for all your computing needs
VIRUSES
What is a virus?
A computer virus is a small program written to alter the way a computer operates, without the permission or knowledge of the user. A virus must meet two criteria:
It must execute itself. It will often place its own code in the path of execution of another program.
It must replicate itself. For example, it may replace other executable files with a copy of the virus infected file. Viruses can infect desktop computers and network servers alike.
Some viruses are programmed to damage the computer by damaging programs, deleting files, or reformatting the hard disk. Others are not designed to do any damage, but simply to replicate themselves and make their presence known by presenting text, video, and audio messages. Even these benign viruses can create problems for the computer user. They typically take up computer memory used by legitimate programs. As a result, they often cause erratic behavior and can result in system crashes. In addition, many viruses are bug-ridden, and these bugs may lead to system crashes and data loss.
There are five recognized types of viruses:
File infector viruses: File infector viruses infect program files. These viruses normally infect executable code, such as .com and .exe files. The can infect other files when an infected program is run from floppy, hard drive, or from the network. Many of these viruses are memory resident. After memory becomes infected, any non- infected executable that runs becomes infected. Examples of known file infector viruses include Jerusalem and Cascade.
Boot sector viruses: Boot sector viruses infect the system area of a disk--that is, the boot record on floppy disks and hard disks. All floppy disks and hard disks (including disks containing only data) contain a small program in the boot record that is run when the computer starts up. Boot sector viruses attach themselves to this part of the disk and activate when the user attempts to start up from the infected disk. These viruses are always memory resident in nature. Most were written for DOS, but, all PCs, regardless of the operating system, are potential targets of this type of virus. All that is required to become infected is to attempt to start up your computer with an infected floppy disk Thereafter, while the virus remains in memory, all floppy disks that are not write protected will become infected when the floppy disk is accessed. Examples of boot sector viruses are Form, Disk Killer, Michelangelo, and Stoned.
Master boot record viruses: Master boot record viruses are memory resident viruses that infect disks in the same manner as boot sector viruses. The difference between these two virus types is where the viral code is located. Master boot record infectors normally save a legitimate copy of the master boot record in an different location. Windows NT computers that become infected by either boot sector viruses or master boot sector viruses will not boot. This is due to the difference in how the operating system accesses its boot information, as compared to Windows 95/98. If your Windows NT systems is formatted with FAT partitions you can usually remove the virus by booting to DOS and using antivirus software. If the boot partition is NTFS, the system must be recovered by using the three Windows NT Setup disks. Examples of master boot record infectors are NYB, AntiExe, and Unashamed.
Multi-partite viruses: Multi-partite (also known as polypartite) viruses infect both boot records and program files. These are particularly difficult to repair. If the boot area is cleaned, but the files are not, the boot area will be reinfected. The same holds true for cleaning infected files. If the virus is not removed from the boot area, any files that you have cleaned will be reinfected. Examples of multi-partite viruses include One-Half, Emperor, Anthrax and Tequilla.
Macro viruses: These types of viruses infect data files. They are the most common and have cost corporations the most money and time trying to repair. With the advent of Visual Basic in Microsoft's Office 97, a macro virus can be written that not only infects data files, but also can infect other files as well. Macro viruses infect Microsoft Office Word, Excel, PowerPoint and Access files. Newer strains are now turning up in other programs as well. All of these viruses use another program's internal programming language, which was created to allow users to automate certain tasks within that program. Because of the ease with which these viruses can be created, there are now thousands of them in circulation. Examples of macro viruses include W97M.Melissa, WM.NiceDay and W97M.Groov.
What is a Trojan horse?
Trojan Horses are impostors--files that claim to be something desirable but, in fact, are malicious. A very important distinction between Trojan horse programs and true viruses is that they do not replicate themselves. Trojans contain malicious code that when triggered cause loss, or even theft, of data. For a Trojan horse to spread, you must, invite these programs onto your computers--for example, by opening an email attachment or downloading and running a file from the Internet. The PWSteal.Trojan is a Trojan.
What is a worm?
Worms are programs that replicate themselves from system to system without the use of a host file. This is in contrast to viruses, which requires the spreading of an infected host file. Although worms generally exist inside of other files, often Word or Excel documents, there is a difference between how worms and viruses use the host file. Usually the worm will release a document that already has the "worm" macro inside the document. The entire document will travel from computer to computer, so the entire document should be considered the worm. PrettyPark.Worm is a particularly prevalent example.
What is a virus hoax?
Virus hoaxes are messages, almost always sent by email, that amount to little more than chain letters. Some of the common phrases used in these hoaxes are:
If you receive an email titled [email virus hoax name here], do not open it!
Delete it immediately!
It contains the [hoax name] virus.
