VIRUS ALERT 2

Soulful Detroit Forum: Open Forum: VIRUS ALERT 2
Top of pageBottom of page   By Ralph (209.240.222.130 - 209.240.222.130) on Monday, June 10, 2002 - 11:33 pm:

What a waste of perfectly good space. Harry, I got the same e-mail you did today. Ed Wolfrom...if you can stuff the cretin's mailbox, by all means DO IT!!!

Top of pageBottom of page   By John Lester (213.122.204.37 - 213.122.204.37) on Tuesday, June 11, 2002 - 06:53 am:

Ralph....I am told by one of life's computer intelligencier that the sender may not even know that he or she is sending it to you..that is apparently how viruses work. So you might be stuffing up someone's mail box who dont' even know. I have at admit, that it's all double dutch to me.

If I get an email with an attachment and I dont recognise the sender, I switch my Outlook Express to Alt+view, layout, Preview pane and untick the preview window, Apply and Ok. Then I higlight the message and delete it before my virus checker kicks into place - that often freezes everything and it stops when windows player starts going crazy.

I honestly do not understand why people want to spend their time doing these things. These people are very clearly educated and they really should be doing something a bit more useful with their talents. It's all a bit sad really.

Top of pageBottom of page   By Ralph (209.240.222.130 - 209.240.222.130) on Tuesday, June 11, 2002 - 01:34 pm:

John,
Time to call in Bond...James Bond.

Top of pageBottom of page   By Ed Wolfrum (165.121.214.157 - 165.121.214.157) on Tuesday, June 11, 2002 - 02:55 pm:

What I have found out is that the SITES that are sending these WORMS are in Asia and England. Where in Asia I have not been able to trace. They both are commercial PORN sites. With that morality (or lack thereof) I suppose anything evil thing is to be expected.

I haven't found out yet what the "WORM" is supposed to do, but it appears to want to make calls to both Java and Active X engines. I grabbed it with Norton Virus Scan and have isolated at least one of the WORMS in order to get this far. I also sent it to the Symantic Virus center and have yet to hear back on what they have found out about its origination and action.

Top of pageBottom of page   By Carl Dixon London (62.31.32.130 - 62.31.32.130) on Tuesday, June 11, 2002 - 02:57 pm:

Ed - email me!
Cheers

Carl

Top of pageBottom of page   By Ralph (209.240.222.130 - 209.240.222.130) on Tuesday, June 11, 2002 - 03:03 pm:

Forget James Bond...it's Ed...Ed Wolfrom.

Top of pageBottom of page   By Ritchie (62.254.0.6 - 62.254.0.6) on Tuesday, June 11, 2002 - 05:11 pm:

Ed

That is very interesting. First of all, I'm surprised to hear that there are any English-based porn sites. I'd have thought it would be much easier to trace an illegal or at least dubious site on a UK server, than in a more remote country, and therefore more of a risk for the "publisher".

Secondly, while the motivation for publishing porn is obvious - profit - it's difficult to see what is to be gained from transmitting viruses. I fail to see any profit-motive there!

Top of pageBottom of page   By Bradburger (172.181.142.230 - 172.181.142.230) on Wednesday, June 12, 2002 - 08:22 am:

I've just recieved this e-mail with an attachment:

From: PISTOLALLEN@aol.com
Subject: On Mouseover
Attached file: Href.zip

As I have no virus scanner installed at the moment can anyone tell me if they too have recieved this email? Was it sent to all Soulful Detroit forum participants? (although there is no sign of it being forwarded) Is it legit or suspect?

Checked in the details section and saw a reference to Jack Ashfords email address.

Stangeley enough I recieved a similar kind of email from another forum I visit.

Cheers

Paul :O

Top of pageBottom of page   By Ritchie (62.254.0.6 - 62.254.0.6) on Wednesday, June 12, 2002 - 08:48 am:

Paul

If you haven't already deleted it - email it to me (forward) as an attachment and I'll check it out. It's almost certainly bogus and carrying a virus, but I'll check it out.

I receive many of these "ghost" messages each day, and they're pretty easy to spot, usually by the subject line.

My mail address is mailbox@ritchie-hardin.com

Top of pageBottom of page   By Carl Dixon London (217.37.228.101 - 217.37.228.101) on Wednesday, June 12, 2002 - 10:52 am:

It is a virus -delete it.

