rec.autos.simulators

Count is 6 so far here, but I'm using Netscape for mail and news..:-)

Beers and cheers
(uncle) Goy

http://www.racesimcentral.net/
http://www.racesimcentral.net/

"A woman is an occasional pleasure but a cigar is always a smoke"
--Groucho Marx--

Trend Anti Virus is usually the first. (www.trend.com)

Here is some info from Trend on the virus:

http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=WORM_B...
.B

For the record, I usually suggest Trend as the Anti-Virus Soft for any
clients/friends.

Cheers,
Schumi

http://www.sarc.com/avcenter/cgi-bin/virauto.cgi?vid=26784

For the record, I like NAV and dislike Trend Micro. I have only tried their 3rd party add-on product, though, but that was really
bad. No costumization of settings, no email scanning, obscure messages.

/Jens

http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=WORM_B...

J. Janasov

Tis always good to have companies like that fighting for bragging rights...
the consumer can only win :)

What prog were you using of Trend's BTW. PC-Cillin is excellent, and has a
snap-in for many email progs (which works great BTW), MS-Word Snap-In (to
avoid MS Macro-launched virii), as well as an abundance of all I/O scanning.

I have found it to have FAR less impact on system performance than NAV. But
I guess that is just my experience with the 2. AAMOF, my personal bias is
strong in this case... I find the system effects caused by NAV to be in a
lot of cases, worse than the viruses it protects us from themselves. But
again, I think it really boils down to personal pref., and individual
experiences.

I'll leave of an ironic note. Did you know that "technically" Windows (all
flavors) is actually a virus by definition? A Wonder Twins High Five if
anyone can tell me why ;)

Cheers,
Schumi

their 3rd party add-on product, though, but that was really

I guess whatever works for you is the best possible AV program, right ?
:-)

Beers and cheers
(uncle) Goy

"The Pits"    http://www.theuspits.com/

* Spam is for losers who can't get business any other way *
"Spamkiller"    http://www.spamkiller.com

Cheers,
Schumi

From: http://www.cs.bgu.ac.il/~omri/Humor/win_is_virus.html

"No, Windows is not a virus. Here's what viruses do:

1. They replicate quickly - okay, Windows does that.
2. Viruses use up valuable system resources, slowing down the system as
they do so - okay, Windows does that.
3. Viruses will, from time to time, trash your hard disk - okay, Windows
does that too.
4. Viruses are usually carried, unknown to the user, along with valuable
programs and systems. Sigh... Windows does that, too.
5. Viruses will occasionally make the user suspect their system is too
slow (see 2) and the user will buy new hardware. Yup, that's with
Windows, too.

Until now it seems Windows is a virus but there are fundamental
differences:Viruses are well supported by their authors, are running on
most systems, their program code is fast, compact and efficient and they
tend to become more sophisticated as they mature.
So Windows is not a virus.
It's a bug. "

/Jens

Now before you all tell me to get a virus scanner - I allready got one....
:-)
I was checking my mail and got a notification from Norman about updated
detection files being availible....   While downloading the new package I
thought I'd take a look at the rest of my mail and BAM! - I got infected
while downloading the correct detection files that would have prevented it
all! :-P

All clean now tho...  it infects Kernel32.dll and it also create a file
called "kdll.dll" in the windows/system directory... (a backup of the old
kernel32.dll perhaps?  (I activated the virus several times before I had a
chance to delete it - so I most probably had an infected backup aswell))

--
ed_

Some more information for those who need it... :

----------

General characteristics
Type: Worm
Spreading mechanism: Email
Email characteristics:
Subject: Variable
Attachment: Variable name, built up by several pieces
Destructivity: Medium
Payload: Backdoor functionality
Detected by virus detection files published: 25 Nov 2001
Virus characteristics first published: 24 Nov 2001 00:00 (CET)
Virus characteristics latest update: 27 Nov 2001 10:20 (CET)
Additional description of malicious program
Type
This is a variant of the known Badtrans.A worm, updated with some new
tricks.

When run, it will copy itself to the Windows system directory under the name
KERNEL32.EXE - should not be mistaken for the Windows main library
KERNEL32.DLL.

It will also set a key in the registry
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\Kernel3
2 = KERNEL32.EXE
in order to execute automatically during startup.

Spreading mechanism
The worm uses the Microsoft Mail API to spread itself to addresses it finds
in the users address book, web browser cache and in documents in the "My
Documents" (or similar in local language) folder.

The "From:" address will often have been changed by the worm to have
underscore as first letter. Thus, attempting to reply to such an address
will normally bounce unless the underscore is removed.

The attachment name can consist of one of the following pieces:

fun
Humor
docs
info
Sorry_about_yesterday
Me_***
Card
SETUP
stuff
YOU_are_FAT!
HAMSTER
news_doc
New_Napster_Site
README
images
pics
S3MSONG
SEARCHURL

The attachment will have double extensions, where the first is either DOC,
MP3 or ZIP, and the second is either PIF or SCR.

Destructivity and Payload
Installs a keylogging utility, KDLL.DLL, in the Windows system directory.
This should not be confused with the file SKDLL.DLL which is an innocent
file included in some Windows installations.

Further comments
This worm, similar to the recent W32/Aliz and W32/Nimda worms, uses a
special trick to execute even if a mail is just opened or previewed in
Outlook/Outlook Express.

This is accomplished using a known security hole "Incorrect MIME Header Can
Cause IE to Execute E-mail Attachment".

Information and patch is available from:
http://www.racesimcentral.net/
bulletin/MS01-020.asp

The security hole is a known issue with Internet Explorer versions 5.01 and
5.5 without SP2 . Users who have this configuration should apply the
available patch.

Detection and removal
The worm will be detected and removed using def files from 25th Nov 2001 or
later. The keylogger utility KDLL.DLL may be safely deleted.

The registry key
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\Kernel3
2
may be deleted manually using REGEDIT. However, since the RunOnce key
normally is cleared after it's been referenced, it's normally enough to
reboot twice to remove it.

---------------

ed_

I have always been reading my mail on unix systems, except at work
where I have no choice. Never had a problem with any virus. (Surprise.)
--
  -asbjxrn

And I block anyone that sends me unsolicited email, you know the "I thought
you'd like this" type.
Leave their mail on the web server accounts

Quick Heal is also good, but I have a tendency not to trust software that
comes from that side of the world these days. :-(

When you use a variety of virus scanners you'd surprised at what you find in
some of your files if you download or save allot.
Some maybe false alarms, but then again it makes you think, do I really need
to save this?

Some of the latest trends with virus writers is hiding files in the
"Temporary Internet Files" folder of IE.

Here is a link to see the "Really Hidden Folders" of Windows.

http://www.***microsoft.com/content/ms-hidden-files.shtml

This maybe for the really paranoid, but on my computer that has been online
pretty much 24/7 since March 2001, it cleaned up 1.3gb of hard drive space.
This plus deleting the _RESTORE directory (700+mb) gave me a lot more
breathing room on a 13gb partition that seemed to fill up mysteriously. :-)
But be very careful if you aren't familiar with DOS commands.