|
 |
|
 |
| Tuesday, February 07, 2012
|
| Register Login |
 |
|
|
|
|
Users currently online
|
 |
|
|
|
 |
Membership: |
 |
Latest:
kevin |
 |
New Today:
0 |
 |
New Yesterday:
0 |
 |
Overall:
56 |
 |
People Online: |
 |
Visitors:
4 |
 |
Members:
0 |
 |
Total:
4 |
Online Now:
|
|
|
|
|
|
|
|
|
|
Welcome to the Viruswarning forums. All your original content has been ported to the new forums as well as new content and additional opportunities to interact with the authors of Viruswarn.com. You can always access old content at www.leedrake.com/forum . You may find some formatting was lost in the conversion and the older versions of the posts to be more readable....
But at least it's all here.
Enjoy!
|
|
|
|
|
|
Viruswarn Forums
|
|
|
|
|
| You are not authorized to post a reply.
|
|
| Author |
Messages |
|
Lee Drake
Posts:238
 |
| 05/20/2002 1:37 PM |
|
| This is actually an OLD virus that's being "re-spread". If you've been
following our advice on updating your copies of Outlook Express and Outlook,
and have adequate virus signatures installed you needn't worry - it will be
caught and dealt with . For those that have NOT updated you should do so
immediately.
Lee Drake
Some names being used;
Trend Micro: VBS_VALENTIN.A
NAI Avert Labs: VBS/Valentin@MM
F-Secure: Valentine
Sophos: VBS/Valentin-A
Symantec: VBS.Valentin@mm
What It Does
This script will create an HTA file on your drive that will execute on next
reboot. At that time it will mail itself to everyone on your mailing list.
In addition, on the 8, 14, 23, 29 of any month it will replace all files on
the disk with .TXT files of the same name (but not the same content),
effectively eliminating the contents of the drive(s).
How to Protect Yourself
As always, the best protection against such attacks is to use caution when
opening messages of a suspicious nature that arrive from people you know.
This goes double for messages that come with attachments. Regretfully, the
best policy to have with regard to mail with attachments is to confirm by
another means that the message is authentic before you open it. You can most
easily do this by sending a new message to the person who sent you the
unexpected attachment. If the sender replies that he or she did not send you
such a message, discard the message and its attachment at once and ask the
sender to investigate.
Additionally, most good antivirus programs these days will scan and clean
incoming email messages BEFORE they hit your email client. Norton Antivirus
for instance has this ability. Be sure it's enabled and your virus
signatures are up to date.
This particular bug exploits a weakness in a particular script file that is
marked safe for scripting that should not be. You can eliminate this
weakness by upgrading to the current version of IE 5.01 or 5.5.
(http://windowsupdate.microsoft.com)
If you feel the need for additional protection, see the instructions below
for how to enable heuristic scanning.
Caution!
Be aware that heuristic scanning may raise some false alarms. You should
carefully investigate and confirm any alert raised by your software's
heuristic scanner before you hit the panic button. Get expert assistance in
this regard if necessary. You will recognize such a message as follows:
Symantec will tell you that the report is from Hound Dog, which is what they
call their heuristic scanning module.
McAfee will identify the virus as being of "unknown type" or "New VBS."
Here are the instructions for several common brands of anti-virus software:
Symantec NAV 5.0:
1. Click Options.
2. Click the Scanner tab.
3. Click Heuristics.
4. Make sure that "Enable Bloodhound" is checked.
5. Move the slider all the way to the right, and then click OK.
6. Click the Auto-Protect tab.
7. Click Heuristics.
8. Make sure that "Enable Bloodhound" is checked.
9. Move the slider all the way to the right, and then click OK.
10. Click OK.
Symantec NAV 2000:
1. Click Options.
2. In the Options list, double-click Manual Scans.
3. In the Options list, under Manual Scans, click Bloodhound.
4. Make sure that "Enable Bloodhound" is checked.
5. Move the slider to Highest level of protection.
6. In the Options list, double-click Auto-Protect.
7. In the Options list, under Auto-Protect, click Bloodhound.
8. Make sure that "Enable Bloodhound" is checked.
9. Move the slider to Highest level of protection.
10. Click OK.
McAfee VirusScan 4.5:
1. Right-click the VirusScan Console icon in the lower right corner of your
task bar.
2. Highlight Vshield.
3. Click Task, then Properties.
4. Click Configure.
5. Click the button marked "Advanced."
6. Check the box marked "Enable heuristic scanning."
7. Click "Enable macro and program file heuristics scanning" to fully enable
the feature.
8. Click the button marked "Apply" to enable the new settings.
9. Click the button marked "Download Scan."
10. Click the button marked "Advanced."
11. Check the box marked "Enable heuristic scanning."
12. Click "Enable macro and program file heuristics scanning" to fully
enable the feature.
13. Click the button marked "Apply" to enable the new settings.
14. Click on the "OK" button.
15. The system will prompt. "System Scan will be loaded on startup. Would
you like to load it now?" Click Yes to do so.
Further Details
For those who are interested, you can read further about this worm at any of
the following locations:
McAfee: http://vil.nai.com/vil/dispVirus.asp?virus_k=99010
Symantec:
http://service1.symantec.com/sarc/sarc.nsf/html/VBS.Valentin@mm.html
F-Secure/DataFellows: http://www.europe.f-secure.com/v-descs/valenti.shtml
NIPC: None in particular found
Summary
Never open attachments you're not expecting. Keep your signatures up to
date and turn on heuristics. Be wary of messages with attachments that
don't have adequate and plausible explanations, and that you are expecting.
NEVER open anything with a .vbs attachment (no matter what's before it).
This concludes this VirusWarn notice.
Lee Drake, Moderator |
|
|
|
|
|
| You are not authorized to post a reply. |
|
|
|
ActiveForums 3.6
|
|
|
|
|
|
|
|
|
|
|
|