Hallmark E cards attack
Charles Jones
charles.jones at ciscolearning.org
Mon Nov 24 06:40:49 MST 2008
I downloaded and tried the Avast! BART cd on a "hallmarked" machine, and
it didn't detect anything. Maybe it didn't have the newest signature
files. IMO UBCD4WIN is better as it has multiple antivirus and
anti-spyware programs, including the ability to update the antivirus
signatures from the internet (it updates them on the ramdisk). It's all
in vain, as no matter how many times I tell windows users not to click
on .exe and .vbs files they get in their email, they do it anyway. *sigh*
-Charles
Ryan Rix wrote:
> Hi,
>
> I use AVAST BART cd for my recovery. It's not a full XP live cd, only
> boots to a minimal 98 or so install, no start menu or anything; it
> provides a cmd prompt with check disk and such, and AVAST AV, and some
> other disk utils, including a registry editor.
>
> Of course it's neither free nor Free... :(
>
> ~Ryan
>
> On Thu, Nov 20, 2008 at 9:04 AM, Charles Jones
> <charles.jones at ciscolearning.org
> <mailto:charles.jones at ciscolearning.org>> wrote:
>
> I gave him a copy of a bootcd that I found somewhere some time ago,
> "UBCD4WIN". It boots a live-cd of WindowsXP from a CD, and also
> contains
> various anti-virus and anti-spyware tools and utilities. So you boot
> from the CD and since its a liveCD you can safely connect to the
> network
> and update the AV signatures before doing a scan and clean. Pretty
> handy
> for fixing winblows issues.
>
> -Charles
>
> Stephen wrote:
> > a bootable AV screen is probably going to be needed, you may
> find some
> > specific tools on mcaffe and symantec sites.
> >
> > On Thu, Nov 20, 2008 at 8:55 AM, Charles Jones
> > <charles.jones at ciscolearning.org
> <mailto:charles.jones at ciscolearning.org>> wrote:
> >
> >> What all is involved in the fix? One of my co-workers
> apparently got his
> >> laptop zapped by it. From what he said it infects the
> winlogon.exe, so not
> >> only do you have to clean the virus from loading, but you have
> to replace
> >> the winlogin.exe with a known good copy. What a pain.
> Personally I cannot
> >> believe that any mail filters still allow .exe file
> attachments, or that
> >> people would actually run a .exe file they received in email!
> >>
> >> ----- Original Message -----
> >> From: Jamie Shackles
> >> To: plug-discuss at lists.plug.phoenix.az.us
> <mailto:plug-discuss at lists.plug.phoenix.az.us> ;
> arnoldwilliams at cox.net <mailto:arnoldwilliams at cox.net> ; ricky b
> >> ; Jill Bain ; Ricky Bezanson ; fernalena golding ; RUDY H ;
> Vince None ;
> >> Joey Prestia
> >> Sent: Tuesday, November 18, 2008 8:21 PM
> >> Subject: Hallmark E cards attack
> >> I don't know if anyone else has been receiving these ehallmark
> postcards,
> >> but *don't open it* I have been getting about 3 a day, but I
> saw them for
> >> what they were worth, and have not opened them. My parents, on
> the other
> >> hand, did open it and it took a good 3 hours to fix the
> computer. Nasty
> >> nasty virus!
> >>
> >> ~ Jamie
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> <mailto:PLUG-discuss at lists.plug.phoenix.az.us>
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
> <http://lists.plug.phoenix.az.us/mailman/listinfo/plug-discuss>
>
>
>
>
> --
> Thanks and best regards,
> Ryan Rix
> TamsPalm - The PalmOS Blog
> (623)-239-1103 <-- Grand Central, baby!
>
> Jasmine Bowden - Class of 2009, Marc Rasmussen - Class of 2008, Erica
> Sheffey - Class of 2009, Rest in peace.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.PLUG.phoenix.az.us/pipermail/plug-discuss/attachments/20081124/57fefb8a/attachment.htm
More information about the PLUG-discuss
mailing list