Login
or
Register
Subscriber & Member Login
Login, or register today to interact in our online community, comment on articles, receive our newsletter, manage your account online and more!
Login
Register
Home
»
Model Railroader
»
Forums
»
General Discussion (Model Railroader)
»
Virus Season - computer kind
Edit post
Edit your reply below.
Post Body
Enter your post below.
Ok, settle down folks. <br /> <br />Dougal, search for and download a very small program called 'Shoot the Messenger" this will eliminate that popup. There is a manual way to do this and too complicated for this. <br /> <br />I delete on sight any mail with a attachment. Especially those I do not know. Where your mailbox is 'Home address" or Public etc does NOT matter. When you open to read or d/l the attachment it goes to YOUR computer. hopefully you have a fully updated antivirus software up and running. <br /> <br />Symantec has information pertaining the the Novarg Virus and how to fight it. Basically you will need to disable system restore, shut down and reboot into "Safe Mode" fully SCAN your system (ALL FIles) and get lunch. Delete any files detected as W32.Novarg.A@mm delete them do not try to "Fix" <br /> <br />Those of you who understand firewalls will need to close ports TCP (And UDP too) 3127 thru 3198. This is the back door channel created in secret for future use by the virus. <br /> <br />When executed it creates %system%\shimgapi.dll (Acts as a proxy and opens the aforementioned ports <br />-%temp%\message This file containes random letters and is displayed using notepad <br />-%system%\Taskmon.exe: *Notes.... <br /> <br />Taskmon.exe is a legitimate file used by 95,98, ME and is found in the %Windir% folder. NOT the %system% folder Do not delete this file under %windir% folder. <br /> <br />%System% is a variable, it locates the sytem folder and copies itself. Default is C:\Windows\system (98,95,Me) and C:\Winnt\System32 (Windows NT,2000) or C:\windows\system32 (Windows XP <br /> <br />%Temp% is also a variable. <br /> <br />Registry keys are created by this virus, symantec offers a removal tool to be downloaded and used. This is the simplest way to use. More advance users may want to print off and carefully follow the manual removal instructions. <br /> <br />Beginning feburary 1'st and thry end of the 12th any infected machines will launch a DoS attack against www.sco.com there are now other viruses beginning to come out as of several hours ago that targets Microsoft in a similar manner. <br /> <br />Take advantage of your browsers such as MSN.com, Yahoo news tech news etc and learn more as these attacks happen. Update everyday and scan everyday. <br /> <br />Use common sense, do not give out information to microsoft to keep your winows, ebay bank account etc whater activated. These are scams that rely on our trusting human nature and tries to "Scare" you with official looking and menacing messages. Keep watch and be very careful these days. <br /> <br />If your machine is infected, disconnect from the internet completely and do not reconnect until you have cleaned it completely free of viruses. <br /> <br />Good Luck everyone and may you continue to stay watchful and strong in face of these maligiant and sneaky attacks. <br /> <br />Lee
Tags (Optional)
Tags are keywords that get attached to your post. They are used to categorize your submission and make it easier to search for. To add tags to your post type a tag into the box below and click the "Add Tag" button.
Add Tag
Update Reply
Subscriber & Member Login
Login, or register today to interact in our online community, comment on articles, receive our newsletter, manage your account online and more!
Login
Register
Users Online
There are no community member online
Search the Community
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT
Model Railroader Newsletter
See all
Sign up for our FREE e-newsletter
and get model railroad news in your inbox!
Sign up