sender and that you thus get these notifications. You can also get notification that some destination adress is not existing or things like that.

The only possible thing to do right now is to ignore or manually delete these mails (which aren't dangerous, just annoying).

You can see graphically the amount of viruses that our mail server is blocking:

http://people.ee.ethz.ch/~dws/mailgraph/mailgraph.cgi


<table width="100%" border="0" cellspacing="0" cellpadding="10"><tr valign="middle" bgcolor="#3e463b"><td height="40" colspan="3" align="center">The ongoing IL-2 User's Guide project (http://people.ee.ethz.ch/~chapman/il2guide/)</a></td></tr><tr bgcolor="#515e2f"><td width="40%">FB engine management:
Manifold Pressure sucks (http://www.avweb.com/news/columns/182081-1.html)
Those Marvelous Props (http://www.avweb.com/news/columns/182082-1.html)
Mixture Magic (http://www.avweb.com/news/columns/182084-1.html)
Putting It All Together (http://www.avweb.com/news/columns/182085-1.html)
Those Fire-Breathing Turbos (Part 1 of 6) (http://www.avweb.com/news/columns/182102-1.html)</td><td align="center">

‚ =69.GIAP=Chap‚

69.GIAP (http://www.baseclass.modulweb.dk/giap/)</p></td><td width="40%" align="right" valign="top">Hardware:
Flight Simulation Performance Analyzed (http://www.simhq.com/_air/air_062a.html)
Building a home-made throttle quadrant step by step (http://forums.ubi.com/messages/message_view-topic.asp?name=us_il2sturmovik_gd&id=zkavv)
Sound Can Be Hazardous for Games (http://www6.tomshardware.com/game/20030405/index.html)</td></tr></table>

XyZspineZyX
08-21-2003, 04:16 PM
people actually use outlook?


http://mysite.verizon.net/vze4jz7i/ls.gif

Good dogfighters bring ammo home, Great ones don't. (c) Leadspitter

XyZspineZyX
08-21-2003, 04:26 PM
LeadSpitter_ wrote:
- people actually use outlook?
-
-
- http://mysite.verizon.net/vze4jz7i/ls.gif -
- Good dogfighters bring ammo home, Great ones don't.
- (c) Leadspitter

Sadly, yes.


------------------------------------------

"If you put tomfoolery into a computer, nothing comes out of it but tomfoolery. But this tomfoolery, having passed through a very expensive machine, is somehow enobled and no-one dares criticize it." - Pierre Gallois

XyZspineZyX
08-21-2003, 04:53 PM
Nothing wrong with Outlook.

As long as its patched and you don't go being an asshat and opening up every email attachment you are fine.

Sure beats using Pine which I use all day at work and is a pain to view attachments/images etc.

Just cos its MS ware doesn't mean its bad.





Cpt-Madcowz
Comsa (http://www.comsa.co.uk)



"When the hunter comes, the tiger runs with the deer."

XyZspineZyX
08-21-2003, 06:35 PM
I had two more come in today, and deleted them. I did a complete virus scan with NAV (updated today) and had 20 instances of bogus files infected with W32.Kwbot.F.Worm. This is not a real bad one, but does drop a Trojan in your system. I cleaned it out and repaired the registry using the instructions at the Symantec page. I don't think it is directly related to this forum, but just a bad epidemic.

Tsisqua

http://www.cherokee.org/Culture/images/proctorZeke.jpg
"My ancestors didn't come over in the Mayflower--they met the boat."


http://www.theinformationminister.com/press.php?ID=612345111

XyZspineZyX
08-21-2003, 06:47 PM
I used to have a pretty bad opinion of Outlook...until I got my current job. We use Lotus Notes exclusively. What a kludgy piece of crap. And speaking of crap, I hold virus writers and spammers in equal esteem, which is to say that both would be of far more use to me if they were separated into their component elements.


---
There are 10 kinds of people in this world: those who can count in binary, and those who can't.
(If I knew who said that first, I'd give credit here.)

HL callsign: Ctrl_Eeee, the guy you just shot down

XyZspineZyX
08-21-2003, 06:54 PM
I've imagined myself as a hacker, taking a look into my hard disk...

...mmm, how boring. /i/smilies/16x16_smiley-indifferent.gif

- Dux Corvan -

<center>http://www.bloggerheads.com/mash_quiz/images/mash_hawkeye.jpg (http://www.bloggerheads.com/mash_quiz/)</center>

XyZspineZyX
08-21-2003, 07:31 PM
i cant say here what i'd like to do to the little slime balls. And why do they all seem to hate Bill G@ates & M$ so much?

<CENTER>http://invisionfree.com:54/40/30/upload/p837.jpg
<CENTER>><FONT COLOR="blue">Please visit the 310thVF/BS Online at our NEW web site @:
<CENTER><FONT COLOR="orange"> http://members.tripod.com/tophatssquadron/
<CENTER>A proud member Squadron of IL-2 vUSAAF
<CENTER>310th VF/BS Public forum:
<CENTER><FONT COLOR="YELLOW"> http://invisionfree.com/forums/310th_VFBG/
<CENTER><CENTER><FONT COLOR="YELLOW">
Proud Sponsor of IL-2 Hangar Forums
<CENTER> Visit the Hangar at:
http://srm.racesimcentral.com/il2.shtml

XyZspineZyX
08-21-2003, 11:24 PM
MS is a victim of its own success. A few years ago I worked on the help desk of a major Silicon Valley software company that used a UNIX based "popper" POP3 mail infrastructure -- a virus or worm targeting it would have been superfluous since it has so many failures on its own. MS caters to the technophobes who expect the PC to require as much thought to use as the telephone, and those users are conditioned to click away without considering the ramifications. The auto-update feature will go a long way towards thwarting the script kiddies with their little worms.

http://mirrors.meepzorp.com/xpsucks/index_files/MSLiliO1.jpeg

[][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]

54LUT3!

"Fighter Aces don't win wars" -- el Zed

XyZspineZyX
08-22-2003, 12:14 AM
CDN_Merlin wrote:
- Best solution = STOP USING OUTLOOK.
-
- I use Eudora and I've neer had a virus..


I dont use Outlook and I got the bug........ from someone in here...or at least someone who comes here. NP....... I removed it.

<CENTER>http://www.world-wide-net.com/tuskegeeairmen/ta-1943.jpg <marquee><FONT COLOR="RED"><FONT SIZE="+1">"Straighten up.......Fly right..~S~"<FONT SIZE> </marquee> http://www.geocities.com/rt_bearcat

<CENTER><FONT COLOR="ORANGE">vflyer@comcast.net<FONT COLOR>
<Center><div style="width:200;color:red;font-size:18pt;filter:shadow Blur[color=red,strength=8)">99th Pursuit Squadron