Gå til innhold

Virus?

Gjest Vær forsiktig!

Av Gjest Vær forsiktig!
i Åpent forum

 Del

Anbefalte innlegg

Gjest Vær forsiktig!

Gjest Vær forsiktig!

Skrevet
Skrevet

Hei

I går, 01.03.01, fikk jeg en e-mail. Det var hverken avsender, emne, eller tekst i den. Det var derimot et vedlegg. Jeg ble livredd (tenkte det kunne være et virus) og slettet den med en gang (har den i "slettede meldinger).

Jeg kjørte en virusskjekk på maskinen, men den fant ingenting.

Jeg lurer på om dette kan være et virus? Venninna mi fikk akkurat lik, og hun slettet den med en gang hun og.

Har sendt mail til brukerstøtten, men jeg har ikke fått svar ennå.

Har noen her fått det samme?

0
Lenke til kommentar
https://forum.doktoronline.no/topic/20935-virus/
Del på andre sider

Fortsetter under...

Annonsørinnhold
20 vinterjakker på salg: Tykk, varm og stilig
20 vinterjakker på salg: Tykk, varm og stilig
Annonsørinnhold
Stor oversikt over de beste kjøpene på januarsalget
Stor oversikt over de beste kjøpene på januarsalget
Annonsørinnhold
Hudpleieproduktene som redder huden i vinter
Hudpleieproduktene som redder huden i vinter

Annonse

Gjest Vær forsiktig!

Gjest Vær forsiktig!

Skrevet
Skrevet

Er det det der som bare infiserer tekstfilene?

Hei igjen. Driver og søker på W95.Hybris.worm på Yahoo, så det kommer litt info her.

W95.Hybris.gen

Discovered on: September 25, 2000

Last Updated on: December 12, 2000 2:53:52 PM PST

December 7, 2000:

Due to a recent increase in world-wide infections of this worm, SARC is increasing the threat level of this worm to 4.

W95.Hybris is a worm that spreads by email as an attachment to outgoing emails. It was discovered in late September of 2000. Although minimum reports of infection were reported in October 2000, the worm started to become common in early Nov 2000.

The message may include the text "Snow White and the Seven dwarves" and the attachment may have one of several different names, including, but not limited to:

anpo porn(.scr

atchim.exe

branca de neve.scr

dunga.scr

dwarf4you.exe

enano porno.exe

joke.exe

midgets.scr

sexy virgin.scr

Also known as: W32.Hybris.gen, W32.Hybris.22528.dr, W32/Hybris.gen@M, I-Worm.Hybris

Category: Worm

Virus definitions: September 25, 2000

Threat assessment:

Wild:

Medium Damage:

Low Distribution:

High

Wild

Number of infections: 50-999

Number of sites: More than 10

Geographical distribution: Medium

Threat containment: Moderate

Removal: Moderate

Distribution

Name of attachment: Random with EXE or SCR file name extension

Technical description:

When the worm attachment is executed, the WSOCK32.DLL file will be modified. This will give the worm the ability to attach itself to all outbound email. The email attachment will have a random name but the filename extension is either EXE or SCR).

The worm attempts to connect to the newsgroup alt.comp.virus. After it connects successfully, the worm uploads its own plug-ins in an encrypted form to this newsgroup. It goes thru the subject header of the messages, and tries to match a specific format. The subject header will also specify the version number of the attached plug-in if these plug-ins are indeed present. If a newer version of plug-ins is found, the worm downloads these modules and updates its behavior. For example, there are known modules that give the worm ability to infect compressed files like ZIP.

If WSOCK32.DLL is being used by the system, the worm will be unable to modify this file. Thus, in this situation, the worm will add a registry key to one of the following subtrees:

HKEY_LOCAL_MACHINE\Software\Microsoft\

Windows\CurrentVersion\RunOnce

HKEY_CURRENT_USER\Software\Microsoft\

Windows\CurrentVersion\RunOnce

It will always alternate between these two trees mentioned above as the worm spreads from one machine to another. The worm hooks on the following exports on WSOCK32.DLL: send(), recv(), connect(). Whenever a user sends out an email to a person, the worm will also send out another email to the same person attaching a copy of itself using a randomly generated filename.

Removal:

Use Norton AntiVirus to repair the infected WSOCK32.DLL. Other files detected as W95.Hybris contain only the virus body and must be deleted.