Top of pageBottom of page   By Vickie (64.12.107.164 - 64.12.107.164) on Friday, June 14, 2002 - 07:19 pm:

Question:
I did the address book trick, and I did recieve an email today saying that I sent a virus and that it wasdetected & contained.If I have never opened any attachments how could the virus go to my address book?
Just wondering..The email said I sent to a Karen Young, but I have no clue who that is and have no entries in my address book except for the "Worm Alert" trick you all tought me.
Blondie in California

Top of pageBottom of page   By Eli (152.163.197.182 - 152.163.197.182) on Friday, June 14, 2002 - 07:57 pm:

Karen Young is a deceased (also dead) Philly singer who had a song called Hot Shot.

Top of pageBottom of page   By PHILLYSOULMAN (152.163.197.182 - 152.163.197.182) on Friday, June 14, 2002 - 07:59 pm:

Incidentally, I believe that she expired from a heart VIRUS

Top of pageBottom of page   By Rod Serling (62.254.0.6 - 62.254.0.6) on Friday, June 14, 2002 - 08:03 pm:

Doo-doo-doo-doo
Doo-doo-doo-doo

(Twilight Zone)

Top of pageBottom of page   By Eli (152.163.197.182 - 152.163.197.182) on Friday, June 14, 2002 - 08:10 pm:

Rod!! Welcome bro. I thought that you threw a 7 years ago. How little did I know.
I've been too wrapped in this forum to watch t.v.
My bad!! By the way, the third decending note should have been an E Flat!! I thought that you tuned pianos on the side!!!

Top of pageBottom of page   By Cadillac (Ralph) (209.240.222.130 - 209.240.222.130) on Friday, June 14, 2002 - 08:12 pm:

Ain't me Bobby. I think ol' Rod has re-appeared

Top of pageBottom of page   By Ed Wood (62.254.0.6 - 62.254.0.6) on Friday, June 14, 2002 - 08:14 pm:

Greetings, o multifaceted one. I am channelling these messages through one who is still on your side. No pianos here, and the harps are flat.

Top of pageBottom of page   By Cadillac (Ralph) (209.240.222.130 - 209.240.222.130) on Friday, June 14, 2002 - 08:24 pm:

Hmmmm....tuning a harp has always been a mystery to me. Facinating axe though.

Top of pageBottom of page   By Eli (152.163.197.182 - 152.163.197.182) on Friday, June 14, 2002 - 08:28 pm:

Ed Wood rules!! For sure he is the worst director of all time. Maybe I can be the Ed Wood of record producers and make the shlockiest records of all time financed by little old one time wanna be aspiring singers who never made it loking for their las' go 'round!!

Top of pageBottom of page   By Ritchie (62.254.0.6 - 62.254.0.6) on Friday, June 14, 2002 - 08:40 pm:

Sorry, Bobby - I think you'd fail as a no-talent-spotter... There are plenty of those around, and sadly, they're making a mint into the bargain.

Anyway, I think this might be a dangerous area to tread in - the worst record producers of all time. All, please write your nominations on a postcard and then burn it immediately!

Top of pageBottom of page   By Preacherman (152.163.197.182 - 152.163.197.182) on Friday, June 14, 2002 - 09:12 pm:

Ritchie,
It is a travesty indeed!! All of these people who call themmselves "producers" Some of them can't even pronounce the word or know it's true definition. Quincy said it best when he said that a record producer is analagous to a film director as he or she is the one who in in charge of the entire creative process from beginning through the end.
Some of these thugged out so called producers think that making a beat in the back bedroom allows them to command a recording of hundreds of thousands of dollars.
Their values are all discombobulated.
I was blessed to have learned my craft from some of the best in the biz who were hands on and right there on the studio floor with us exchanging musical ideas and thoughts straight out of the blue just like magic.
These new "producers" can't tell the diffence from a b flat to a c sharp with a raised fifth. The only fifth they know how to raise is a fifth of gin (and juice)
So much good money is wasted by the so called "bling - bling generation" who are so obsessed with over excess and materialism
and fail to realise that this is the record "buisiness" not one bib party. I, like my peers have always taken a great deal of pride in our work and it shows decades later.
It's too bad that there is just nothing to show from on this crap that is out there right now for our future generations to enjoy unless, that is if the future is filled with a bunch of mindless idiots and clones thereof.

