Melissa virus is back

Jademan · 19-04-2001 2:06pm #1

http://www.silicon.com/public/door?REQUNIQ=987659360&6004REQEVENT=&REQINT1=43922&REQSTR1=newsnow

Hankster · 19-04-2001 2:07pm

Whoopee! Great! I love that virus.

Jademan · 19-04-2001 2:10pm

It such a simple virus really, but very potent!

Lord Khan · 19-04-2001 2:22pm

if you were in UL you'd know they virus never left stayed in the lovebug varient ... it is constantly been spread daily ... by stupid IDIOTS... and our sysadmins are not doing anything about it either ... not even bothering to email people informing them about it

I hate that "ILOVEYOU" why do people open it?

guess idiots get everywhere ... should be a test to get in to ul /.... would you open this attachment.

smoke.me.a.kipper · 19-04-2001 2:26pm

.

did thay catch the person who wrote that virus?

- Ciaran
smoke-me-a-kipper
S-M-A-K bottom!!

Jademan · 19-04-2001 2:27pm

I know about the varient all right and it was due to this i believe that the copy i work for diabled certain file type with the Mail System to illiminate 95% of the probelm the other 5% being the "messers".

Kraken · 19-04-2001 2:44pm

Yeah it was some kid in america i think!

Lenny · 19-04-2001 3:50pm

dam q8 people up to their tricks again

Jademan · 19-04-2001 3:54pm

Dame messy virus, when you think about it!

Lord Khan · 20-04-2001 9:20am

freaking annoying
the big problem here in UL is that in the labs we move around computers the whole time ... and I have 5 mapped network drives from private accounts on different servers ... so when I log in to an infected machine ... I get the warning about 15 seconds afterward when it tries to login to my mail account, then suddenly I find my Jpegs javascripts from website turned to friggin vbs which is really annoying cause means I have to get the backups from my zip disks ... If I have them.

Lord Khan · 20-04-2001 9:21am

on the subject of modifing ... hell just open it in a text editor and if you know some vb you can modified it for what ever you want

Lord Khan · 20-04-2001 12:07pm

pretty nice ... but we often send around vbs script projects or such since we're doing computer system ... but we can just zip them

Jademan · 20-04-2001 11:00pm

In the original outbreak i had to cope with it unofficially for 6-8 week to clear all our systems.

Just out of interest what e-mail program do you use?

Lord Khan · 20-04-2001 11:20pm

outlook :-(

tis UL so don't really have a choice here :-)

I've rules set to delete anything with ILOVEYOU in the subject and reply with the alovebug fixer program too :-)

I've been coping since start of 1st semester last sept and they are still coming in

smoke.me.a.kipper · 20-04-2001 11:25pm

you'd think with all the publicity that people would have learned by now

- Ciaran
smoke-me-a-kipper
S-M-A-K bottom!!™

Jademan · 20-04-2001 11:59pm

The way we got around all those type of viri was to diable certain files type coming into the mail system i.e. vbs & exe.

Plus the below script in the netlogon dir
along with the usually av software.

REGEDIT4
[HKEY_CLASSES_ROOT\.VBS]
@="PossibleVirus"
[HKEY_CLASSES_ROOT\.VBS!]
@="VBSFile"
[HKEY_CLASSES_ROOT\.VBE]
@="PossibleVirus"
[HKEY_CLASSES_ROOT\.VBE!]
@="VBEFile"
[HKEY_CLASSES_ROOT\.JS]
@="PossibleVirus"
[HKEY_CLASSES_ROOT\.JS!]
@="JSFile"
[HKEY_CLASSES_ROOT\.JSE]
@="PossibleVirus"
[HKEY_CLASSES_ROOT\.JSE!]
@="JSEFile"
[HKEY_CLASSES_ROOT\.SHS]
@="PossibleVirus"
[HKEY_CLASSES_ROOT\.SHS!]
@="ShellScrap"
[HKEY_CLASSES_ROOT\PossibleVirus]
@="PossibleVirus"
[HKEY_CLASSES_ROOT\PossibleVirus\Shell]
@="Open"
[HKEY_CLASSES_ROOT\PossibleVirus\Shell\Open]
@="&Open"
[HKEY_CLASSES_ROOT\PossibleVirus\Shell\Open\Command]
@="Notepad.exe \\\\pdc\\Netlogon\\VirusWarning.txt"
[HKEY_CLASSES_ROOT\PossibleVirus\Shell\Edit]
@="&Edit in Notepad"
[HKEY_CLASSES_ROOT\PossibleVirus\Shell\Edit\Command]
@="Notepad.exe %1"
[HKEY_CLASSES_ROOT\PossibleVirus\Shell\Print]
@="&Print"
[HKEY_CLASSES_ROOT\PossibleVirus\Shell\Print\Command]
@="Notepad.exe /p %1"