0
Lenke til kommentar
https://forum.doktoronline.no/topic/20935-virus/#findComment-90508
Del på andre sider
Gjest Vær forsiktig!

Gjest Vær forsiktig!

Skrevet
Skrevet

Hei igjen. Driver og søker på W95.Hybris.worm på Yahoo, så det kommer litt info her.

W95.Hybris.gen

Discovered on: September 25, 2000

Last Updated on: December 12, 2000 2:53:52 PM PST

December 7, 2000:

Due to a recent increase in world-wide infections of this worm, SARC is increasing the threat level of this worm to 4.

W95.Hybris is a worm that spreads by email as an attachment to outgoing emails. It was discovered in late September of 2000. Although minimum reports of infection were reported in October 2000, the worm started to become common in early Nov 2000.

The message may include the text "Snow White and the Seven dwarves" and the attachment may have one of several different names, including, but not limited to:

anpo porn(.scr

atchim.exe

branca de neve.scr

dunga.scr

dwarf4you.exe

enano porno.exe

joke.exe

midgets.scr

sexy virgin.scr

Also known as: W32.Hybris.gen, W32.Hybris.22528.dr, W32/Hybris.gen@M, I-Worm.Hybris

Category: Worm

Virus definitions: September 25, 2000

Threat assessment:

Wild:

Medium Damage:

Low Distribution:

High

Wild

Number of infections: 50-999

Number of sites: More than 10

Geographical distribution: Medium

Threat containment: Moderate

Removal: Moderate

Distribution

Name of attachment: Random with EXE or SCR file name extension

Technical description:

When the worm attachment is executed, the WSOCK32.DLL file will be modified. This will give the worm the ability to attach itself to all outbound email. The email attachment will have a random name but the filename extension is either EXE or SCR).

The worm attempts to connect to the newsgroup alt.comp.virus. After it connects successfully, the worm uploads its own plug-ins in an encrypted form to this newsgroup. It goes thru the subject header of the messages, and tries to match a specific format. The subject header will also specify the version number of the attached plug-in if these plug-ins are indeed present. If a newer version of plug-ins is found, the worm downloads these modules and updates its behavior. For example, there are known modules that give the worm ability to infect compressed files like ZIP.

If WSOCK32.DLL is being used by the system, the worm will be unable to modify this file. Thus, in this situation, the worm will add a registry key to one of the following subtrees:

HKEY_LOCAL_MACHINE\Software\Microsoft\

Windows\CurrentVersion\RunOnce

HKEY_CURRENT_USER\Software\Microsoft\

Windows\CurrentVersion\RunOnce

It will always alternate between these two trees mentioned above as the worm spreads from one machine to another. The worm hooks on the following exports on WSOCK32.DLL: send(), recv(), connect(). Whenever a user sends out an email to a person, the worm will also send out another email to the same person attaching a copy of itself using a randomly generated filename.

Removal:

Use Norton AntiVirus to repair the infected WSOCK32.DLL. Other files detected as W95.Hybris contain only the virus body and must be deleted.

Enda litt mer info;)

Virus (worm) Alert!

A number of users have reported receiving email from [email protected] along with an attachment. This is, in fact, the W95.Hybris worm. Do NOT open the attachment!. It is advised to exercise extreme caution when executable attachments arrive in your inbox, no matter where they come from and how 'trustworthy' a message looks. Installing an up to date virus scanner is also recommended, regardless if you are infected or not. Please visit Norton, McAfee to purchase a virus scanner for your computer. If you do already have a virus scanner installed, we recommend for you to update the virus definition files for your scanner. Please refer to your virus scanner manufacturer for details.

General Description:

W95.Hybris is a worm that spreads by email as an attachment to outgoing emails. It was discovered in late September of 2000, and it's infection level has recently been upgraded to Level 4 (very high) The message may include the text "Snow White and the Seven dwarves" and the attachment may have one of several different names, including, but not limited to:

anpo porn(.scr

atchim.exe

branca de neve.scr

dunga.scr

dwarf4you.exe

enano porno.exe

joke.exe

midgets.scr

sexy virgin.scr

The worm can also send itself with a random, 8-letter name, for example FKSJERHV.EXE.

