w00t!!! my first comp virus :P

[Paulson]

Well, good ol' norton is telling me that I have an infected file.

Hopefully it will burn it all to hell, because I really don't want to re-install.

Well, wish me luck...

 

[Locutus of Board]

It's better than herpes kid.

 

[pulpp]

good luck

 

[777joee]

I thought Pennicilen cured viruses.........

 

[Pyxis]

Congratulations

Good luck getting rid of it. I got a virus last year when I didn't have my anitvirus running and I had to do a fresh install of my os

 

[IJump]

I haven't seen any good viruses lately. Only remakes of the crappy old Melissa and I Love You viruses. Can't these people be more creative?

 

[EvanFerguson]

don't kiss me

 

[Paulson]

Let me re-phrase...

This is a comp virus, although I really do enjoy all your smartass posts

 

[GT1999]

What virus is it?

 

[Paulson]

W32.HLLW.Bymer

if I remember, that's an RC5 virus. Damnit.

Oh well, glad I aint flushed for a while...

 

[Goldfish]

Congrats on getting a virus, lol. I've (knock on wood) never had one in my length of computer usage. I guess thats what I get for being carefull and avoiding doing stupid stuff.

 

[Paulson]

well, I have this stupid network problem so I decided to scan.

Hopefully the file wininit.exe isn't important, because I deleted it. (or had to)

 

[Bosec]

I dont kno if that is something to be happy about but welcome to the club!

 

[kvelouria]

Personally installing my first trojan was a lot more enlightening than getting my first virus.

Tip: If you download a file that ends with .mpg but the icon looks like an executable, it's not real bright to go ahead and run it anyway.

 

[Whitecloak]

oops, i think deleting wininit.exe might have been a mistake. i am not sure but i think when windows starts up, wininit is called.

 

[Russ]

<< Hopefully the file wininit.exe isn't important, because I deleted it. >>



EDIT: Just checked. The one that is in windows\system is the culprit and fine to nuke. The one in windows needs to remain. Bymer is not even harmful, though.

BTW, the only way you can get Bymer is if you have open, unprotected shares. You need to tighten your security.

Russ, NCNE

 

[Paulson]

unprotected shares?

ummm, that means what Russ? Few open ports?

 

[FelixDeCat]

Ive had a few virii before. I ghost my hd frequently to a separate backup hd so I really dont care. They are actually kind of funny. Im glad I can laugh at these things.

 

[GT1999]

Set a password on your shared hard drives / devices. Install a firewall.

You should be fine..

 

[Russ]

Paulson,

It means your system is:

a. Accepting connections on port 139 (NetBIOS)
b. You have file and print sharing enabled and bound to TCP/IP
c. You have not password protected the drive.

Go to http://www.grc.com and run Shields Up on the system that got the infestation.

Russ, NCNE

 

[Paulson]

Thanks Russ...

 

[rc5]

If you are using win2k, the opportunity of infecting virus is much smaller than staying with win9x.

Dos was the heaven of viruses.

 

[Russ]

HMM...I just port scanned your IP address (at least the one that was in the last eMail I got from you), and port 139 comes up stealth. You have a bunch of server related ports open, but that's to be expected.

Sure you haven't had this a while, and just discovered it? Do you have another system connected that might have gotten it and and it moved over? Or, are we talking about a different system then the one you send mail from?

Or maybe this puppy can come in through other ports?

Russ, NCNE

 

[Mattatron5000]

My first was the love bug......infecting excecutables and such, joy

 

[Paulson]

Well, i have some idea as to how I may have gotten it.

I have the DMZ host set to port 192.168.1.21 on my router (my server internal IP addy) which I shouldn't have done in the first place. Well, my ip's got switched around, and my new comp was the DMZ host, which isn't good at all.

Needless to say, no computer is the DMZ host anymore...