Trojan viruses

[rwcanuck]

Lately my two computers sharing files and using ADSL for the internet have both been hit with different Trojan viruses mainly the onne called Bymers. I get rid of them thanks to Norton's and Innoculate T anti virus programs but I have had some files deleted mainly the shortcuts in Programs.

Questions: Can viruses be spread from playing TCP/IP games?

Does chatting on ICQ or in the Tournament House Chat for example spread viruses?

Just recently while I was playing a CM TCP/IP game on one computer while leaving the other computer on the T House chat that computer left on the chat got the Bymer virus and was detected and deleted by Nortons' Anti virus program.

I follow all the procedures to get rid of these viruses (sysedit, msconfig, regedit, etc) and by keeping my ant-virus programs up-to-date but they keep re-appearing.

Damn, these viruses are annoying.

[Guest Madmatt]

Normally posts about virusus would belong in the General Forum but you asked about CM. No you can't get a virus from a TCP/IP data packet (as what it is in CM) nor can you get one from just chatting online with someone UNLESS they send you a file or some very nasty Java style applet.

Viruses need a carrier of sorts and that is usualy a .exe, .doc or other type file that in itself can be executed on your system. That is waht triggers the virus to do its thing. Just plain old data broadcast can't really be the transmitter for a virus.

At least not yet...

Madmatt

[This message has been edited by Madmatt (edited 02-28-2001).]

[FFE]

Chiming in here:

There's a great online (FREE) virus/trojan horse detection site:

http://housecall.antivirus.com

You're not obligated to register before using their service. The sweet thing about using their site; their virus libraries are updated constantly.

Btw, you must have your java scripting turned on to use their program. If java is turned off, their virus checker will not initiate.

[GriffinCheng+]

Since Matt has not locked this one up, and this is not CERT, let me try.

There are quite a number of agents nowadays carry viruses and other malicous codes. However, I have yet to see such code pass around directly through TCP/IP like CM online code, except possibly tools like "Back Orfrice".

My advice is be very careful when opening files sent thru ICQ, chat and email.

As one of the countermeasures, add yourself a virus scanner and firwall for your PC usually helps. There are a number of such personal firewalls available, and I am using ZoneAlarm. Also even if you have these defense tools, make sure you upgrade them constantly as new upgrades help to keep your defense up to face latest threads.

Hope it helps.

Griffin.

------------------

"When you find your PBEM opportents too hard to beat, there is always the AI."

"Can't get enough Tank?"

[Subvet]

My wifes computer got nailed with that "bymer" torjan as well as a "network.vbs" one just recently. I removed them and haven't had any more problems with them. There is a file you can download and use to get rid of the "bymer" torjan here: http://www.antivirus.com/vinfo/security/fix_troj_bymer.zip

------------------

Craiger

All your victory flag are belong to me

[rwcanuck]

Thanks guys for all the valuable information.

I also heard that a personal firewall can be downloaded from http://www.freedom.net/

that can help.

Yes, the black orifice trojan can be delivered thru some online games..I received this virus I remember while playing Close Combat and that is why my concern with playing CM online.

RW

[Steve P]

It's definately worth getting ' ZoneAlarm' firewall software. Get it from www.zonealarm.com . It's free. There's also a new e-mail virus doing the rounds , 23kb in size, various different formats, this is an incurable virus. The first one was marked as something to do with snow white and the seven dwarfs, Basically, it seems to have been renamed as several different things, the main feature is that they are all 23kb. Don't open it people, it will bite you.

Steve P

[mensch]

Whats a virus? Gee I never had one on my mac.. well.. maybe in 1989 something called a MBDF or somefink.. but all it did was make my files bigger by a few kB an dats was it... got rid of it with a 100kb freeware virus scanner... since then nothing.. I would not call that a virus as much as a joke. *shrugs*

[Firefly]

I agree with you about Zone Alarm, an excellent piece of software. The Snow White thing is a virus, I received it about 5 times, but never opened it and eventually set up a rule to block the sending address. However it is a known virus, I forget the name, and is detectable and curable by most virus checkers.

[Sten]

The original name was Kournikova, I think. Norton got a good page on that virus.

Sten

[Juardis]

I have zonealarm as well. But I have to disable it whenever I play online games. I also have to allow Yahoo Messenger, IE5.5, Outlook Express, etc to go through the firewall. So how does a firewall prevent getting viruses from programs you allow to run through it?

------------------

Jeff Abbott

[Guest wwb_99]

One great, free, quick & easy way to insulate yourself from modern virii is to disassociate the .vbx extension. The reason this is so that nearly all modern virii are written in visual basic scripting language, which has little beneficial use in windows. To disassociate this file type

1) Open Windows Explorer

2) Go to View-Folder Options and choose the 'File Types' tab

3) Scroll down to the VB Script XXXXX entries.

4) Click on remove, and confirm your decision.

Also, when making a fresh install, I highly reccomend NOT installing the windows scripting host. It is the back end for all of these nasty VB scripts.

WWB

------------------

Before battle, my digital soldiers turn to me and say,

Ave, Caesar! Morituri te salutamus.

[Firefly]

Sten - No the Kournikova virus was different from the Snow White thing.

Juardis - A firewall won't prevent you getting a virus, what it will do is prevent most people accessing your computer whilst you are on line. The way a trojan works is that it hides on your computer and the hacker can access it to gather details of things like passwords and account numbers. The firewall stops that access in most cases (nothing is perfect). To not get a virus in the first place get a virus checker and update the virus definitions regularly.

[Ellros]

I also use Zonealarm, but it can be set up to allow you to play a TCP/IP game with somone while still remaining active, and thus preventing anyone else from getting access into your PC.

Just insert your opponent's IP number via the Security advanced tab.

------------------

"Mo matter where you go, there you are"

[GriffinCheng+]

Yes, firewalls do not block virus and trojan horse. Like I have said, you also need a virus scanner.

The firewalls do however, especially ZoneAlarm, forbid unauthorized internet/intranet traffic in AND out of your computer. However, you need to have a little policy on what is allowed to go and what not. Most important is, make sure you stick with it. I block that stupid Windows Media Player Update Manager from accessing the net, for example. If you wanna play on-line games, don't disable the firewall, let that particular application pass.

Griffin.

------------------

"When you find your PBEM opportents too hard to beat, there is always the AI."

"Can't get enough Tank?"

[Juardis]

Originally posted by Ellros:

I also use Zonealarm, but it can be set up to allow you to play a TCP/IP game with somone while still remaining active, and thus preventing anyone else from getting access into your PC.

Just insert your opponent's IP number via the Security advanced tab.

Hmmm, will have to try again. First few times it didn't work for me. Thanks.

[Subvet]

I always play CM while ZoneAlarm is running. I've never run into a problem with it.

------------------

Craiger

All your victory flag are belong to me

[RCHRD]

Hey thanks guys. I'm not very computer literate and this info is very useful to me. Richard