Top of pageBottom of page   By Ritchie (62.254.0.6 - 62.254.0.6) on Friday, June 14, 2002 - 09:30 pm:

Yeah, bro - tell it like it is!

I can't dispute a word you say there. I think the key phrases are "hands on" and "studio floor". Hands on computer keyboards doesn't count as far as genuine musicianship is concerned. Yes, it's the lack of "organic" involvement between the artists - the musicians and the vocalists. OK, we know that rhythm tracks and vocals are recorded separately, but it's still an organic process involving genuine humans. I'd like to see the sequencer that could sneak a Charlie Parker riff into a track, or a snatch of Wes Montgomery... Come to think of it, no - I wouldn't!

There is decent music around today. You just have to search so damn hard to find it. I guess that's why back-catalogue material is so popular. People know the quality is there.

By the way - I have a group on Yahoo (formerly a club) that's currently at number three, thanks to the group above us having a couple more members. I wouldn't mind so much if it was something comparable to my "Soulsville UK", but it's a bunch of kids who go gaga over Hear'say. Now what THEY are doing in the R&B/Soul category is a mystery to me.. or simply symptomatic of today's declining standards. End of sermon.

Top of pageBottom of page   By P--Man (152.163.197.182 - 152.163.197.182) on Friday, June 14, 2002 - 09:42 pm:

Well, I guess I will go back to my PEW!!!
Quick, I need a hanky to wipe my brow. I am starting to quiver from head to toe and I guess that soon I will to speak in tongues, or is that just bad ebonics!!!!

Top of pageBottom of page   By Ritchie (62.254.0.6 - 62.254.0.6) on Friday, June 14, 2002 - 09:57 pm:

Don't worry... nothing that a shot of Philly-cillin won't cure ;o)

Top of pageBottom of page   By brianday@cwcom.net (212.137.228.59 - 212.137.228.59) on Saturday, June 15, 2002 - 10:53 am:

these virus have been hitting me as well ,since i have been coming on this site ,my virus checker kicks them out the back door,maybe someone dosnt like us soulites ,the sad b******S . i think they are coping our email adresses

Top of pageBottom of page   By Carl Dixon London (62.31.32.130 - 62.31.32.130) on Saturday, June 15, 2002 - 01:43 pm:

For those interested, the following are the subject names for the virus emails I keep receiving. If you receive them – delete immediately:

Winxp patch
Returned mail ‘Here to start'
Undeliverable mail ‘Here to start’
W32.klez.E removal tool
All times
Honey
SOS
How are you

They are about 133k in size. That is a clue they have a virus embedded. Is anybody receiving any from me, carl.dixon@melkman.com or carlmichelle@csi.com ?

Top of pageBottom of page   By Mark Speck (65.56.217.76 - 65.56.217.76) on Saturday, June 15, 2002 - 03:42 pm:

I've been getting hit with these as well! One of them came from Andy Alonzo--I didn't recognize the name at first, then I noticed his name on here!!

There's one in my deleted items bin right now that won't allow me to delete it. I knew it was bad news when I got it 'cause

1) It was from someone I didn't know and had an attachment (although I do get occasional spam crap like this as well)

2) The subject line didn't apply to me--"there are 0 items in your cart". I NEVER shop on-line (well, OK, once I did, because I got a Barnes and Noble.com gift certificate), so I knew damned well something was wrong!

Fortunately, I have a decent anti-virus program, and it's on the case with this. The big headache is it takes up time to run the AVP to see if it caught it.

These people who create and send crap like this are sad...very sad.

Best,

Mark

Top of pageBottom of page   By hw (207.0.87.83 - 207.0.87.83) on Sunday, June 16, 2002 - 02:15 am:

BEWARE: The virus with the subject line

'A IE 6.0 Patch'

is circulating again

Top of pageBottom of page   By Carl Dixon London (195.153.219.170 - 195.153.219.170) on Monday, June 17, 2002 - 06:09 pm:

Harry, it's bad enough having a high pollen count today in London, never mind another virus! (PS - it is Celarfull of Motown night, tonight at work. They don't know yet, but whether they like it or not, I'll be spinning it shortly, ha ha)

Top of pageBottom of page   By Ritchie (62.254.0.6 - 62.254.0.6) on Monday, June 17, 2002 - 06:27 pm:

OK, paranoia time...

