---

COMPUTER HELP DESK Virus Updates & PC Hints

Attention:

The Web Doctors surgery is now open. Doc Steley has offered members advice on Internet Security, Virus, Trojans, Firewalls and other related issues. He can also advise you of other operating systems to create your own network of computers at home. The Web Doctor's page has been added to help YOU the members with ANY computer related problems, questions or advice so take advantage of this generous offer. 

Stop your Virus in its Tracks !

When or if a worm virus gets into your computer it goes straight for your email address book and immediately sends itself to every address it finds, thus infecting all your business contacts, friends and associates. The following simple steps will not keep the virus from getting into your computer, but they will:

- immediately alert you to the fact a worm virus has penetrated into your computer
- stop the worm virus from using your address book to spread and multiply itself further

1 October 2002 - Bun Bear Virus

Rick Steley has sent this address for a stand alone removal tool of the BugBear Virus. http://www.mcafeeb2b.com/naicommon/avert/avert-research-center/tools.asp

Greg Penicuick Has found another good Virus catcher for those who have had trouble with Nortons. www.centralcommand.com and look in downloads for Vexira under evaluations for trial period. reg.no. 963256

16 August 2002

Greg Shimmen has joined Internet Alert (subscription about $49.00 per annum). He says that it gives a Log for any internet intruder with date and time of attack and which port. It also produces a map of address of intruder. The ISP is also given if found. Prevents intrusion into computer. I had one and displayed a map of the intruder in Texas and the ISP. You might want to check this out.

11 August 2002

Microsoft * 5-Minute Adviser - Security For Home Office Set-Ups * Protect your vital home office data. Check out this 5-Minute Adviser on home office security fundamentals - from taking proactive steps to ensure your software is up to date to virus scanners, firewalls and privacy tools - to ensure your PC is secure as can be. http://www.microsoft.com/technet/treeview/default.asp?url=/technet/columns/security/5min/5min-105.asp

3 August 2002

Central Command, a leading provider of PC anti-virus software and computer security services today released its monthly listing of the top twelve viruses reported for July, 2002. The report, coined the "Dirty Dozen", is based on the number of virus occurrences confirmed through Central Command's Emergency Virus Response Team. The table below represents the most prevalent viruses for July 2002, number one being the most frequent.

Ranking

1. Worm/Klez.E (includes G variant) 57.3%
2. W32/Elkern.C 16.8%
3. Worm/W32.Sircam 4.4%
4. W32/Yaha.E 4.3%
5. W32/Nimda 2.6%
6. Worm/Frethem.L 2.2%
7. W32/Magistr.B 2.0%
8. W95/Hybris 1.6%
9. Worm/Badtrans.B 0.9%
10. W95/CIH 0.5%
11. W32/Funlove 0.3%
12. W32/Magistr.A 0.3%
Others 6.8%

"In July, we finally saw a slight decrease in the number of tracked viruses from a prior month," said Steven Sundermeier product manager at Central Command, Inc. "Whether this is due to an increasing awareness of malicious code or simply because more users are on vacation and away from their computers, it's a trend we hope will continue."

Worm/Frethem.L, the new Frethem variant that arrived with the subject line "Your password!" debuted this month at number six. Also note-worthy for July, the growing list of worms exploiting security holes in the Kazaa and other file-sharing and Peer-2-Peer networks.

5 July 2002

Beware of Hoax - jdbgmgr.exe

This is a hoax that, like the SULFNBK.EXE Warning hoax, tries to persuade you to delete a legitimate Windows file from your computer. The file that the hoax refers to, Jdbgmgr.exe, is a Java Debugger Manager. It is a Microsoft file that is installed when you install Windows. It has a teddy bear icon as described in the hoax.

If it is too late and you fell for it, to restore the file, follow the instructions in the Microsoft Knowledge Base article Virus Hoax: Microsoft Debugger Registrar for Java (Jdbgmgr.exe) Is Not a Virus (Q322993).

If you get this email do not follow it as it is a hoax!

To everyone in my address book - I just received this alert and found the virus on my computer. Please eradicae it in yours. The virus, called jdbgmgr.exe is NOT detected by Norton or McAfee anti-virus systems. The virus sits quietly for 14 days before damaging the system. It is sent automatically by the messenger and by the address book, whether or not you sent e-mails to your contacts.

I have checked my computer, found it and deleted it. Here is how to check for the virus and delete it.

1. Go to Start, Find or Search option
2. In the files/folders option write the name jdbgmgr.exe
3. Be sure you search the c:drive
4. Click "find now"
5. The virus has a teddy bear icon with the name jdbgmgr.exe
6. DO NOT OPEN IT!!!!!!!!!!
7. Right click and delete it. It will then go to the recycle bin
8. Go to the recylce bin and delete it there as well by right clicking on the icon
(DO NOT LEFT CLICK AND OPEN IT)

If you find the virus as I did, you must contact all the people in your address book so they can eradicate it in their own address books. I apologize for this, but it is almost a given that everyone in my address book will have this. I would do this ASAP as I don't know how long it has been on my computer. I got the note from someone who has us in their address book.

Regards - Jenni

3 July 2002

MEDINA, Ohio July 1, 2002 - Central Command, a leading provider of PC anti-virus software and computer security services today released its monthly listing of the top twelve viruses reported for June, 2002. The report, coined the "Dirty Dozen", is based on the number of virus occurrences confirmed through Central Command's Emergency Virus Response Team.

