Need direction to kill a virus

Wed Mar 2 21:58:25 EST 2005

On Wed, 2 Mar 2005 17:46:44 -0800, James Stroud <jstroud at mbi.ucla.edu> wrote:
> Four steps, meant to help, really.
> 
> 1. shut down your computer
> 2. erase your hard drive
> 3. install linux with a firewall
> 4. reboot
> 
> You can always run your beloved window$ under vmware.
> 
> Alternately, get a Mac.
> 
> You will never have another problem like this again. The real virus is your
> operating system.
> 
> Sorry for the brutally honest and yet ultimately helpful answer. If it angers
> you as it does some, well, then you may actually deserve what you get.
> 
> James
> 
> (Living M$ free for 7 years and never been happier.)
> 
> 

Based on the mailing lists I've found your name on and the messages
there, I'm going to give you the benefit of the doubt and assume that
shouting "Don't use windows!" in your general direction would be just
beating a dead horse.

Unfortunately, I don't know of an easy way to remove unidentified 
viruses from an already-infected computer. I really doubt there is a
five-minute guru answer, and unless you find such a solution, you will
probably have to resort to the reformat/reinstall route. You mention
that you have already reinstalled, but do not make clear whether or
not you reformatted your hard drive first - if the problem is in a
file not overwritten by the windows install, it could easily survive a
reinstall without a reformat.

Short of switching to a different operating system, there are a few
steps I can recommend to help defend against malicious attachments and
such:
1) Never, ever, ever use Outlook. Outlook Express is
almost-but-not-quite as bad. Microsoft made several design decisions
to "enhance" the user experience which have resulted in pretty much
every email virus and worm, ever. As an email client for people used
to Outlook Express, I heartily reccomend Mozilla Thunderbird
(http://www.mozilla.org/products/thunderbird/).
2) Use a good spamfilter to automate the process of sorting out junk
from your mail. After a little training, the Bayesian filter built-in
to Thunderbird works well enough for my purposes.
3) If you must use windows, firewalling and virus scanning are
essential. You seem to already have that part, plus a certain paranoia
about attachments that puts you well ahead of the curve.
4) Similar to #1, you should NEVER surf the web in Internet Explorer.
Again, this is primarily because Microsoft chose to include features
(ActiveX controls in web pages) that have led to an unmanagable number
of security problems. Firefox (http://www.getfirefox.com) is a
wonderful alternative browser for Windows users, and will be available
to you on other platforms if you ever choose to switch to an OS less
beleagured by viruses, trojans, and spyware.
5) You seem appropriately paranoid about attachments, although I do
have to wonder what kind of message was sent to you that made yo uwant
to open "details.txt" in the first place. I think you will appreciate
an email client that shows you the file type and asks for confirmation
before launching an attachment, just like you might appreciate a web
browser that shows the file type and asks for confirmation before
launching a downloaded file.
6) With the filename you gave, it shouldn't be that hard to find some
notes on this virus with google.
7) When the system is running away with background processes like you
describe, use the task manager to find out which process is using the
resources. Use this information in your research for a fix.

-- 
Sean Blakey
Saint of Mild Amusement, Evil Genius, Big Geek
Python/Java/C++/C(Unix/Windows/Palm/Web) developer
quine = ['print "quine =",quine,"; exec(quine[0])"'] ; exec(quine[0])