Anyone else received this...?

"Internet Security Update" from Microsoft Corporation Security Center

Microsoft Customer,

this is the latest version of security update, the
"13 Jun 2002 Cumulative Patch" update which eliminates all
known security vulnerabilities affecting Internet Explorer and
MS Outlook/Express as well as six new vulnerabilities, and is
discussed in Microsoft Security Bulletin MS02-005. Install now to
protect your computer from these vulnerabilities, the most serious of which
could allow an attacker to run code on your computer."

The attachment is q216319.exe
which my virus scanner determined was "infected with the W32Gibe @MM virus"

Who can you trust?

Top of pageBottom of page   By Carl Dixon London (195.153.219.170 - 195.153.219.170) on Monday, June 17, 2002 - 06:29 pm:

I have heard of it - it is the virus! Delete it. Well spotted.

Top of pageBottom of page   By Ritchie (62.254.0.6 - 62.254.0.6) on Monday, June 17, 2002 - 06:55 pm:

Upate:

This "Microsoft" message I referred to above is a fake email which does indeed contain a worm. If you receive this, DO NOT RUN THE EXE.

Thre is more info on this page at the Microsoft website:

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/virus/alerts/gibe.asp

Keep vigilant and stay safe, folks.

Top of pageBottom of page   By Vickie (152.163.201.207 - 152.163.201.207) on Tuesday, June 18, 2002 - 02:22 am:

I have become delete queen!!!

Blondie in California

Top of pageBottom of page   By Ralph (209.240.222.130 - 209.240.222.130) on Tuesday, June 18, 2002 - 03:15 am:

Hey Blondie. I like your nickname.

Top of pageBottom of page   By Vickie (152.163.201.207 - 152.163.201.207) on Tuesday, June 18, 2002 - 03:35 am:

Ralph,
It seems to fit me most days..
I am a smart blonde though :)
Vickie

Top of pageBottom of page   By Ralph (209.240.222.130 - 209.240.222.130) on Tuesday, June 18, 2002 - 03:52 am:

I never thought otherwise Vickie.

Top of pageBottom of page   By Vickie (198.81.26.77 - 198.81.26.77) on Tuesday, June 18, 2002 - 04:13 am:

I am blondie on this thread because I always end up on this thread trying to figure out those darn viruses..I just deleted another one with the subject line "Eager To See You"

still blondie in Cali :)

Top of pageBottom of page   By Carl Dixon London (62.31.32.130 - 62.31.32.130) on Tuesday, June 18, 2002 - 10:32 am:

There are still many of these virus attachment going around. Here is the list of those affecting some of us now:

Winxp patch
Returned mail ‘Here to start'
Undeliverable mail ‘Here to start’
W32.klez.E removal tool
All times
Honey
SOS
How are you
Us how it works for you?
welcome to my home town
Eager to see you

If in doubt, delete it out!!!

Cheers

Top of pageBottom of page   By hw (68.37.216.64 - 68.37.216.64) on Tuesday, June 18, 2002 - 12:37 pm:

and PLEASE add to this list of viruses

'A IE 6.0 Patch'

do not open this - delete immediately

Top of pageBottom of page   By Vickie (152.163.201.192 - 152.163.201.192) on Tuesday, June 18, 2002 - 02:38 pm:

Also..
I get one that says "foundland" in the subject line..so far I have gotten it from (but Not) Weldon, Limestone Records, Jack ashford and BMI..
Thanks Carl for posting the other subject lines.

Vickie

Top of pageBottom of page   By Mark Speck (65.58.50.25 - 65.58.50.25) on Wednesday, June 19, 2002 - 03:34 am:

Had FOUR of 'em in my box today! It's scary out there, folks!!

Best,

Mark

Top of pageBottom of page   By Ed Wolfrum (165.247.229.13 - 165.247.229.13) on Thursday, June 20, 2002 - 02:47 am:

I got a new one today as FOUNDATION.