fisty · 26-04-2001 4:55pm

to be honest with you jademan - i work in your building, and we just zip the exe's and vbs files :P
everyone copped it fairly quick - im sure your logs tell you the number of executables in e-mail has dropped drastically and the number of .zip files has probably skyrocketed

Jademan · 26-04-2001 5:37pm

Point taken, but you still cannot run vbs files on your system, save or edit then. So as far as vbs file are concerned we have won the battle. Exe files are a different and in progress!

LegacyUser · 26-04-2001 7:27pm

<font face="Verdana, Arial" size="2">Originally posted by Jademan:
Point taken, but you still cannot run vbs files on your system, save or edit then. So as far as vbs file are concerned we have won the battle. Exe files are a different and in progress!</font>

Quite true but the smart guy who set-up the anti virus software did not set it up for Nt admin rights there fore any one can right click on it and close the program with out admin rights, That would be one way to install it. Also it would be a very good idea to get better Anti Virus than what you are using at the moment as there is a number of pipe lines in that software, now this is not a bad thing in some cases but when a big network ghosts a group of machines 88% of ghosting software requires the admin password to be the same on all the machines, we all know that with Unicode pipelines users can get access to a large number of things any good admin would know that passwords in Nt are in some cases stored in BATCH folders " that means this should be passwords protected ". That is a big security hole. Solution 1. get a big book to carry all your passwords around with you and buy lots of ghost software keys . But then again as you said I only answer the phones !

Regards

Tom.

[ By the way that was a remote hole ! ]

Jademan · 27-04-2001 9:07am

So what are you saying, you disabled the anti-virus on your system, installed third party software to probe the network, tried to remotely hack our network.... me thinks it time i had a word with HR!

Jademan · 27-04-2001 9:28am

Why do i not believe you!, let see posting exploits and telling people how to do it! Making use of co. resources to run a co. along with your groupies , access to shell a/c, do i need to go on????

fisty · 27-04-2001 9:34am

Lads can we please give this pillow talk a rest on the public boards?
I grow weary of this bickering....

Jademan · 27-04-2001 9:38am

neither did it say what co. i was talking about, but it has been listed in other threads, what sort of an ejit do you take me for and do you think other users are so stupid that they cannot/willnot look up previous posts!

Jademan · 27-04-2001 9:53am

Well i see you are even more of an idiot than i thook you for!, you should check before opeoning you mouth! do a search on the secuity board and you will see what i mean!

Call yourself a security guru, if you cannot cover the basics then well god help use all!

Jademan · 27-04-2001 10:10am

Goodbye idiot
http://www.boards.ie/bulletin/Forum18/HTML/000186.html

fisty · 27-04-2001 10:53am

can someone just lock all this pittiful thread - if you wanna abuse eachother kids go to the trolls boards. Some people are trying to sleep.

yossarin · 27-04-2001 12:46pm

Jademan, just go downstairs and smack him around a bit.

LegacyUser · 28-04-2001 7:14pm

Well if you really do you think you should leave jademan .

Good bye

Regards

Tom

Jademan · 28-04-2001 10:57pm

[EVIL WARNING]I did better than that i removed his internet access!

LegacyUser · 29-04-2001 1:35am

yes. he did it is all quite funny.

Regards

Tom.

LegacyUser · 29-04-2001 1:37am

after making a show of your self with all that " security advice " you had to do somthing, removing some ones internet access is out smarting them is it. I belive you will be working where you are at the moment for a very long time.

Regards

Tom.

ecksor · 29-04-2001 1:39am

No one cares.

*lock*

Melissa virus is back

Comments