It will delete everything on your hard drive and [extreme and improbable danger specified here].
This virus was announced today by [reputable organization name here].
Forward this warning to everyone you know!
Most virus hoax warnings do not deviate far from this pattern. If you are unsure if a virus warning is legitimate or a hoax, additional information is available at:
http://www.symantec.com/avcenter/hoax.html
What is not a virus?
Because of the publicity that viruses have received, it is easy to blame any computer problem on a virus. The following are not likely to be caused by a virus or other malicious code:
Hardware problems. There are no viruses that can physically damage computer hardware, such as chips, boards, and monitors.
The computer beeps at startup with no screen display. This is usually caused by a hardware problem during the boot process. Consult your computer documentation for the meaning of the beep codes.
The computer does not register 640 K of conventional memory. This can be a sign of a virus, but it is not conclusive. Some hardware drivers such as those for the monitor or SCSI card can use some of this memory. Consult with your computer manufacturer or hardware vendor to determine if this is the case.
You have two antivirus programs installed and one of them reports a virus. While this could be a virus, it can also be caused by one antivirus program detect the other program's signatures in memory.
You are using Microsoft Word and Word warns you that a document contains a macro. This does not mean that the macro is a virus.
You are not able to open a particular document. This is not necessarily an indication of a virus. Try opening another document or a backup of the document in question. If other documents open correctly, the document may be damaged.
The label on a hard drive has changed. Every disk is allowed to have a label. You can assign a label to a disk by using the DOS Label command of from within Windows.
When running ScanDisk, your virus software Auto-Protect reports virus-like activity. The following are two possible solutions:
Disable Auto-Protect
Start your virus software, and temporarily disable Auto-Protect
Run ScanDisk and let it fix the errors.
Re-enable Auto-Protect.
Change a ScanDisk option
Start ScanDisk and Choose to run a thorough scan.
Click Options.
Uncheck "Do not perform write testing."
Run ScanDisk again.
What is safe computing?
With all the hype, it is easy to believe that viruses lurk in every file, every email, every Web site. However, a few basic precautions can minimize your risk of infection. Practice safe computing and encourage everyone you know to do so as well.
General precautions
Do not leave a floppy disk in the floppy disk drive when you shut down or restart the computer.
Write-protect your floppy disks after you have finished writing to them.
Be suspicious of email attachments from unknown sources.
Verify that attachments have been sent by the author of the email. Newer viruses can send email messages that appear to be from people you know.
Do not set your email program to "auto-run" attachments.
Obtain all Microsoft security updates.
Back up your data frequently. Keep the (write protected) media in a safe place--preferably in a different location than your computer.
Specific to your virus software
Make sure that you have the most recent virus definitions. We recommend that you run Live Update at least once per week. Symantec Security Response updates virus definitions in response to new virus threats.
Make sure that you have set your virus software to scan floppy disks on access and at shutdown. Please see your User's Guide for information on how to do this in your version of your virus software.
Always keep your virus software Auto-Protect running. It is now strongly recommends that you have your virus software set to scan all files, not just program files.
Scan all new software before you install it. Because boot sector viruses spread by floppy disks and bootable CDs, every floppy disk and CD should be scanned for viruses. Shrink-wrapped software, demo disks from suppliers, and trial software are not exempt from this rule. Viruses have been found even on retail software.
Scan all media that someone else has given you.
Use caution when opening email attachments. Email attachments are a major source of virus infections. Microsoft Office attachments for Word, Excel, and Access can be infected by Macro viruses. Other attachments can contain file infector viruses. your virus software Auto-Protect will scan these attachments for viruses as you open or detach them. If you have your virus software 2000, we recommend that you enable Email protection, which will scan email attachments before the email message is sent to your email. program.
NOTE: If you would like any information on how to remove any particular virus, email us the name of the virus, and we'll send you the information needed. Make sure you name the subject of your email "Virus Help" or it may be deleted.
SPYWARE AND ADWARE
Spyware:-
Spyware is any technology that aids in gathering information about a person or organization without their knowledge. On the Internet (where it is sometimes called a spybot or tracking software), spyware is programming that is put in someone's computer to secretly gather information about the user and relay it to advertisers or other interested parties. Spyware can get in a computer as a software virus or as the result of installing a new program.
Data collecting programs that are installed with the user's knowledge are not, properly speaking, spyware, if the user fully understands what data is being collected and with whom it is being shared. However, spyware is often installed without the user's consent, as a drive-by download, or as the result of clicking some option in a deceptive pop-up window. adware, software designed to serve advertising, can usually be thought of as spyware as well because it almost invariably includes components for tracking and reporting user information.