Ed

Top of pageBottom of page   By Vickie (152.163.205.62 - 152.163.205.62) on Thursday, June 20, 2002 - 02:47 pm:

Got another one that had the subject line ..."Questionaire"
It came from Chaka Kahn's site - Yeah right...Like Chaka's going to send me a questionnaire...I emailed the site, they didn't send it...
I must have visited her site...
:)
Vickie

Top of pageBottom of page   By Ritchie (62.254.0.6 - 62.254.0.6) on Thursday, June 20, 2002 - 03:23 pm:

If it wasn't so potentially dangerous, it would be laughable, some of the things I've received... "a new game" from Pete Rivera, and also Ralph (yeah, right!), "a photo of my girlfriend" from phillysoulman (NOT) - and so on. These are pretty easy to spot and dispose of.

It's the messages that look genuine that are the worry, like the "Microsoft Security Update" I mentioned above. I really had to do some serious checking before my suspicions were confirmed. Less serious, but still a point of concern - almost every day I receive a (genuine) message from Microsoft Support, thanking me for my "suggestions"....

The fact of the matter is, I have never had any contact with them.

Top of pageBottom of page   By hw (68.37.218.243 - 68.37.218.243) on Thursday, June 20, 2002 - 03:44 pm:

Got one yesterday from members of this forum with the subject header 'TRANSITION'

it was deleted immediately

Top of pageBottom of page   By Carl Dixon London (62.31.32.130 - 62.31.32.130) on Friday, June 21, 2002 - 09:11 am:

Virus update list!

Winxp patch
Returned mail ‘Here to start'
Undeliverable mail ‘Here to start’
W32.klez.E removal tool
All times
Honey
SOS
How are you
Us how it works for you?
welcome to my home town
Eager to see you
a new game
Worm klez.E.immunity
A very funny website
A excite game
Foundation
A IE 6.0 Patch
A photo of my girlfriend
Transition
Questionaire

These are starting to stand out like a sore thumb. Should we still update the list so we know what's going on?

Top of pageBottom of page   By Ritchie (62.254.0.6 - 62.254.0.6) on Friday, June 21, 2002 - 09:18 am:

Good idea, Carl.

I reckon I've had most of these. "Bobby" 's "photo of my girlfriend" was a jpg of a skyscraper!

Top of pageBottom of page   By Vickie (198.81.17.173 - 198.81.17.173) on Friday, June 21, 2002 - 07:45 pm:

Add to that list..

Foundland
Channels
To Channels
Regarding Channels

I have received these in the last day..

Vickie

Top of pageBottom of page   By Vickie (198.81.17.41 - 198.81.17.41) on Saturday, June 22, 2002 - 05:44 am:

Ok this one was funny..Came from HW (not)
Subject line "Japanese girl VS playboy"
Those of you with AOL, do you get any instant messages that say "e kiss' I never respond, but it happens all day ..is that another way that a virus can spread..
I don't know what "e kiss" is but I've gotten it a lot in recent weeks, it says someone has sent you an "ekiss" click here to find out who..Anyone know about this? Does it happen to anyone else with AOL? If "e kiss" is really some sort of greeting I have gotten a lot of them..I don't open anything in an IM if I don't know who it is..
I have never visted an x rated site, so I am puzzled that I am getting naughtys now.

Top of pageBottom of page   By HW (68.37.218.243 - 68.37.218.243) on Saturday, June 22, 2002 - 12:59 pm:

Ritchie - sounds to me like you opened that image file.. now you must do a virus scan -

Top of pageBottom of page   By Ritchie (62.254.0.6 - 62.254.0.6) on Saturday, June 22, 2002 - 02:37 pm:

Harry

I run a full virus scan on this PC every day, and the software is constantly monitoring to check any mail that comes in. The "Bobby Eli" message had already been scanned, and the body and attachment deleted. The image checked out as uninfected. It's now long-deleted too.

Incidentally, I identified the pic as the Cadillac Tower, suggesting that it had been somehow extracted from elsewhere on this site.

