Plz read - Security problem

Thread: Plz read - Security problem

  1. gorgan's Avatar

    gorgan said:

    Default Plz read - Security problem

    HI All

    Today as I checked my emails I had 4 message delivery failures. These message were never originated by me in the first place. The messages have more or less this format:

    This message was created automatically by mail delivery software (Exim).

    A message that you sent could not be delivered to one or more of its
    recipients. This is a permanent error. The following address(es) failed:

    [Only registered and activated users can see links. ]
    This message has been rejected because it has
    an apparently executable attachment "ZEEBRA02 - VIACCESS.EXE"
    This is a virus prevention measure.
    If you meant to send this file then please
    package it up as a zip file and resend it.
    [Only registered and activated users can see links. ]
    This message has been rejected because it has
    an apparently executable attachment "ZEEBRA02 - VIACCESS.EXE"
    This is a virus prevention measure.
    If you meant to send this file then please
    package it up as a zip file and resend it.
    [Only registered and activated users can see links. ]
    This message has been rejected because it has
    an apparently executable attachment "ZEEBRA02 - VIACCESS.EXE"
    This is a virus prevention measure.
    If you meant to send this file then please
    package it up as a zip file and resend it.
    [Only registered and activated users can see links. ]
    This message has been rejected because it has
    an apparently executable attachment "ZEEBRA02 - VIACCESS.EXE"
    This is a virus prevention measure.
    If you meant to send this file then please
    package it up as a zip file and resend it.

    ------ This is a copy of the message, including all the headers. ------

    Return-path: <myname1 (which was mis-spelled)@myname2.freeserve.co.uk>
    Received: from modem-2311.monkey.dialup.pol.co.uk ([217.135.217.7] helo=smtp.freeserve.net)
    by cmailg2.svr.pol.co.uk with smtp (Exim 3.35 #1)
    id 17qvgc-00088R-00; Mon, 16 Sep 2002 14:13:11 +0100
    FROM: Me<myname1@myname2.freeserve.co.uk>
    SUBJECT: !"#$
    X-MSMail-Priority: Normal
    X-Priority: 3
    X-Mailer: Microsoft Outlook Express 5.00.2919.6600
    MIME-Version: 1.0
    Content-Type: multipart/mixed;
    boundary="----=_NextPart_000_0087_0152D470.2BD47070"
    Content-Transfer-Encoding: 7bit
    Message-Id: <E17qvgc-00088R-00.2002-09-16-14-13-11@cmailg2.svr.pol.co.uk>
    Bcc:
    Date: Mon, 16 Sep 2002 14:13:11 +0100

    This is a multi-part message in MIME format.

    ------=_NextPart_000_0087_0152D470.2BD47070
    Content-Type: text/plain; charset=ISO-8859-1
    Content-Transfer-Encoding: 7bit


    ------=_NextPart_000_0087_0152D470.2BD47070
    Content-Type: application/octet-stream; name="ZEEBRA02 - VIACCESS.EXE"
    Content-Transfer-Encoding: base64
    Content-Disposition: attachment; filename="ZEEBRA02 - VIACCESS.EXE"



    Now I think someone is using my address to email people who are contacts and actually exist in my outlook express. I have been using standard zone alarm and nothing was ever flagged to me and therefore never noticed anything.
    Funny enough when I went on asite which sell firewall a popup window came up giving my address saying that my computer isnot protected.
    Can someone please help on how to resolve this problem.
    ((Pls note that the address above have been changed by myself for obvious reason and therefore AD1, AD2, etc are substitute for names which are valid))

    Many Thanks
    gorgan
     
  2. tef89's Avatar

    tef89 said:

    Default

    If you have a trojan or a virus that is sending itself out via you email client your firewall wouldn't usually be any help - it just thinks you're sending an email - What Anti virus & Anti Trojan are you runing gorgan ?
     
  3. gorgan's Avatar

    gorgan said:

    Default

    tef89

    Thanks for your quick reply m8. I have none at the moment. If you know somewhere that I can d/l and install it plz let me know.

    gorgan
     
  4. tef89's Avatar

    tef89 said:

    Default

    Sure no problem gorgan. F-secure AVP is about the best I've used:-

    download [Only registered and activated users can see links. ]

    and I've hoseted the serial [Only registered and activated users can see links. ]

    Once installed make sure you update the virus definitions and in the meantime stop your email client getting access thru the firewall.

