Not sure this is the right forum, but here goes: I have just received an email with an attachment with extension
doc.doc.scr. Realized too late it was a virus - all I saw was the tempting subject line "Piano Recital". Mercifully AVG managed to save the day. Hence: Do Not Open doc.doc.scr extensions!



[This message has been edited by Pianorak (edited 11-26-2001).]

Thanks for the tip Pianorak.
Odd subject line for a virus. Sounds like it was someone you know, or someone that was tracking your web browsing. Hmmmmmm

------------------
Please go HERE (http://www.pcguide.com/ubb/Forum10/HTML/000225.html)

Could you please give me a brief description of what happens when AVG picks up a virus? Did you "open" the email, and then alarms went off and screens flashed up..or what? Or did something happen before you opened?
My uncle said he received four viri last week...Norton took care of two, and has two in quarantine that my uncle doesn't know what to do with (so is waiting for my cousin to come over and call someone for help)..whereas I have never gotten even one virus. Not complaining by any means, but unsure about procedure if and when.

Kay if ya got a name on those in quarintine you can usually go to Symantec site and look them up and get directions on what to do with them. "Usually" you can just delete the one in quarinteen.Notice I did specify Usually not all the time. http://www.PCGuide.com/ubb/wink.gif

------------------
Treading,Troden,Trails
HERE (http://www.davematthewsband.com)

How to avoid picking up a virus????

Stay off the internet and run a virus checker on any floppies or CD's that you get. Or, better yet, don't own a computer.

It's really sad, that people don't have anything better to do than cause mischief. These people should get a life.

BB 66




------------------
Life = Karma, or is it, Karma = Life?

only problem i se here is that .scr is a windows file extension for screen saver.

I doubt this was a virus-if it was it was poorly done; more than likely AVG stopped it because it looked suspicious-not because it detected a virus. Which is still a good thing. Probably what happend was someone double named a file by accident, You never did say if this came from someone you knew-if it did simply contact them and ask them about the file and it's purpose.



------------------
iisbob
""I was gratified to be able to answer promptly, and I did. I said I didn't know."
Mark Twain

Well, nix on my last post-after a little research it seems that there are virii using the .scr file ( except in this case it stands for scripting ).

Ah well, live and learn! http://www.PCGuide.com/ubb/smile.gif



------------------
iisbob
""I was gratified to be able to answer promptly, and I did. I said I didn't know."
Mark Twain

iisbob - Actually I think it was a typo on my part. Think it should have been src, our old friend Sir Cam? However, having deleted the email I can't be absolutely sure.
Kay - have sent you an email.
Everybody else: thanks for expressions of sympathy. All I can say: Fools rush in where angels (geeks ?) fear to tread.

Hey Pianorak,

I'm with Bassman. With a subject line like that, it sounds like someone who knows you. You might even know them. http://www.PCGuide.com/ubb/eek.gif

Last winter I got involved with a hacker in Germany on IRC. Stupid move on my part. This guy NEVER tires of messin' with my computer.

Be careful. They're out there.

------------------
Peace and Love, brothers and sisters. Peace and Love

iisbob Alas, it wasn't a typo, see below (excerpt from The Register)
<< . . . BadTrans.B uses MAPI to spread and gets target addresses from unread messages in a user's email client. The worm also drops a file named kdll.dll, which is the password stealing Trojan PWS-AV , on an infected user's PC.
Users should update their antivirus protection to guard against the virus. In addition, corporate users should consider blocking emails with .pif or .scr attachments at the email gateway, a step that would block BadTrans.B before it reaches user's desktops.. . >>

Steve Not someone who knows me. It was a music publisher on whose mailing list I am and who unwittingly sent the email having been themselves infected by the virus.

http://www.PCGuide.com/ubb/smile.gif It's good to hear it wasn't malicious on their part. Don't ya wish you could find the people who do this?

------------------
Peace and Love, brothers and sisters. Peace and Love

[This message has been edited by Steve (edited 11-26-2001).]

iisbob << . . . it seems that there are virii using the .scr file ( except in this case it stands for scripting ).>>

Interesting point this. It was only a few days ago that I downloaded the MS Security Updates Nov 13 and 20 (versions 6,4,9,1121 and 5,50,4911,800) which are supposed to overcome problems in connection with cookies and scripting work in IE. Until then I had disabled "Active scripting" and "Scripting of Java applets" in the Settings box of the Scripting section but having downloaded the patches are re-enabled them.

Is the implication that the MS Security patches don't work after all - or have I got the wrong end of the stick (again)?

if you are using Outlook Express or Outlook, open your address book and create a new entry there>> name it "000" (without the "quotes")>> do NOT give this entry an email address.

From now on, if you have a virus such as this that gets into your machine it will not be able to duplicate itself and send out to all your other email addy's in your address book because as "000" is your #1 entry and it has no email addy to go to, it will 'hang' and give you an error message before anything gets sent out!


(thus, not affecting all your friends and online acquaintences, nor coming back later to 'bite' you)

repeat from: http://www.pcguide.com/ubb/Forum7/HTML/000058.html


http://www.PCGuide.com/ubb/wink.gif


------------------
sea1_69@hotmail.com

homepage (http://www.seanweb1.homestead.com/3.html)

[This message has been edited by sea69 (edited 11-27-2001).]

sea: Usually PC World is where I post virus alerts, that seems to be the most appropriate place. I won't move this one, it's ok here too.