Top of pageBottom of page   By Carl Dixon London (62.31.32.130 - 62.31.32.130) on Wednesday, July 03, 2002 - 08:11 am:

Virus update list - these attachments are circulating at the moment:

Winxp patch
Returned mail ‘Here to start'
Undeliverable mail ‘Here to start’
W32.klez.E removal tool
All times
Honey
SOS
How are you
Us how it works for you?
welcome to my home town
Eager to see you
a new game
Worm klez.E.immunity
A very funny website
A excite game
Foundation
A IE 6.0 Patch
A photo of my girlfriend
Transition
Questionaire
Foundland
Channels
To Channels
Regarding Channels
You're paying too much
Browser does not support frames,therefore
Message

Top of pageBottom of page   By M.McLeanTech (66.218.59.37 - 66.218.59.37) on Wednesday, August 14, 2002 - 09:28 am:

Carl Dixon,

I finally loaded the free edition available from:

www.grisoft.com

I must say that it was the first time that I ever had a totally painless experience in downloading a program with a 56K modom, off of the telephone line, and having it set up beautifully, and seem to simply work like a champ! I was VERY impressed, and it found a worm in one of my files!

It all seems too good to be true. However, until proven wrong, I am going to assume that this anti-virus software application is as effective, as it is a pleasure to use.

At this point, I love it!

Mike McLean

Top of pageBottom of page   By Ritchie (62.254.0.7 - 62.254.0.7) on Wednesday, August 14, 2002 - 10:09 am:

Mike

An excellent move - and a good weapon to have in the armoury against this infuriating, time-wasting problem.

All

I had thought this virus threat was on the decline, but it appears to have resumed - I don't know if anyone else has noticed this, but the bogus messages seem to have started up again, for me at least. They are not necessarily Forum-related as before, but still of the same dubious character.

On the same subject, I was perturbed to discover that I may have inadvertantly dragged someone else into the mire. On Monday I contacted a lady in the US, and some correspondence between us followed. Yesterday, I received a polite but indignant message from her, asking why I had sent her an email with a virus attachment. The subject line was "top margin", and the reply address diplayed was mine. The headers revealed that the message had not originated from me at all, of course, but I nevertheless feel I must have been somehow responsible for adding her to the "hit list". She is not in my address book, by the way.

Now, whether this is pure coincidence or something more sinister, I mailed her back with reassurances and the URL for the AVG software, and that of the "Klez removal tool" provided by Symantec. A little later, a message from an unknown sender arrived in my inbox, recommending the same Symantec program, but with an attachment which - no surprise - contained the Klez worm itself.

Needless to say, I have up-to-date virus scanning software, plus a firewall, and I even ran the Klez removal tool yesterday myself as a safety precaution. The worm was not found on my system. Something very strange is at work here, and it's disturbing to say the least.

Top of pageBottom of page   By David Meikle (213.122.59.171 - 213.122.59.171) on Wednesday, August 14, 2002 - 12:07 pm:

I have found that the problem has re-commenced starting at the weekend.

I think this whole problem started when I opened an attachment from "Lowell" about 6 months ago.
It was the first one I had ever encountered hence the reason for opening it. Plus it did look lik it was from Lowell, although obviously not.

The attachment did not cause any harm to my computer. It just create this daily two minute workload of carefully deleting half a dozen e-mails.

I don't think you can do anything about it once it's in there.

I asked the PC Mag forum about possible solutions and they say there are none.

They also say this is rampant on the web.

Top of pageBottom of page   By FransBigSister (151.199.237.127 - 151.199.237.127) on Thursday, August 15, 2002 - 04:16 am:

--I have been receiving the "new Game" email
and another one "Happy Assumption Day" (Virus
creator must be Catholic). Of course it has
been coming since Assumption Day, 8/8. I received
that one from same sender twice this week,
just the subject, no content. Tonight I
received an email from my nephew, who has
Web TV, asking me why I sent him these weird emails today.
My Norton is new, and I have
the first address in my address book as
0001@0001.com, so it would come back to me
as undeliverable, if a virus stole my address
book. My nephew is not in my address book at
all, but I'M in his address book.
Verizon, my ISP, just instituted new mailbox settings
two weeks ago to try to circumvent this
virus. I now have to type in my ID before
emailing. Obviously, their new preventative
measures are not working if he received two
bogus emails from me today. Going to site and
download the virus check again, just in case.
(did this three months ago).
Marilyn


Add a Message


This is a public posting area. Enter your name or nickname into the "Username" box. Your e-mail address is optional.
Username:  
E-mail: