Naime, imam neki worm/virus ili slicno koji salje poruke na odredjene adrese.. Naprimer danas sam dobio mail od mardam@mirc.com gde je covek govorio da imam virus i da prima od mene mnogo flood poruka sadrzine:
Takodje, danas mi je stigao email od mail delivery servicea gde pise da mail koji sam "JA" poslao nemoze da stigne do onog kome sam "hteo poslati" tj irc@bolchat.org !!! Dnevno dobijam po 100 poruka ovog tipa cak nekad dobijam i neke kratke sa attachamentom koje nikad ne pokrecem jer kontam da je to MYDOOM worm.. Skinuo sam mydoom remover ali on ne nalazi mydoom na kompu... Skinuo sam neki prog worm remover ali nijednog worma nije nasao.. POMAZITE LJUDI , HITNO JE!!!
Moj operativni sistem je WINDOWS XP , a mail klijent Microsoft Outlook 2003..
HELP.. SOME KIND OF WORM.. WHIP THE PEOPLE !!! OR.. JUST ME?!
<FONT>Klez.E is the most common world-wide spreading worm.It's very dangerous by corrupting your files.<br> Because of its very smart stealth and anti-anti-virus technic,most common AV software can't detect or clean it.<br> We developed this free immunity tool to defeat the malicious virus.<br> You only need to run this tool once,and then Klez will never come into your PC.<br> NOTE: Because this tool acts as a fake Klez to fool the real worm,some AV monitor maybe cry when you run it.<br> If so,Ignore the warning,and select 'continue'.<br> If you have any question,please <a href=3Dmailto:cabman@zolta.eet.bme.hu>mail to me</a>.</FONT></BODY></HTML>
NOTE: You must have administrative rights to run this tool on Windows NT 4.0, Windows 2000, or Windows XP.
1. Download the FixKlez.com file from http://securityresponse.symantec.com/avcenter/FixKlez.com. 2. Save the file to a convenient location, such as your download folder or the Windows desktop (or, if possible, removable media known to be uninfected). 3. To check the authenticity of the digital signature, refer to the "Digital signature" section later in this writeup. 4. Close all the programs. 5. If you are on a network, or if you have a full-time connection to the Internet, disconnect the computer from the network and the Internet. 6. If you are running Windows Me or Windows XP, disable System Restore. Refer to the "System Restore option in Windows Me/XP" section, later in this writeup, for additional details.
NOTE: If you are running Windows Me/XP, Symantec strongly recommends that you do not skip this step. 7. Shut down the computer and turn off the power. Wait 30 seconds. Do not skip this step. 8. Restart the computer in Safe mode. All the Windows 32-bit operating systems, except Windows NT, can be restarted in Safe mode. For instructions on how to do this, read the document, "How to start the computer in Safe Mode." 9. Double-click the FixKlez.com file to start the removal tool. 10. Click Start to begin the process and allow the tool to run. 11. Normally restart the computer. 12. Next, if you are using a Symantec antivirus product, re-install it. * For consumer products such as Norton AntiVirus 2000/2001/2002/2003, follow the instructions in the document, "How to restore Norton AntiVirus after removing a virus." * For Enterprise products, contact your system administrator. 13. Run LiveUpdate to make sure that you are using the most current virus definitions, and then rescan the computer. If your Symantec antivirus product detects any infected files and cannot repair them, choose to delete the files. 14. If you are running Windows Me/XP, re-enable System Restore.
NOTE: The removal procedure may not be successful if Windows Me/XP System Restore was not disabled as previously directed, as Windows prevents System Restore from being modified by outside programs. If W32.Klez.gen@mm was activated before you ran the removal tool, in most cases you will not be able to start Norton AntiVirus (NAV). Refer to the "Removal" section of the W32.Klez.E@mm writeup for instructions on running NAV from the command line and re-installing NAV.
When the tool has finished running, you will see a message indicating whether variants of W32.Klez@mm and/or variants of W32.ElKern infected the computer. If an infection was removed, the program displays the following results:
* Total number of the scanned files * Number of deleted files * Number of repaired files * Number of terminated viral processes * Number of deleted viral services * Number of fixed registry entries
Koji AV imas? Da li si siguran da si ti taj koji ima virus? Da li u Task manageru, u process ima nesto da radi sto ne znas sta je, a pod tvom username-om? Jel se pokrece u registry-u nesto pod kljucem: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SOFTWARE\Microsoft\Windows\CurrentVersion\Run a da ne znas sta je?
Da li u Task manageru, u process ima nesto da radi sto ne znas sta je, a pod tvom username-om? Jel se pokrece u registry-u nesto pod kljucem: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SOFTWARE\Microsoft\Windows\CurrentVersion\Run a da ne znas sta je?
Ne. Svi procesi su mi poznati.. Mada mi je malo sumnjiv alg.exe ?
Svi procesi su mi poznati.. Mada mi je malo sumnjiv alg.exe ?
Kod:
alg - alg.exe - Process Information
Process File: alg or alg.exe Process Name: Application Layer Gateway Service Description: Part of Internet Connection Sharing application and Internet Connection Firewall for Windows XP. This service provides support for third party protocol plug-ins for the Internet Connection Sharing application and Internet Connection Firewall. Company: Microsoft Corp. System Process: Yes Security Risk ( Virus/Trojan/Worm/Adware/Spyware ): No Common Errors: N/A
-------
Znaci nije to nista, to te samo Microsoft spijunira, to nije virus
mada ...
Kod:
FILENAME: Alg.exe. PROGRAM NAME: Application Layer Gateway. DESCRIPTION: Part of Windows XP that provides support for ICS and Internet Connection Firewall (ICF). RECOMMENDED ACTION: [b]If a third-party firewall warns you that ALG.exe wants access, check to make sure you're not double-firewalled. If you are, disable ICF. If you are using neither ICF nor ICS and are warned that ALG.exe is trying to access the Net, deny it. A Trojan horse or worm may be trying to use it as a backdoor.[/b]
'bem li ga... valjda nemas nista... ali preporucujem pod hitno neki AV
Napomena: Moje privatne poruke, icq, msn, yim, google talk i mail ne sluze za pruzanje tehnicke podrske ili odgovaranje na pitanja korisnika. Za sva pitanja postoji adekvatan deo foruma. Pronadjite ga! Takve privatne poruke cu jednostavno ignorisati! Preporuke za clanove:Procitajte najcesce postavljana pitanja!
Da li si instalirao SP na XP .. ? Za početak zakrpi widows pa instaliraj Kaspersky AV .. a i neki firewall nek ti se nađe pri ruci ..
Virusi mogu i da preprave adresu sa koje su stigli pa često se desi da ti i nemaš taj virus .. već je pokupio tvoju adresu iz nekog adresara .. e sad pošto te toliko ljudi obaveštava o tome .. verovatno imaš nešto ..
Izbriši sve mailove koji ti nisu potrebni i obavezno one sa attachmentom .. veličine 20~ 40 kb'a ..