Search the web
Sign In
New User? Sign Up
TheFaceOfBach · Study of the Portraits of J. S. Bach
  • Members Only
  • Post
  • Files
  • Photos
  • Links
  • Database
  • Polls
  • Members
  • Calendar
  • Promote
  • Groups Labs (Beta)
? Already a member? Sign in to Yahoo!

Yahoo! Groups Tips

Did you know...
Real people. Real stories. See how Yahoo! Groups impacts members worldwide.

Best of Y! Groups

   Check them out and nominate your group.
Having problems with message search? Fill out this form to ensure your group is one of the first to be migrated to the new message search system.

Messages

   Messages Help
Message #
Search:
Advanced
Warning!!!!!! - Another Vicious Computer Virus!   Message List  
Reply | Forward Message #51 of 199 |
Pardon the intrusion, but from what I can tell, if you ignore  Goner, you're a goner!

This is another virus to take seriously.  It has to be if it made The New York Times.

I annex the article from the Times, and, after the article, an e-mail that was forwarded to me by my good friend Mark Windisch, an e-mail that sets forth an explanation of how to get rid of the virus should it infect your computer.

I chant again my mantra:

If you don't have a good anti-virus program on your computer, please get one.  If you have one, please keep it up to date!

My best always,

Teri

P. S.:  Thanks again, Mark!

Click here: They Looked, They Clicked, a New E-Mail Virus Conquered

December 5, 2001


They Looked, They Clicked, a New E-Mail Virus Conquered

By JOHN SCHWARTZ



Get Stock Quotes
Look Up Symbols

 

Portfolio |  Company Research
U.S. Markets |  Int. Markets
Mutual Funds |  Bank Rates
Commodities & Currencies




new malicious computer virus named Goner began making the rounds of the online world yesterday like an Internet IQ test. Anyone who has not learned the most important computer security message of the last two years — do not open any unexpected files that come attached to e-mail messages — ends up infecting the computer.Once installed, the Goner program — technically known as a worm — looks for and deletes a number of programs, including Internet security programs like ZoneAlarm. If the victim uses the Microsoft (news/quote) Outlook e- mail program, Goner sends itself to those in the e-mail address book. It can also be spread through ICQ, an Internet instant-message system.Like several predecessors, the new virus spread quickly, affecting companies and individuals using Microsoft Outlook, according to experts at several computer security companies. One, Network Associates (news/quote), said customers had reported more than 100,000 infected machines. Because it is new, Goner is not automatically blocked by many security screens looking for features of older viruses. Most antivirus companies had patches ready yesterday.The program arrives in an e-mail message that says, "When I saw this screen saver, I immediately thought about you," and, "I am in a harry [sic], I promise you will love it!" The file attached to the message is named "Gone.scr.""If that doesn't look like a virus, nothing does," scoffed David M. Perry, the global director of education for Trend Micro (news/quote), a computer security company based in Tokyo. Despite extensive warnings, he said, people still open unexpected attachments. "They call and say, `I downloaded it and I clicked on it — what should I have seen?' "" `Your pink slip,' " he explained in a mock response, " `because you're an idiot.' "


Home | Back to Technology | Search | Help Back to Top



Subj: Fwd: [HANDEL-L] OT info on today's high-risk GONER virus
Date: 12/5/01 6:09:02 AM Eastern Standard Time
From: MWindi4108
To: TeriNoelTowe



As promised
-----------------
Forwarded Message:
Subj: [HANDEL-L] OT info on today's high-risk GONER virus
Date: 12/4/01 5:23:01 PM Eastern Standard Time


From:    Jill.Gunsell@... (Jill)
Reply-to:    handel-l@yahoogroups.com
To:    BachCantatas@yahoogroups.com (Bach Cantatas), BACH-LIST@... (Bach), andreasschollsociety@yahoogroups.com (SchollSoc), orfeo@yahoogroups.com (Orfeo), handel-l@yahoogroups.com (Handel List)

Hi

Pls forgive cross posting but this has already been a bad week for viruses
and McAfee is issuing red warnings on this one today.

Symptoms and fix pasted below.