The cookie is a well-known mechanism for storing information about an Internet user on their own computer. However, the existence of cookies and their use is generally not concealed from users, who can also disallow access to cookie information. Nevertheless, to the extent that a Web site stores information about you in a cookie that you don't know about, the cookie mechanism could be considered a form of spyware.
Spyware is part of an overall public concern about privacy on the Internet
ADWARE:-
Generically, adware (spelled all lower case) is any software application in which advertising banners are displayed while the program is running. The authors of these applications include additional code that delivers the ads, which can be viewed through pop-up windows or through a bar that appears on a computer screen. The justification for adware is that it helps recover programming development cost and helps to hold down the cost for the user.
Adware has been criticized because it usually includes code that tracks a user's personal information and passes it on to third parties, without the user's authorization or knowledge. This practice has been dubbed spyware and has prompted an outcry from computer security and privacy advocates, including the Electronic Privacy Information Center.
These are some known spyware and adware to show up on your computer.
File Name and Description
mwsoemon.exe MyWebSearch toolbar
webrebates1.exe TopRebates hijacker/adware
webrebates0.exe TopRebates hijacker/adware
wtoolsa.exe HuntBar spyware
wsup.exe HuntBar spyware
gmt.exe Gator adware
cmesys.exe Gator adware
wtoolss.exe HuntBar spyware
optimize.exe MoneyTree Dialer
bargains.exe Bargain Buddy
save.exe WhenU SaveNow adware
msbb.exe 180Solutions adware
actalert.exe MoneyTree Dialer
istsvc.exe IST adware/hijacker
asm.exe Brilliant Digital Spyware
syncroad.exe Evil x 2.0
precisiontime.exe Gator adware
autoupdate.exe Apropos Media adware
vvsn.exe WhenU ClockSync
dmserver.exe Comet Download Manager
updmgr.exe KeenValue spyware
winsync.exe Evil-X
hbinst.exe Hotbar adware/spyware
sync.exe WhenU Adware
If you have any problems removing them, email us and we'll show you how.
PHISHING
What is Phishing?
Phishing attacks use 'spoofed' e-mails and fraudulent websites designed to fool recipients into divulging personal financial data such as credit card numbers, account usernames and passwords, social security numbers, etc. By hijacking the trusted brands of well-known banks, online retailers and credit card companies, phishers are able to convince up to 5% of recipients to respond to them.
I was recently attacked by an ebay phishing scam and it was quite upsetting. It is very important to know what to do if this happens to you. Please read:-
The email looked just like an email from Ebay, and the contact of that email read as follow
You have received this email because we have strong reason to believe that your ebay account had been recently compromised. in order to prevent any fraudulent activity from occurring we are required to open an investigation into this matter. to speed up this process, you are required to verify your ebay account by following the link below."
(Links not included)
Please note: if your account information's are not updated within the next 72 hours, then we will assume this account is fraudulent and will be suspended. we apologize for this inconvenience, but the purpose of this verification is to ensure that your ebay account has not been fraudulently used and to combat fraud.
I sent this letter to EBay's Security centre and here is a copy of their reply.
--------------------------------------------------------------------------------
Hello,
Thank you for writing to eBay regarding the email you received.
Emails such as this, commonly referred to as "spoof" or "phished"
messages, are sent in an attempt to collect sensitive personal or
financial information from the recipients.
The email you reported was not sent by eBay. We have reported this email to the appropriate authorities.
In the future, be very cautious of any email that asks you to submit
information such as your credit card number or your email password. eBay will never ask you for sensitive personal information such as passwords, bank account or credit card numbers, Personal Identification Numbers
(PINs), or Social Security Numbers in an email. If you ever need to
provide sensitive information to us, please open a new Web browser, type www.ebay.com into your browser address field, and click on the "site
map" link located at the top the page to access the eBay page you need.
If you have any doubt about whether an email message is from eBay,
please forward it immediately to spoof@ebay.com. Do not respond to it or click any of the links. Do not remove the original subject line or
change the email in any way when you forward it to us.
If you have already entered sensitive financial information or your
password into a Web site based on a request from a spoofed email, you
should take immediate action to protect your identity and all of your
online accounts. We have developed an eBay Help page with valuable
information regarding the steps you should take to protect yourself.
http://pages.ebay.com/help/confidence/isgw-account-theft-reporting.html
To review eBay's new tutorial about Spoof Emails, please see the
following Web page:
http://pages.ebay.com/education/spooftutorial/
Once again, thank you for alerting us to the spoof email you received.
Your efforts help us ensure that eBay remains a safe and vibrant online
marketplace.
Regards,
Ande
eBay SafeHarbor
Investigations Team
______________________________
eBay
Your Personal Trading Community (tm)
*******************************************
bravenet.com