Over the years I've been subjected to lots of problems from viruses. In the early days it was mainly problems with old computers that people brought me to get going. These were usually plagued by simple boot sector types that caused the computer to fail completely such as by refusing to boot up. I say simple because nearly all the virus detectors around in those days could find the problem and sort it out. No so today though because the newer breed of virus is recognisable only by its specific signature. Even the most powerful tools must be totally up-to-date before these things can be picked up and dealt with. Windows doesn't make things easy for the user in this respect because the Registry is so large and mystifying to most of us and the newest viruses can merely use the Registry to trigger their dastardly deeds.
Before I get under way. I received an E-Mail the other day. It came from "Hahaha" and was written in perfect French. A paper clip held "blancheneige.exe" , presumably Snow White. The content suggested something of interest. If this isn't a virus I'll eat my hat!
I put the thing on a floppy disk to look at later. The next day my son comes in and says "Do you want the stuff on that floppy disk?". "Which disk is that", I said. "The one with the French writing on", he said. "Don't open it", I remarked. "I already have", was the response "but I couldn't understand it because it was in French". "Groan".
I've had trouble updating my Norton Anti-Virus of late. For some reason it would go away and call down the "latest" pattern which I noted always had a (1) after it (as if there was a (2) also around). The other day I tried a different method of updating that was to go to Symantec's site and collect the latest executable update file which I then ran. It worked, and now my version is up-to-date with the proper sort of date and quantity of definitions attached, I decided to give it a try. I'd taken extra care because when I recently got back from holiday I'd found some strange E-Mails waiting for me.
Below, if you're interested, is what I discovered...
There were two messages from people I didn't know and both were the same..
"Hi! How are you? I send you this file in order to have your advice See you later. Thanks"
Both had attachments, the first a DOC file with a ".COM" appended and the second a DOC file with a ".PIF" appended.
I've heard about this type. It rummages around and finds a private document which it converts into an executable and sends to someone in your address book.
Norton said it was "W32.Sircam.Worm@mm" and deleted two files together with three Registry entries.
It also picked up "W95.Hybris.Worm" attached to "blancneige".. (see above) which has been hanging around for some time unidentified.
I also checked out my other computer which is hooked into my ethernet and it discovered, much to my surprise, "Trojan.Bat.QuickFormat", which sounds dreadful. I've only an inkling of where that came from and it's name sounded rather ominous. Strangely it was attached to an early anti-virus file.. no doubt picked up when I'd unsuccessfully attempted to sort out an old problem.
Anyway it wasn't just the receipt of those two odd documents that got me to update the virus definitions properly but also the fact that I received no less than eleven E-Mails from Freeserve. These had surreptitiously been sent by my computer and had bounced because Freeserve had trappped out any mail with executable attachments. There were copies of a couple of customer invoices and a copy of an advertising flyer all with a ".COM" added to the end. They had all been originally sent to my young nephew up North and had, thankfully, been intercepted. Nice of Freeserve to provide this service... pity other ISPs haven't yet done something similar! In future I understand that executables will have to be "Zipped" so no doubt the virus writers will latch on and we shall have to take care when receiving such an attachment.