Silicon Investor (SI) -- The First Internet Community

STOCKTALK

We've detected that you're using an ad content blocking browser plug-in or feature. Ads provide a critical source of revenue to the continued operation of Silicon Investor. We ask that you disable ad blocking while on Silicon Investor in the best interests of our community. If you are not using an ad blocker but are still receiving this message, make sure your browser's tracking protection is set to the 'standard' level.

Technology Stocks : Advanced Micro Devices - Moderated (AMD) -- Ignore unavailable to you. Want to Upgrade?

To: tejek who wrote (80777)	5/27/2002 2:21:34 PM
From: steve harris	Read Replies (1) \| Respond to of 275872

ted, I couldn't find anything right off the bat searching, but if it's bad enough McAfee has an online virus scan service you can try. $30 may be worth it. mcafee.com Would be a bummer if it didn't help though. Steve ps Can you forward the attachment to me and I'll scan it with my McAfee? Linux rulez!

To: tejek who wrote (80777)	5/27/2002 2:38:18 PM
From: bacchus_ii	Read Replies (1) \| Respond to of 275872

Niceguy, RE:"first with a 2001 CD which I think is corrupted now " How can a CD get corrupted ???? I have seen a lot of problem with W32.Klez lately but Winkygr.exe is unknown to me. My bet it's a form of W32.Klez and there is a DOS scanning and correcting program for it at securityresponse.symantec.com Gottfried

To: tejek who wrote (80777)	5/27/2002 3:07:09 PM
From: Dan3	Read Replies (1) \| Respond to of 275872

Re: I am not sure if I downloaded a worm or virus last Friday or not You might want to list the files on your machine by date - just the ones in your windows directory may be enough, \winnt or \windows. You can use dir . /l /s /n > c:\files.txt. Then open the file "files.txt" in excel and sort it by date. Take a look at the most recently edited/created files and try to delete any suspicious ones. But don't delete anything that you might need later - it can be hard to know which is which. Sometimes, when you can't delete a file it isn't because it's in use, but because it's marked read only or system. You can use the attrib command (attrib -s to remove system attribute, for example) to make the file eraseable. Right clicking on the file in file manager or explorer will usually let you do the same thing (pick properties, and uncheck the appropriate boxes), but you'll have to adjust the settings in folder options to let you see system files, etc, first. Attrib will sometimes work when the GUI tools won't. Sometimes, a file that can't be deleted because it's in use can be renamed - then it won't be started up the next time you restart. You can also do a regedit search to try to locate the entry that's starting the executable. There are a lot of ways to screw up a windows machine, and sometimes trying to kill off a nuisance exe causes as much damage as the file itself. It is possible that the file you found was there prior to your clicking on that email (it's neither related to the email nor a virus)... Or that it is some kind of harmless marketing device that isn't a true virus, but just acts a lot like one (think of the crap AOL Instant Messenger, Microsoft Instant Messenger, Real Player, and others install on your machine that is so hard to remove)... Or that it's a vicious worm that's been sending out emails from your machine, and will shortly format your hard drive (though the last one is actually pretty unlikely). If norton won't install, anymore, try this site to download a free scanner: antivirus.com It should find anything that's really nasty, and, at least, you'll know. Good luck fighting this! Regards, Dan

To: tejek who wrote (80777)	5/27/2002 3:47:48 PM
From: ptanner	Read Replies (1) \| Respond to of 275872

ted, re: your virus It is a worm. As someone else noted, there is are several variants of the W32.Klez worm going around these days. I seem to get a couple per week and one of my mailing lists gets it daily. From my observations it doesn't work in Netscape mail as NAV notes it and kills it from the AOL spam. A partial description from Symantec: When this worm is executed, it does the following: It copies itself to \%System%\Wink<random characters>.exe. NOTE: %System% is a variable. The worm locates the Windows System folder (by default this is C:\Windows\System or C:\Winnt\System32) and copies itself to that location. Full description: securityresponse.symantec.com@mm.html Farther down the page is a link to a removal tool and also a note that NAV will not start after the worm has activated. -PT