Check This Topic (http://www.pcguide.com/ubb/Forum1/HTML/000319.html) I posted earlier today. It is closely related to this topic.

The scr or src extension is not the main thing to look for, it's the DUAL extension. mine was info.DOC.src (or was it scr??? http://www.PCGuide.com/ubb/biggrin.gif )They also come with extensions pif, exe, dll, txt, and a few others. Come to think of it I got 3 this morning, and all may have had different extensions, as with the SirCam virus.

------------------
Support the right to keep and arm bears.
Note: Please post your questions on the forums, not in my email.

Computer Information Links (http://www.dreamwater.com/paleopete/computer.htm) has been moved, please update your bookmarks.

sea I am not using Outlook Express or Outlook. Am I right in thinking that my AOL address book is unaffected by this unspeakable worm?

Kay....

This trojan virus that the above posts are speaking of (W32/BadTrans@MM} came in my e-mail today also. Outlook Express.

Saw I had something with an attachment. I don't open it as I have the time factor set on 20 seconds before envelopes open. And have un-checked the box that says: download unread messages automatically. (all in OE Tools) Just highlite it so I can delete. Soon as I highlite this thing AVG takes over immediately. Tells me what the virus is and gives me the option to do away with this e-mail. Which I do quickly.

Fortunately I had just updated the AVG program two days ago to the update dated 11/24.

Gotta Luv AVG. It's a freebie.

Luck.

------------------
......Indecision may or may not be my problem......
...... Kickin' A Rock....

This is the whole point several topics ago i, and other guru's , tried to make about having a good ,quality anti-virus program,

Norton is well worth the money as it sets up a proxy e-mail client that scans your email before you can actually read/open them-many the time has it saved my butt! ( and our companies! )

I cannot stress enough ( as a system admin i see this all too often ) DO NOT open e-mail attachments from people you don't know or ( just as important ) DO know; without at least trying to scan them for virii first!! If you have to have that file, then save it then scan it with your anti-viral program!

Those IT commercials and ADs you see look cute with the little innocent smiling office worker that says " Sorry, but i opened that e-mail attachment like you told us not too. " are NOT all that funny when you have to spend 12+ hours repairing a server! http://www.PCGuide.com/ubb/mad.gif

So please-use a common sense and a good anti-virus program!


------------------
iisbob
""I was gratified to be able to answer promptly, and I did. I said I didn't know."
Mark Twain

[This message has been edited by iisbob (edited 11-27-2001).]

Here's how slick this BadTrans virus is... I get an e-mail (actually two) at the same time. With both from the same friend. But one of these carries an attachment.

We know which one carried the virus. This virus sent it's own e-mail using my addy and my friends name. My friend didn't even know it happened.
But the virus came from him and out of his address book.

As iisbob stressed... Don't even trust e-mail w/attachments when they are from someone you know. Leave the driving to to your A-V system.



------------------
......Indecision may or may not be my problem......
...... Kickin' A Rock....

Thanks, ranchdog, that's what I was wondering about. I will go update my AVG, and I understand "procedure" now. Think I have been lucky so far because I don't know very many people..hence only receive one or two emails a day in my "home" box. But, two of my uncle's viri came from friends who unwittingly passed them along..and I sent uncle the link to Grisoft so he can pass it along to them so they can get AVG. This is fussy of me, but I really think if we could get everyone to stop forwarding stuff (lazy!), we could stop a lot of the inadvertent passing of viri.

This thread is getting long, but is the 0000 in one's Address Book effective...or not? I put it in mine, and advised my uncle to do the same, but am confused by another thread I read through. So?

iisbob: I can imagine your aggravation. For my part, I will be "good" and careful. But, I remember when we first moved out here and heard on the news that a guy in our area had lit an open fire underneath his trailer to "thaw the pipes". Burned his home down..raised serious concerns with me about the quality of intelligence out here. Think you get my gist...and I assume you got paid for your trouble. http://www.PCGuide.com/ubb/biggrin.gif

Kay Personally I would not want to put it to a test just to see if it works. http://www.PCGuide.com/ubb/biggrin.gif I use the "0000" at the begining of address book and "zzzz" as the last address (kind of close the back door) Theory.It is definatly no substitute for anti virus program. Does it work (shrug shoulder)piece of mind yes nowing that it is possable that it does It sounds very logical to me and like some here have stated until someone comes up with an excellent and reasonable Theory on why it should not work it will stay on my puter.Not like it's taken up any space. But if you want to send me a low key Virus in an attatchment we'll put it to the test (JUST KIDDING) http://www.PCGuide.com/ubb/eek.gif

------------------
Treading,Troden,Trails
HERE (http://www.davematthewsband.com)

Truth is, Yoda , that I was sort of wishing for just that. That someone I know would send me a "known" virus so I could see what happens, and therefore feel more prepared. I was back here trying to edit my question, though, because I just saw the answer in another thread. Still, the 0000 in my Address Book isn't hurting anything..and my understanding is just that it is not all that effective and one definitely should not rely on that sort of gimmick. No problem, I won't.

But Kay, he did thaw his pipes out! A pragmatic approach, yes, but he did achieve his goal! http://www.PCGuide.com/ubb/biggrin.gif

Well, do you think that a hacker could write code to circumvent the first address and then proceed from there....they can't be that smart?! http://www.PCGuide.com/ubb/rolleyes.gif

------------------
May all your dealings in life be win/win!

Whyzman


[This message has been edited by Whyzman (edited 11-28-2001).]