The table below represents the most prevalent viruses for June 2002, number one being the most frequent.

Ranking Virus Name Percentage

1. Worm/Klez.E (G) 60.2%

2. W32/Elkern.C 24.5%

3. Worm/W32.Sircam 3.9%

4. W32/Yaha.E 2.6%

5. W32/Nimda 2.3%

6. W32/Magistr.B 1.9%

7. Worm/Frethem.D 1.6%

8. Worm/Badtrans.B 0.7%

9. W95/CIH 0.4%

10. W95/Hybris 0.4%

11. W32/Magistr.A 0.2%

12. Worm/Shakira 0.1%

Others 1.2%

"While Worm/Klez continued its relentless march in the history books, we once again saw much focus on exploiting high profile events and celebrities this month," said Steven Sundermeier product manager at Central Command, Inc. "The global exposure of the World Cup brought a frenzy of new worms and viruses, as did the growing popularity of Latino pop star Shakira."

Disguised as a friendship screensaver, W32/Yaha.E entered the Dirty Dozen at number four. Other new viruses for this month included Worm/Frethem.D an Internet worm masquerading as a decrpyted password and W32/Perrun, a proof-of-concept JPEG fileinfector.

27th June 2002

You may receive an apparently harmless email with a PowerPoint presentation called "Life is beautiful.pps." If you receive it DO NOT OPEN THE FILE UNDER ANY CIRCUMSTANCES, and delete it immediately. If you open this file, a message will appear on your screen saying: "It is too late now, your life is no longer beautiful", subsequently will LOSE EVERYTHING IN YOUR PC and the person who sent it to you will gain access to your name, email and password. Another Microsoft Outlook initiated virus.

Worm/Mars - An Internet worm that spreads through e-mail by using addresses it collects in the Microsoft Outlook Address Book.

Worm/Wyrm - An Internet worm that spreads through e-mail by using addresses it collects in the Microsoft Outlook Address Book, as well as, through the use of the Internet Rely Chat (IRC) network.

Worm/Doctor - An Internet worm that spreads through e-mail by using addresses it collects in the Microsoft Outlook Address Book.

Worm/Brazil - An Internet worm that spreads through e-mail by using addresses it collects in the Microsoft Outlook Address Book, as well as, through the use of the Internet Rely Chat (IRC) network.

Worm/BWG.F - An Internet worm that spreads through e-mail byusing addresses it collects in the Microsoft Outlook Address Book, as well as, through the use of the Internet Rely Chat (IRC) network.

Worm/P2P.Shermnar - An Internet worm that uses the file exchange P2P network Kazaa to spread itself.

W32/Yaha.E - An modification of Worm/Lentin (Valentine.scr), an Internet worm that spreads by retrieving e-mail addresses from the Windows Address Book, as well as, from addresses found in cached webpages(HTM, HTML and HTA files). In addition, to these methods, W32/Yaha.E also can spread through contacts it finds in the MSM Messanger and the ICQ database list.

Source http://support.centralcommand.com

Frequently Asked Questions (FAQ)

Q: I know my PC is clean but people are complaining about receiving e-mail containing a virus originating from my email address. How come?

A: Although your own system may be clean the latest viruses may use your address to send email from a third party machine. If a machine becomes infected, the virus may select your address from those stored on that machine,in the address book. It then sends email purporting to be from your email address. Unfortunately because the email is originating from an unknown machine other than your own there is very little that can be done without locating that machine.

Q: Why is it that most virus originate from Microsoft Outlook?

A: The hackers find that it is so much easier to spread the virus through Microsoft products as they are all designed to integrate with each other. One solution that reduces the risk is to use a non Microsoft product. I use Netscape Communicator, a component of Navigator which can be downloaded free at http://home.netscape.com/.

Stop your Virus in its Tracks !


When or if a worm virus gets into your computer it goes straight for your email address book and immediately sends itself to every address it finds, thus infecting all your business contacts, friends and associates.

The following simple steps will not keep the virus from getting into your computer, but they will:

- immediately alert you to the fact a worm virus has penetrated into your computer
- stop the worm virus from using your address book to spread and multiply itself further

The steps are:

1. open your address book and click on "new contact/new card" just as you would do if you were adding a new business contact or friend to your list of email addresses.
2. in the window where you would type your friend's first name, type in !!!!!!000 ie put in as many exclamation marks as it takes at the head of you address book followed by three (3) zeros
3. in the window below where you are prompted to enter the new email address, type: WormAlert. (a window will pop up with the message that WormAlert is not a valid email address, and do you still want to use it)
4. click on the 'YES' button.
5. complete everything by clicking add, enter, OK, etc.

What have you done? Why does it work?

Answer:

q The "name" !!!!!!!!000 will be placed at the top of your address book as entry #1. This will be where worms virus start in an effort to send themselves to all the addresses in your address book.
q When it tries to send itself to !!!!!!!000, it is undeliverable because of the invalid email address you entered (WormAlert).
q When the first attempt fails - which it will because of the invalid address - the worm virus
goes no further. Your business contacts, and your friends will not be infected.

The second great advantage of this method:

When an email cannot be delivered, almost immediately you are notified of the fact in your In Box.

This is a Red Alert Warning.

If you ever you ever receive an email telling you that an email addressed to WormAlert could not be delivered, you know right away that:

you have the worm virus in your system.

You can immediately take steps to get rid of the worm virus by using you anti-virus program!

Five simple but very effective steps.