Jill



See also
http://www.mcafee.com/anti-virus/viruses/Goner/

GONER is a HIGH RISK virus that spread via Microsoft Outlook and can be
spread via ICQ. This is a mass mailing worm that attempts to send itself to
all entries in the Outlook Address book. The virus will arrive with the
following email message:
Subject: Hi
Body:
How are you ?
When I saw this screen saver, I immediately thought about you
I am in a harry, I promise you will love it!

Attachment: GONE.SCR

Running this attachment infects the local system.

When run, the worm displays a message box entitled, "About"

If you run the attachment, the worm copies itself into SYSTEM in the
%WinDir% folder and adds the following registry key in order to get started
upon boot:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
Run\C:\%WINDIR%\SYSTEM\gone.scr=C:\%WINDIR%\SYSTEM\gone.scr

The worm also attempts to delete the following files:
APLICA32.EXE
ZONEALARM.EXE
ESAFE.EXE
CFIADMIN.EXE
CFIAUDIT.EXE
CFINET32.EXE
PCFWallICON.EXE
FRW.EXE
VSHWIN32.EXE
NAVW32.EXE
_AVP32.EXE
_AVPCC.EXE
_AVPM.EXE
AVP32.EXE
AVPCC.EXE
AVPM.EXE
AVP.EXE
LOCKDOWN2000.EXE
ICLOAD95.EXE
ICMON.EXE
ICSUPP95.EXE
ICLOADNT.EXE
ICSUPPNT.EXE
TDS2-98.EXE
TDS2-NT.EXE
SAFEWEB.EXE



Manual Removal Instructions
WINDOWS 95/98/ME
Restart Windows in Safe Mode (reboot your computer, just before the large
WINDOWS startup screen comes up, hit the F5 key). You can recognize that
you're in Safe Mode by the text Safe Mode in the 4 corners of the desktop.
Click START | FIND | Files or Folders ...
Type Gone.scr and hit ENTER
Delete GONE.SCR (if present)
Click START | RUN, type REGEDIT and hit ENTER
Click the (+) next to HKEY_LOCAL_MACHINE
Click the (+) next to SOFTWARE
Click the (+) next to MICROSOFT
Click the (+) next to WINDOWS
Click the (+) next to CURRENTVERSION
Click RUN
Click on C:\WINDOWS\SYSTEM\gone.scr on the right and hit DELETE on the
keyboard
Restart the computer
Additional Windows ME Info:
NOTE: Windows ME utilizes a backup utility that backs up selected files
automatically to the C:\_Restore folder. This means that an infected file
could be stored there as a backup file, and VirusScan will be unable to
delete these files. These instructions explain how to remove the infected
files from the C:\_Restore folder.
Disabling the Restore Utility
1. Right click the My Computer icon on the Desktop.
2. Click on the Performance Tab.
3. Click on the File System button.
4. Click on the Troubleshooting Tab.
5. Put a check mark next to "Disable System Restore".
6. Click the Apply button.
7. Click the Close button.
8. Click the Close button again.
9. You will be prompted to restart the computer. Click Yes.
NOTE: The Restore Utility will now be disabled.
10. Restart the computer in Safe Mode.
11. Run a scan with VirusScan to delete all infected files, or browse the
file's located in the C:\_Restore folder and remove the file's.
12. After removing the desired files, restart the computer normally.
NOTE: To re-enable the Restore Utility, follow steps 1-9 and on step 5
remove the check mark next to "Disable System Restore". The infected file's
are removed and the System Restore is once again active.


------------------------ Yahoo! Groups Sponsor ---------------------~-->
See What You've Been Missing!
Amazing Wireless Video Camera.
Click here
Click Here!
---------------------------------------------






 

Wed Dec 5, 2001 12:08 pm

Show Message Option
terinoeltowe
Offline Offline
Send Email Send Email

Forward 		Message #51 of 199 |
Expand Messages Author Sort by Date

Pardon the intrusion, but from what I can tell, if you ignore Goner, you're a goner! This is another virus to take seriously. It has to be if it made The New... 		TeriNoelTowe@...
terinoeltowe
Offline Send Email 		Dec 5, 2001
12:19 pm
< Prev Topic  |  Next Topic >
Message #
Search:
Advanced
Copyright © 2009 Yahoo! Inc. All rights reserved.
Privacy Policy - Terms of Service - Guidelines - Help