1. VIRUS ALERT: w32/bugbear@MM
- Posted by Dan Moyer <DANIELMOYER at prodigy.net> Oct 02, 2002
- 396 views
I just spent many hours getting the email virus w32/bugbear@MMand one called PWS-Hooker.dll off my system, and since they are remailers, it's possible people on this list might have been sent it too (from my address book), so it wouldn't hurt to be alert for them. I think they look for old email to re-present, because mine was purportedly from David Cuny (at dcuny at siol.net), with a subject: Re: Peuphoria so I opened it, and besides my firewall asking if it was ok to set something up as a server (I said no), I got a notification (windows?) that a file was being downloaded, which shouldn't have been happening, and then I noticed my firewall wasn't in the systray anymore, nor was my anti-virus. So the virus took them both OUT. and I think part of the virus load is a trojan to capture/send passwords. I did find the two myself, before I updated my virus checker & it found them, by looking at all new files today at around the time my firewall went down. Deleted one, but it came back, and the other was "in use" by Windows & wouldn't delete until my virus checker got rid of it. Maybe if I'd kept my virus checker up to date, I wouldn't have got it. ? Dan Moyer
2. Re: VIRUS ALERT: w32/bugbear@MM
- Posted by Mike Nelson <MichaelANelson at WORLDNET.ATT.NET> Oct 02, 2002
- 397 views
Dan, I got it from you or your source--current edition of Norton killed it. If you upgrade your Virus checker, get one that scans outgoing email. -- Mike Nelson ----- Original Message ----- From: "Dan Moyer" <DANIELMOYER at prodigy.net> To: "EUforum" <EUforum at topica.com> Subject: VIRUS ALERT: w32/bugbear@MM > > I just spent many hours getting the email virus w32/bugbear@MMand one called > PWS-Hooker.dll off my system, and since they are remailers, it's possible > people on this list might have been sent it too (from my address book), so > it wouldn't hurt to be alert for them. > > I think they look for old email to re-present, because mine was purportedly > from David Cuny (at dcuny at siol.net), with a subject: Re: Peuphoria > > so I opened it, and besides my firewall asking if it was ok to set something > up as a server (I said no), I got a notification (windows?) that a file was > being downloaded, which shouldn't have been happening, and then I noticed my > firewall wasn't in the systray anymore, nor was my anti-virus. So the virus > took them both OUT. and I think part of the virus load is a trojan to > capture/send passwords. > > I did find the two myself, before I updated my virus checker & it found > them, by looking at all new files today at around the time my firewall went > down. Deleted one, but it came back, and the other was "in use" by Windows > & wouldn't delete until my virus checker got rid of it. > > Maybe if I'd kept my virus checker up to date, I wouldn't have got it. ? > > Dan Moyer > > > >
3. Re: VIRUS ALERT: w32/bugbear@MM
- Posted by Travis Beaty <tbeaty at mach3ww.com> Oct 02, 2002
- 387 views
It was also sent to me, but not by your machine, as far as I can tell. It shut down my firewall for a split second, but MacAfee nailed it. I got an advisory about this one a couple of days ago. A subsequent complete virus scan showed no presence of it on my machine. Travis Beaty Mason City, Iowa. ----- Original Message ----- From: "Mike Nelson" <MichaelANelson at WORLDNET.ATT.NET> To: "EUforum" <EUforum at topica.com> Subject: Re: VIRUS ALERT: w32/bugbear@MM > > Dan, > > I got it from you or your source--current edition of Norton killed it. If > you upgrade your Virus checker, get one that scans outgoing email. > > -- Mike Nelson > ----- Original Message ----- > From: "Dan Moyer" <DANIELMOYER at prodigy.net> > To: "EUforum" <EUforum at topica.com> > Sent: Wednesday, October 02, 2002 4:21 AM > Subject: VIRUS ALERT: w32/bugbear@MM > > > > I just spent many hours getting the email virus w32/bugbear@MMand one > called > > PWS-Hooker.dll off my system, and since they are remailers, it's possible > > people on this list might have been sent it too (from my address book), so > > it wouldn't hurt to be alert for them. > > > > I think they look for old email to re-present, because mine was > purportedly > > from David Cuny (at dcuny at siol.net), with a subject: Re: Peuphoria > > > > so I opened it, and besides my firewall asking if it was ok to set > something > > up as a server (I said no), I got a notification (windows?) that a file > was > > being downloaded, which shouldn't have been happening, and then I noticed > my > > firewall wasn't in the systray anymore, nor was my anti-virus. So the > virus > > took them both OUT. and I think part of the virus load is a trojan to > > capture/send passwords. > > > > I did find the two myself, before I updated my virus checker & it found > > them, by looking at all new files today at around the time my firewall > went > > down. Deleted one, but it came back, and the other was "in use" by > Windows > > & wouldn't delete until my virus checker got rid of it. > > > > Maybe if I'd kept my virus checker up to date, I wouldn't have got it. ? > > > > Dan Moyer > > > > > >
4. Re: VIRUS ALERT: w32/bugbear@MM
- Posted by munchr at mac.com Oct 02, 2002
- 390 views
At 04:21 AM 02/10/2002 -0700, Dan wrote: >I just spent many hours getting the email virus w32/bugbear@MMand one called >PWS-Hooker.dll off my system, and since they are remailers, it's possible >people on this list might have been sent it too (from my address book), so >it wouldn't hurt to be alert for them. > >I think they look for old email to re-present, because mine was purportedly >from David Cuny (at dcuny at siol.net), with a subject: Re: Peuphoria I received it as well, on my euphoria account. By that, I mean that it is only subscribed to the Euphoria list, and has never been used elsewhere. No spam has ever been received in the year that I have had the account, so I was quite surprised to see a message about "your CDNOW order confirmation". Luckily, my email provider (mac.com) scans all incoming mail, and they removed the attachment. I can only assume that it came from an infected machine on this list that has my address in an address book. It claimed to have come from "manager at griffon.mwsc.edu", but has a return path of 2Cust70.tnt9.adl1.da.uu.net [63.12.15.70] by way of pluto.senet.com.au. The router tnt9.adl1.da.uu.net is part of UUNET/Worldcom's network and is located in Adelaide, Australia. So if you are on this list, and live in or near Adelaide, please check your PC for an infection by W32/BugBear at MM. This has been a public service announcement. James Powell