[hovs12]

hello,

i bought my laptop with norton antivirus 2005 preinstalled. it was running fine until yesterday. My wife opened an email with an attachment called be_not_jealous.
It was a text file saying "Sorry". Afterwards we ran a scan to see if it was a virus.

Norton did not find a thing. this morning i thought i would try another scan.
Norton does not start. I got an error telling me it was corrupt of had files missing. Needed to be reinstalled. I tried and tried and i keep getting the same message.

Any help would be much appreciated.

Also, i can not go to symantec's website for help.

thks,
Hov

[Advertisements]

If you can, run Panda scan

Panda Scan

Panda should auto-clean

[Retired Tech]

If you can, run Panda scan

Panda Scan

Panda should auto-clean

[hovs12]

tks Keith. I used another online antivirus.
Was infected with Bagle.bh

it attacks Norton and a few other antivirus programs as weel as not giving access to their websites.

once i removed it, norton seems to working well.

hov

[Retired Tech]

Which one did you use

[Bizerk88]

I just got an email to and it was from someone named 'bizerk' and thats my most commen name and i opened it. i know a bit about networking... ill leave it at that. anyway he didnt have an X-Originating IP so i knew it had been forged. and the originating IP's that it had were counterflicting. then i ran a search for the attachment "be_not_jealous.zip" and i got this thread. what most made me wonder was that it was from "[email protected]" and i have an aol account thats Bizerk88. very odd. and my hotmail, on which i got it, is also called bizerk. i wonder if this is from a hijacked computer or not, because if it is ill inform the person some how. if its not... then i dont know.
-biz

[gotoakandfreeze]

Hello,

I have the same thing happening.

I will tell you that I am pretty sure I got it from:

http://unknownorigin...ezik/ntuser.avi

That is the last thing I clicked before my firewall blew up, then the e-mail with Be_not_jealous.zip with contents of my desktop.

It spoofed (prolly): mailto:[email protected]

That guy and the site are real.

Let me know what you think. I finally completed a pandascan without a blue screen of death. I have yet to find anything other than very slow running and several DOS (65.61.181.240) too many port scans to mention, and 13 trojan active aimspy's (in a minute or so) from pubcu-akamai-vip.conxion.com.

It could be a grand coincidence, but I doubt it.

Something is deleting my help files after I use them. Many bad blocks on my HD.

Spybot is clean over and over again.

Nortons is clean every time. Every online scan is clean.

Just because I am paranoid doesn't mean they aren't after me!

Help!

-freeze

[hailey]

i see im not the only 1 that opened this darn email Be_not_jealous up...i found it in my junk mail last night and opened it...the sender was [email protected] used my name and it really thru me off....so like a dummy i opened it...i tired 2 get it off but couldnt....finally 2day i went online and purchased Xoftspy and it removed it all...so let us all learn a lesson ... NEVER open up a email from some1 u dont know even if that some1 is u (in my case) lol...tc...hagd ev1

[gotoakandfreeze]

Well,

I tried Xoftspy... nothing. I guess it is possible that I don't have anything. Odd how many BSOD's and trojan attacks I got. Plust there is the whole mail that got sent.

Anyone have suggestions?

-freeze

[Bizerk88]

Hmm this is interesting. as what it seems it gives you an email from one like/similar to yours... clever. okay, a note to all you noobs out there: when you get an email like this one search on ask jeeves or something. i found this thread by doing that and i saw someone else had opened it and screwed themselves. i cant think of how they got my email. its my private one that i dont give out often... alright, this looks fairly new because of norton failing and yadda yadda. i suggest that you update your virus protection. anyone want to help track this down?

[gotoakandfreeze]

The saga continues...

Today Norton's found 2 spyware.perfect files, but could not delete them. My auto update is broken, and I can't reinstall.

I manually deleted those files.

Fun stuff!

[gotoakandfreeze]

Also... The bottom two lines of my msconfig/startup are text boxes where the name of the service should be, that point somewhere in HKCU/Windows NT/...
I went there, but didn't see anything obvious, but I am clueless.

Lates...

[starjax]

there are several new viri out doing this. very similar to the bagel virus.
W32.MYtob.... vith varients. however symantec does have a cleaner and defs for it.

Description: Trojan.Tooso.F is a Trojan horse that interferes with the operation of security software by terminating processes, stopping services, removing registry entries, and deleting files. This Trojan is similar to W32.Beagle@mm but it does not send emails.

the alert for this one came out on april 16th, and at that time symantec did not have virus signatures for it.

and after a bit of searching:

W32.Beagle.BP@mm is a mass-mailing worm that uses its own SMTP engine to send out copies of a Trojan.Tooso variant. The worm also opens a back door on the compromised computer on TCP port 80.

more info here


First rule of thumb is to never open an attachment from someone you don't know.

Second rule is to run WindowsUpdates. these take advantage of an unpatched system... of course once you open the attachment you become infected. by being patched you prevent it from spreading.

also, regarding email spoofing, a good host (provider of your email) will not allow delivery of messages not sent specifically to you. for example some providers will allow anything addressed to username*wildcard*@host.com. for example bizek88 is getting everything with bizek in the address. Good providers don't allow that. Infact i switched host providers for my website for this very reason.

hope this helps.

Starjax