New - AVG Free
Edition is now available for all single home users worldwide!
Get Your AVG
for free! Click
here
AVG Issues with Build #196
1. ISSUE: Inactive components and/or blocked Internet connection after update to AVG 8.0.196
RESOLUTION: Download Build #199 or higher. To do this, launch AVG Update from the AVG program and select "program update" from the list of updates available. This will initiate an update to the latest build, which fixes both the inactive components and blocked internet connection issues. If there is a problem with updating from within the AVG program, the update can also be downloaded directly from http://www.avg.com/download-update; if this route is taken, a repair installation should be performed. If your customer is experiencing a blocked Internet connection, they may also need to follow the steps outlined in FAQ #1561, http://www.avg.com/faq.num-1561#faq_1561, to access the download URL.
2. ISSUE: BSOD under Windows Vista after update to AVG 8.0.196 or crash and subsequent inactivation of AVG Firewall
RESOLUTION: Updating to Build #199 or higher resolves these issues. Launch AVG Update from the AVG program and select "program update" from the list of updates available. If there is a problem with updating from within the AVG program, the update can also be downloaded directly from http://www.avg.com/download-update; if this route is taken, a repair installation should be performed. You can find additional information about this issue in FAQ #1564, http://www.avg.com/faq.num-1564#faq_1564.
3. ISSUE: Error message - Invalid update control CTF file when trying to update AVG
RESOLUTION: Download Build #199 or higher from http://www.avg.com/download-update and perform a repair installation. You can find additional information about this issue in FAQ #1565, http://www.avg.com/faq.num-1565#faq_1565.
VIRUS ALERT!
Update 7/27/04
W32/Mydoom.o@MM What
is it?
W32/Mydoom.o@MM is a Medium-On-Watch risk
mass-mailing worm that tries to open
a hacker backdoor on your PC. Often pretending
to be a bounced email alert, the worm arrives inside
an attachment then spreads by sending itself to stolen contacts
and via peer-to-peer programs.
--> What should I look for?
FROM: Varies. Examples: "Bounced mail," "MAILER-DAEMON,"
"Mail Administrator". Often spoofed.
SUBJECT: Varies. Examples: delivery failed,
Message could not be delivered, Mail
System Error - Returned Mail
BODY: Example: We have received reports
that your account was used to send
a large amount of junk email messages during the last week.
ATTACHMENT: Examples: README, INSTRUCTION, TRANSCRIPT
--> How do I know if I've been infected? The
worm installs itself as JAVA.EXE in an infected computer's
Windows directory. TCP Port 1034 open. --> Why
am I receiving so many alerts? It's
our policy to notify McAfee customers or those who have opted-in
to receive alerts of new viruses or serious variants(e.g.,
W32/Mydoom.o@MM), which often come in waves.
Get Your AVG
for free! Click
here
New - AVG Free
Edition is now available for all single home users worldwide!
Get your free copy of the AVG Anti-Virus
- AVG Free Edition - and
you will be able to use it without any limitations for the life
of the product.
Download, install and use AVG Free Edition and
get:
- AVG Resident Protection
- AVG e-mail Scanner
- AVG On-Demand Scanner
- Basic Scheduled Tests
- Free Virus Database Updates
- Automatic Update feature
- Easy-To-Use Interface
- Automatic Healing of infected files
- AVG Virus Vault for safe handling of infected files
The AVG Free Edition is
fully featured anti-virus software with the following restrictions:
- Basic user Interface only
- Disabled Advanced Scheduling of
Tests
- Disabled Creating of Your Own Tests
- NO TECHNICAL SUPPORT
Are you interested ?
Click here to --->Scan
your computer for viruses
W32/Bagle.ad@MM is
a Medium Risk mass-mailing worm that, like
its predecessor, tries to open a backdoor on an infected PC,
giving a hacker remote access to the computer. The worm
spreads by emailing itself to contacts it steals and by using
popular file-sharing applications such as KaZaa, Bearshare
and Limewire. W32/Bagle.ad@MM also attempts
to shut down
anti-virus and firewall software running on infected
machines.
Note: Receiving an email alert stating that the virus came
from your email address is not an indication that you are
infected -- the virus often spoofs the "from" address.
TROJAN - TROJ_IEFEATS.A
Question: How
did my homepage get set to res://mshp.dll/index.html#10213 or
something similar?
Answer: TROJ_IEFEATS.A, Click
here for more information about this Trojan
June 14, 2004
W32/Zafi.b@MM is
a Medium Risk mass-mailing worm that
spreads via email and peer-to-peer applications.
When spreading via email, the worm will both spoof the
sender's From address and send itself out in different
languages depending on the top level domain of the
recipient's email address. For example, if the address ends
in .COM, the virus's email body will appear in English.
If
the address ends in .DE, the email will appear in German.
The worm also attempts to cripple anti-virus and firewall
software installed on a user's system by locating and
overwriting a user's security software with copies of itself.