Technical Description:

When the worm attachment is executed, the WSOCK32.DLL file will be modified. This will give the worm the ability to attach itself to all outbound email. The email attachment will have a random name but the filename extension is either EXE or SCR).

The worm attempts to connect to the newsgroup alt.comp.virus. After it connects successfully, the worm uploads its own plug-ins in an encrypted form to this newsgroup. It goes thru the subject header of the messages, and tries to match a specific format. The subject header will also specify the version number of the attached plug-in if these plug-ins are indeed present. If a newer version of plug-ins is found, the worm downloads these modules and updates its behavior. For example, there are known modules that give the worm ability to infect compressed files like ZIP.

If WSOCK32.DLL is being used by the system, the worm will be unable to modify this file. Thus, in this situation, the worm will add a registry key to one of the following subtrees:

HKEY_LOCAL_MACHINE\Software\Microsoft\

Windows\CurrentVersion\RunOnce

HKEY_CURRENT_USER\Software\Microsoft\

Windows\CurrentVersion\RunOnce

It will always alternate between these two trees mentioned above as the worm spreads from one machine to another. The worm hooks on the following exports on WSOCK32.DLL: send(), recv(), connect(). Whenever a user sends out an email to a person, the worm will also send out another email to the same person attaching a copy of itself using a randomly generated filename.

Removal:

If you suspect you may be infected, Norton Antivirus has a free tool to detect and remove the W95.Hybris worm. You can download it here. If you have an up to date virus scanner installed on your system, you can do a full system scan.

Related sites:

SexyFun.net (W95.Hybris removal help - NOT the worm creator)

Hybris write up from Symantic

Hybris write up from Sophos

Hybris write up from F-Secure

Hybris write up from Kyperski Labs

Notes:

Virus removal is not a USOL.com supported service. Our technicians are not trained in virus removal, and will not be able to help you remove a virus over the telephone. If you suspect that you may be infected with a worm or virus, we strongly recommend that you install an up to date virus scanner and/or seek out a professional computer repair technician or repair shop for assistance.

0
Lenke til kommentar
https://forum.doktoronline.no/topic/20935-virus/#findComment-90510
Del på andre sider
Pulso

Pulso

Skrevet
Skrevet

Dette er virus, jeg mottar flere av disse hver eneste dag. Vil med dette benytte anledningen til å minne om følgende: En god regel er å oppdatere antivirusprogrammet jevnlig og aldri åpne mailvedlegg som man ikke aner hva er.

Vennlig hilsen

Jeg lurer litt på hvordan man lar vær å åpne en melding jeg. For når jeg høyreklikker på meldingen for å slette den, åpner den seg automatisk. Hvordan kan man da slette den uten å åpne den??

0
Lenke til kommentar
https://forum.doktoronline.no/topic/20935-virus/#findComment-90624
Del på andre sider

Annonse

SoriaMoria

SoriaMoria

Skrevet
Skrevet

Jeg lurer litt på hvordan man lar vær å åpne en melding jeg. For når jeg høyreklikker på meldingen for å slette den, åpner den seg automatisk. Hvordan kan man da slette den uten å åpne den??

Du har sikkert aktivisert forhåndsvisning/ preview. Gå inn i options eller en annen passende "instillingsmeny" (husker ikke akkurat hvor det er) og deaktiver denne funksjonen. :-)

mvh

0
Lenke til kommentar
https://forum.doktoronline.no/topic/20935-virus/#findComment-90688
Del på andre sider

Bli med i samtalen

Du kan publisere innhold nå og registrere deg senere. Hvis du har en konto, logg inn nå for å poste med kontoen din.

Gjest
Innholdet ditt inneholder uttrykk som vi ikke tillater. Vennligst endre innholdet ditt slik at det ikke lenger inneholder de markerte ordene nedenfor.
Skriv svar til emnet...

×   Du har limt inn tekst med formatering.   Lim inn uten formatering i stedet

  Du kan kun bruke opp til 75 smilefjes.

×   Lenken din har blitt bygget inn på siden automatisk.   Vis som en ordinær lenke i stedet

×   Tidligere tekst har blitt gjenopprettet.   Tøm tekstverktøy

×   Du kan ikke lime inn bilder direkte. Last opp eller legg inn bilder fra URL.

Laster...
×
 Del
Gå til emneliste
×
×
  • Opprett ny...