Hallmark E cards attack

Charles Jones charles.jones at ciscolearning.org
Mon Nov 24 06:40:49 MST 2008


I downloaded and tried the Avast! BART cd on a "hallmarked" machine, and 
it didn't detect anything. Maybe it didn't have the newest signature 
files. IMO UBCD4WIN is better as it has multiple antivirus and 
anti-spyware programs, including the ability to update the antivirus 
signatures from the internet (it updates them on the ramdisk). It's all 
in vain, as no matter how many times I tell windows users not to click 
on .exe and .vbs files they get in their email, they do it anyway. *sigh*

-Charles

Ryan Rix wrote:
> Hi,
>  
> I use AVAST BART cd for my recovery. It's not a full XP live cd, only 
> boots to a minimal 98 or so install, no start menu or anything; it 
> provides a cmd prompt with check disk and such, and AVAST AV, and some 
> other disk utils, including a registry editor.
>  
> Of course it's neither free nor Free... :(
>  
> ~Ryan
>
> On Thu, Nov 20, 2008 at 9:04 AM, Charles Jones 
> <charles.jones at ciscolearning.org 
> <mailto:charles.jones at ciscolearning.org>> wrote:
>
>     I gave him a copy of a bootcd that I found somewhere some time ago,
>     "UBCD4WIN". It boots a live-cd of WindowsXP from a CD, and also
>     contains
>     various anti-virus and anti-spyware tools and utilities. So you boot
>     from the CD and since its a liveCD you can safely connect to the
>     network
>     and update the AV signatures before doing a scan and clean. Pretty
>     handy
>     for fixing winblows issues.
>
>     -Charles
>
>     Stephen wrote:
>     > a bootable AV screen is probably going to be needed, you may
>     find some
>     > specific tools on mcaffe and symantec sites.
>     >
>     > On Thu, Nov 20, 2008 at 8:55 AM, Charles Jones
>     > <charles.jones at ciscolearning.org
>     <mailto:charles.jones at ciscolearning.org>> wrote:
>     >
>     >> What all is involved in the fix? One of my co-workers
>     apparently got his
>     >> laptop zapped by it. From what he said it infects the
>     winlogon.exe, so not
>     >> only do you have to clean the virus from loading, but you have
>     to replace
>     >> the winlogin.exe with a known good copy.  What a pain.
>     Personally I cannot
>     >> believe that any mail filters still allow .exe file
>     attachments, or that
>     >> people would actually run a .exe file they received in email!
>     >>
>     >> ----- Original Message -----
>     >> From: Jamie Shackles
>     >> To: plug-discuss at lists.plug.phoenix.az.us
>     <mailto:plug-discuss at lists.plug.phoenix.az.us> ;
>     arnoldwilliams at cox.net <mailto:arnoldwilliams at cox.net> ; ricky b
>     >> ; Jill Bain ; Ricky Bezanson ; fernalena golding ; RUDY H ;
>     Vince None ;
>     >> Joey Prestia
>     >> Sent: Tuesday, November 18, 2008 8:21 PM
>     >> Subject: Hallmark E cards attack
>     >> I don't know if anyone else has been receiving these ehallmark
>     postcards,
>     >> but *don't open it*  I have been getting about 3 a day, but I
>     saw them for
>     >> what they were worth, and have not opened them.  My parents, on
>     the other
>     >> hand, did open it and it took a good 3 hours to fix the
>     computer.  Nasty
>     >> nasty virus!
>     >>
>     >> ~ Jamie
>
>     ---------------------------------------------------
>     PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
>     <mailto:PLUG-discuss at lists.plug.phoenix.az.us>
>     To subscribe, unsubscribe, or to change your mail settings:
>     http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>     <http://lists.plug.phoenix.az.us/mailman/listinfo/plug-discuss>
>
>
>
>
> -- 
> Thanks and best regards,
> Ryan Rix
> TamsPalm - The PalmOS Blog
> (623)-239-1103 <-- Grand Central, baby!
>
> Jasmine Bowden - Class of 2009, Marc Rasmussen - Class of 2008, Erica
> Sheffey - Class of 2009, Rest in peace.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.PLUG.phoenix.az.us/pipermail/plug-discuss/attachments/20081124/57fefb8a/attachment.htm 


More information about the PLUG-discuss mailing list