Furthermore, the worm will attempt to thwart manual detection
by terminating key Windows processes.
------------------------------------------------------------
WHAT TO LOOK FOR:
FROM: Varies (forged addresses taken from infected system).
SUBJECT: Varies. Examples:
- You've got 1 VoiceMessage!
- Don't worry, be happy!
- Check this out kid!!!
BODY: Varies.
- Hi Honey! I'm in hurry, but i still love ya... (as you
can
see on the picture) Bye - Bye:
- Send me back bro, when you'll be done...(if you know what
i mean...) See ya,
ATTACHMENT: Varies. The worm will be attached with a .pif
file extension.
** VIRUS ADVISORY - W32/Lovgate.ab@MM
**
------------------------------------------------------------
Like its predecessors, W32/Lovgate.ab@MM
is a Medium Risk mass-mailing worm
inside an email attachment that when run:
1. Drops a dangerous backdoor on an infected
machine that can allow a remote
hacker to steal information.
2. Infects executable programs.
3. Tries to disable anti-virus and security software.
4. Emails itself to a) stolen contacts or b) as replies
to unread MS Outlook or Outlook Express messages on the
infected machine, spoofing the "from: field".
Note: McAfee VirusScan proactively detects and blocks
W32/Lovgate.ab@MM's backdoor component (BackDoor-AQJ).
------------------------------------------------------------
WHAT TO LOOK FOR:
FROM: Varies (forged addresses taken from infected system).
SUBJECT: Re: (original subject)
BODY: Varies.
ATTACHMENT: The worm may be attached with one of the
following file extensions:
EXE, SCR, PIF, CMD, BAT
When replying to unread Outlook or Outlook
Express messages, the worm may be
attached with a variety of filenames.
Examples:
-the hardcore game-.pif
-Sex in Office.rm.scr
-Deutsch BloodPatch!.exe
** VIRUS ADVISORY - W32/Bagle.z@MM
**
------------------------------------------------------------
The latest variant of W32/Bagle@MM, W32/Bagle.z@MM
is a Medium Risk mass-mailing worm
that:
Attempts to open a backdoor on an infected
user's PC Spreads by sending itself
to email addresses collected from
an infected machine
Attempts to spread using popular file-sharing
applications such as KaZaa, Bearshare
and Limewire
Attempts to terminate processes belonging
to several anti-virus and firewall
applications
Note: Receiving an email alert stating that
the virus came from your email address
is not an indication that you are infected
-- the virus often spoofs the "from" address.
------------------------------------------------------------
WHAT TO LOOK FOR:
FROM: Varies (spoofed). Go to http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=122415&cid=10110
SUBJECT: Varies. Examples:
- Hello!
- Hey!
- Let's socialize, my friend!
BODY: Uses various constructed strings.
ATTACHMENT: Varies. Can be a password-protected zip file,
with the password included in the message body.
Virus Alert: The
following email is not from InterStar! Do not open the
attachment
From Systems Administrator
Hello,
Please read attachment for details.
With best regards, System Administrator.
Another variant of the W32/Netsky.MM
virus, W32/Netsky.q@MM
is a Medium Risk mass-mailing worm that arrives
inside a
.ZIP, .PIF, .SCR or .EML attachment and spreads
itself
by stealing email addresses from the infected
computer,
spoofing or forging the "from: field." The
worm includes
the recipient's name, surrounded by percentage
symbols, in
the message subject line.
Note: Like W32/Netsky.p@MM, W32/Netsky.q@MM
takes advantage
of vulnerable versions of Internet Explorer
5.01 and 5.5 to
automatically execute the virus on a user'system.
------------------------------------------------------------
WHAT TO LOOK FOR:
FROM: Varies (forged addresses taken from
infected system).
SUBJECT: Varies. Examples --
- Delivery Bot (%recipient email address%)
- Server Error (%recipient email address%)
- Deliver Mail (%recipient email address%)
BODY: Varies. Examples --
- Received message has been sent as a binary
file.
- Translated message has been attached.
- Mail Delivery Failure - This mail couldn't
be shown
ATTACHMENT: Varies. Example filename components
(Part1Part2.Part3) --
The latest variant of W32/Bagle@MM, W32/Bagle.u@MM is
a
Medium Risk mass-mailing worm that 1) installs a dangerous
backdoor Trojan-horse program that opens TCP port 4751,
2) opens the Windows game Hearts (if present on the system),
and 3) sends itself to email addresses stolen from
an infected machine. It arrives as an attachment in an email
with a blank subject line and blank body text.
Note: Receiving an email alert stating that the virus came
from your email address is not an indication that you are
infected -- the virus often spoofs the "from" address.
------------------------------------------------------------
WHAT TO LOOK FOR:
FROM: Varies (spoofed - using one of the harvested email
addresses). Go to our site to see a list of files this worm
uses to harvest email addresses.
SUBJECT: Blank.
