Jump to content

VIRUS ALERT!!!! OH NO!


Recommended Posts

Guys,

I was checking my norton spam email to make sure there were no good emails and i clicked on one cause it looked legit and as soon as I did Norton popped up and said "Virus detected: cannot delete".

 

The window would not go away so I clicked back on outlook and selected all and delted and then the norton alert said a diff file name by a series of numbers...

what I mean is it said the first time

wqr(12).ani

then i licked ok then the window came back immediatley saying

wqr(13).ani

and it did this for about 5-6 times then it stopped.

 

I went to symantecs sight and it said if 2005 cannot delete the moo file it's probably because windows was using it. Makes sesne since I was using the email

and the location of the file was

 

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\Y9HA3ULW\wqr[12].ani

Click for more information about this threat : Trojan.Moo

 

its in the temp internet folder so it may have come from the spam.

 

but i never told it to quarantine or delete anything so I'm afraid it's still present.

I did a system scan and NOTHIN!

I searched the foler listed above y98... and the wqr files are not there.

 

Am I safe or should I WIPE!!!!

 

help

 

Auggy

Link to comment
Share on other sites

ok guys

i got nothign from either NAV or the link to techworld or what ever it was called.

 

So no trace of it is found.

 

I feel a bit uneasy having a web store and stuff like that. I think I outta wipe and reinstall.

 

The good news is I have a 20g partition that with an image of this main partition to just rebuild MOST of it in about 10 minutes. No installing cause it's already done.

 

But I'll lose some stuff and I'll have to reinstall a few things

 

What do you guys think?

 

Aug

Link to comment
Share on other sites

Guest zerodamage
Guest zerodamage
Guest zerodamage
Guests

do the housecall and use the second link. It is beta but more up to date.

Link to comment
Share on other sites

the housecall is scanning now but my fatherinlaw stopped it so i had to restart it.

 

as for the removal page from symantec i tried it all but it cant detect the infected files

wqr(xx).ani

so removal is imposs

i cant locate this file either.

some forums suggest it's already piggy backed on other exe's.

 

Aug

 

ill let you knwo what housecalls does.

Link to comment
Share on other sites

Guest zerodamage
Guest zerodamage
Guest zerodamage
Guests

If you have a backup image on another partition. I just say go with that (back up my documents first of course) and save yourself the headache over all. You will never have peace of mind and will always wonder what is going on that you do not know about.

Link to comment
Share on other sites

well if you feel that the virus scanner isnt doing it's job. reinstall everything. only takes like a hr, then another hr for CS if you dont have the cd, and if you dont, make a backup of it (there is a option in steam) that is what I did and burt it on dvd.

 

as ZD said, it's just peace of mind.

 

ps. seeing as you use norton, have you ever thought about using ghost?

Edited by Acid-Flux
Link to comment
Share on other sites

Images are great. IF you're really uncomfortable, I'd say the time spent backing up the data that aren't imaged and reinstalling the few programs you need to are well invested for peace of mind, especially since images restore soooo fast...just my two cents.

 

If there's no evidence, it's most likely not necessary...but definitely worth the peace of mind. Imagined stress can be worse than actual stress.

Link to comment
Share on other sites

If your Norton detected it (as you said it did), then you should be fine. Norton would not detect a file as a virus and still let you execute it unless you disabled Norton first.

 

Secondly, the reason it was in your "Temporary Internet Files" directory is because the e-mail was formated in HTML, thus it uses the Internet cache to store the files as it generates the HTML document. No surprise there.

 

Third, whatever e-mail client you use, set it to ALWAYS read mail in plain text. This will help prevent this happening again in the future.

Link to comment
Share on other sites

OUTLOOK? Are you insane lol. Every Virus author out there targets outlook as a mode of transferance. Use a third party one like mozilla. Also if Norton detected it, it was probably deleted on your reboot so I would rerun Norton and if it doesn't come up againg just breath a sigh of relief. If it does scrub the system and reimage.

 

Disclaimer:

Following my advice may result in your head blowing clean off!

Link to comment
Share on other sites

I used it briefly, but disliked it. Way too much like OE. I didn't like the interface, and since I'm forced to use Outlook at work (boss doesn't know enough about computers to know there are better alternatives, and I get pulled away from my regular work enough as it is to take the time to train him how to use a different program) I don't even want Outlook, or OE installed here at home.

 

My personal take on TB was that it was ugly, and clunky to use. Maybe that's due to me having used Eudora for the last 10 years or so.

Link to comment
Share on other sites

Auggy, ok, there is no default built-in functionality for Outlook 2000 to automatically read mail in plain text but Russ Cooper, moderator for the NTBugtraq listserv created a COM add-in that does it. It can be a bit quirky at times but it is better than nothing.

 

Now, this add-in does not just display the mail in plain text, it actually converts it to plain text as it displays it. This means, any special formatting is lost forever. For me, I didn't care. I'd rather lose a little bit now and then (mostly, I lost the ability to click on a link...it displayed it as just text and not a hyperlink so I had to copy and paste into a browser) to have more piece of mind with my Outlook Security.

 

http://www.ntbugtraq.com/default.aspx?pid=...F=N&H=0&O=D&T=0

 

You might also want to read some of the links here for other quirks regarding the NoHTML COM add-in.

 

http://www.ntbugtraq.com/default.aspx?pid=...tml&s=&f=&a=&b=

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...