    Hope this helps

    tef
     
  5. gorgan's Avatar

    gorgan said:

    Default

    tef89

    Again thank you for your kind reply. very much appreciated. Looking through other threads came across one for trojan remover and then d/l Anti Trojan 5.5. I ran the program and it found a trojan horse and removed it (thanks to you).
    I will be installing F-Secure AVP later on. Once that it is installed will it be running in the background and therefore stop something like that happening again?

    regards
    gorgan
     
  6. tef89's Avatar

    tef89 said:

    Default

    Glad to help gorgan - F-Secure runs in the background to give real-time protection - yes. Most good anti-viral products will guard against some trojans but it's advisable to run an anti-trojan piece of software aswell.

    Anti Trojan 5.5 can be set to monitor the system at all times so it's a good idea that you have both monitoring system activity - there shouldn't be any noticeable slow-down and these two together with your firewall should be sufficient to stop most problems but perform a full manual sweep every week or so just to be certain

    tef
    Last edited by tef89; 17th September 2002 at 09:39 AM.
     
  7. gorgan's Avatar

    gorgan said:

    Default

    Just one more thing.....I have d/l anti trojan 5.5 and the crack for it, however the crack contains many files and I can't see any serial number. Should I just extract those files? and what implications they have on the actual application?

    regards
    gorgan
     
  8. tef89's Avatar

    tef89 said:

    Default

    Inside the first zip folder there is another zipped folder called o-atn380 - unzip that and there is a rar file called Orion - inside that is the keygen

    Or to save some bother gorgan use this one I just generated:-

    Name: Ooops I forgot to Pay

    Code: 5A89ACF5C5746AD

    The only implication for the program is that it becomes free (for educational purposes only of course)

    If you get stuck just shout

    tef
    Last edited by tef89; 17th September 2002 at 07:08 PM.
     
  9. gorgan's Avatar

    gorgan said:

    Default

    tef89

    Having the name and the code after filling in the form for the Anti Trojan 5.5 do I just register it??.....Furthermore how can I make this software to run in the background all the time. If I move the icon to the taskline will it do the job? or there is someting else that I should do?
    I am also thinking of having F-Secure AVP as well but want to run that say once a week. To have that up and running do I have to go through same sort of procedure so far as registering it concerned?


    Just installed F-Secure AVP and I am very impressed by it as it found two files which were infected. Now on the task line I have 3 more icons and if I am not mistaken this software in running in the background........Plz correct me if I am wrong.


    Back again.............Just ran the program manually and to my amazement it found 46 files infected. 44 were then disinfected and 2 renamed which I assume were made safe also...........A big thank you again

    Many Thanks
    gorgan
    Last edited by gorgan; 19th September 2002 at 09:16 AM.
     
  10. tef89's Avatar

    tef89 said:

    Default

    Yes , just click register for Anti Trojan. To make it run in the background you must select AT Watch from the Start Menu options for the program.

    After you've entered the code F-secure doesn't need registering and can either have realtime (always) protection enabled or you can take the tick out of the box and just run it once a week. F-secure has two icons in the task bar.

    Sorry for the delay in answering this time but I'm not at home at present - glad you got sorted gorgan

    tef
     
  11. gorgan's Avatar

    gorgan said:

    Default

    I have tried the code for Anti Trojan (5A89ACF5C5746AD), but it comes up with invalid code. Should there be space between characters or something like that?

    regards
    gorgan
     
  12. tef89's Avatar

    tef89 said:

    Default

    If it rejects that one gorgan then just try generating one from the keygen in the crack It should work.

    tef
     
  13. gorgan's Avatar

    gorgan said:

    Default

    tef me again!

    Where is keygen in the crack? Just don't seem to be able to find.

    regards
    gorgan
     
  14. tef89's Avatar

    tef89 said:

    Default

    Inside the first zip folder there is another zipped folder called o-atn380 - unzip that and there is a rar file called Orion - inside that is the keygen

    If you get stuck I've uploaded a simpler one to the site gorgan (just has the keygen inside the zip folder)

    [Only registered and activated users can see links. ]
    Last edited by tef89; 22nd September 2002 at 04:59 PM.
     
  15. gorgan's Avatar

    gorgan said:

    Default

    tef89 thanks to you I now have both of them up and running.

    Thank you again for giving me your time.

    regards
    gorgan
     
  16. tef89's Avatar

    tef89 said:

    Default

    No worries at all gorgan - glad to help

    I knew we could do it

    tef