BODY: Blank.
ATTACHMENT: Varies. Randomly named executable, with an .EXE
extension.
The following emails containing a virus were Not sent
to you by InterStar
If you get one of these emails Do
not open the attachment. Delete this mail it does
contain a virus.
If you have Mail Guard you
will notice that the attachments/virus has already been removed..
Some of the emails you might receive will look like or similar to the following
emails.
These emails may even look like they are coming from InterStar customers. As
always, be save don't open attachments unless you have saved them and then
scanned them for viruses.
Dear user of Intrstar.net e-mail server gateway,
Our main mailing server will be temporary unavaible for next two days,
to continue receiving mail in these days you have to configure our free
auto-forwarding service.
Pay attention on attached file.
Kind regards,
The Intrstar.net team http://www.intrstar.net
NOTE: If you have Mail Guard and get
the email, there should be no virus attached.
At the bottom you will see where Mail Guard removed the virus.
Dear user of Intrstar.net e-mail server gateway,
Your e-mail account has been temporary disabled because of unauthorized access.
For further details see the attach.
Sincerely,
The Intrstar.net team http://www.intrstar.net
Sent: Monday, March 22, 2004 8:35 PM
To: sales@intrstar.net
Subject: Email account utilization warning.
Dear user of Intrstar.net,
Some of our clients complained about the spam (negative e-mail content) outgoing
from your e-mail account. Probably, you have been infected by a proxy-relay
trojan server. In order to keep your computer safe, follow the instructions.
For details see the attached file.
Kind regards,
The Intrstar.net team
Another variant of the W32/Netsky.MM virus, W32/Netsky.p@MM is
a Medium Risk mass-mailing worm that arrives inside a ZIP
attachment (e.g., your_document.zip) and spreads itself by
stealing email addresses from the infected computer, spoofing
or forging the "from: field." Besides using its own SMTP
engine, W32/Netsky.p@MM also propagates via peer-to-peer networks
(e.g., Morpheus, Kazaa) by copying itself to shared file
directories -- often with a celebrity (e.g., Britney Spears,
Eminem) as part of the filename.
WHAT TO LOOK FOR:
FROM: Varies (forged addresses taken from infected system).
SUBJECT: Varies. Examples --
- Stolen document
- Re:Hello
- Mail Delivery (failure sender address)
BODY: Varies. Examples --
- I found this document about you.
- I have attached it to this mail.
- Waiting for authentification.
ATTACHMENT: Varies. Example filenames --
- websites(random number).zip
- document(random number).zip
- your_document.zip
Symantec offers you a way to check your PC for Security Risks http://securityresponse.symantec.com/ Scroll
down the page until you see an icon that reads Check for Security Risks. Click
on that Icon to Check your PC.
In an effort to keep you, our customer better informed of the latest
virus threats we are providing the following updated information from Norton/Symantec.
Top Virus Threats
W32.Novarg.A@mm,
W32.Bugbear.B@mm W32.Beagle.A@mm, W32.Swen.A@mm,
W32.Welchia.Worm, W32.Blaster.Worm,
These viruses are mass-mailing worms that arrive as attachments
with the file
extensions .bat, .cmd, .exe, .pif, .scr, or .zip.
Although Mail Guard definitions are updated daily, you should
continue to be
suspicious of any attachments including zip attachments. Unlike other files
.zip files must be unzipped in order to attack.
Always be sure the attachments are from reliable sources.
Contact the sender to
verify authenticity of the mail and it's attachment.
Also, do not execute software that is downloaded from the
Internet unless it has
been scanned for viruses. Simply visiting a compromised Web Site can cause
infection if certain browser vulnerabilities are not patched.
For more information on these and other virus threats visit
the following addresses.
Scan your pc for viruses FREE @ http://housecall.trendmicro.com/
http://securityresponse.symantec.com (click
on security)
Email - Virus Alert!
If you receive an email addressed From: InterStar's Accounting Department
Subject Line: Billing Notice From intrstar.net's Accounting Dpt
DO NOT OPEN THE ATTACHMENT!!!
This attachment is infected with the VBS/Inor Trojan(s)
The body of this email reads:
Internet Billing Notice
Please press "open" and read the attached Billing Notice.
Note if you do not read this withing 24 hours we at intrstar.net regret
we will have to terminate internet service.
This email is a hoax and is not from InterStar.
If you have already opened the attachment, you may be infected with the
virus. You will need to run an updated virus scan to remove the virus.
The two most popular virus detection programs are Norton's AntiVirus and
McAfee's VirusScan, but there are many others available. These are
available online or at most stores that carry software. After installing
these programs, you will need to update your virus definition files. You
should then run a scan. A free, online scan is available at:
http://housecall.trendmicro.com,
but this may take awhile on a dial-up
connection.
InterStar's accounting department does not send out attachments.
If you have a question about your account please call our office at
910-564-4638 or 800-840-1113.
InterStar Support |
