[OT] odd 'virus-like' behaviour

Karen,
We're looking into the Friendly Greetings issue. I forwarded the Remove Instructions to our Network Admin. to see if that cleans it up.

Troy

----- Original Message -----
From: Karen Brodniak
To: vantage@yahoogroups.com
Sent: Wednesday, November 13, 2002 11:31 AM
Subject: RE: [Vantage] [OT] odd 'virus-like' behaviour


This sounds like the virus-like problem we had a couple weeks ago with the
Friendly Greetings cards. That problem was putting porn links on the PC's.
Check through the mail on the Vantage groups and look for a link that has
instructions to remove this program and clean your disk. I think it was on
the McAfee website. I followed the instructions and haven't found any porn
on my computer (yet!)

Karen Brodniak
Accounting Manager
Phone: 425-742-7011 x44
Fax: 425-353-8945
karen.brodniak@...

-----Original Message-----
From: Troy Funte [mailto:tfunte@...]
Sent: Tuesday, November 12, 2002 5:17 PM
To: Vantage
Subject: [Vantage] [OT] odd 'virus-like' behaviour

I wonder if anyone can give me some help here...

This afternoon I went to the mapped Epic51 folder on the server. Besides
the usual four folders (Vantage, Progress, Vntgtrn, and Vntgsts), there were
also three 'new' files. Two of them were shortcuts to a particular porn
site. The shortcuts I could delete. The third file has no visible name. It
just sits there. I can't delete it. I can't rename it. I can't change
it's properties. From a PC mapped to the folder, if I right-click on it and
select properties it says that it is a folder with 8.8GB of 2100 files in 7
folders. This nearly matches (the size on disk bytes does not match) the
information you get when you select properties on the Epic51 folder.

We ran McAfee with the latest DAT on those folders/files but it says there
is no virus. Does anyone have a clue what is going on and how to get rid of
it?

How these files got there I suspect a virus on a user's PC. How to get rid
of the third file, I have no clue.

Troy Funte
Liberty Electronics



[Non-text portions of this message have been removed]


Useful links for the Yahoo!Groups Vantage Board are: ( Note: You must have
already linked your email address to a yahoo id to enable access. )
(1) To access the Files Section of our Yahoo!Group for Report Builder and
Crystal Reports and other 'goodies', please goto:
http://groups.yahoo.com/group/vantage/files/.
(2) To search through old msg's goto:
http://groups.yahoo.com/group/vantage/messages
(3) To view links to Vendors that provide Vantage services goto:
http://groups.yahoo.com/group/vantage/links

Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service
<http://docs.yahoo.com/info/terms/> .


[Non-text portions of this message have been removed]


Useful links for the Yahoo!Groups Vantage Board are: ( Note: You must have already linked your email address to a yahoo id to enable access. )
(1) To access the Files Section of our Yahoo!Group for Report Builder and Crystal Reports and other 'goodies', please goto: http://groups.yahoo.com/group/vantage/files/.
(2) To search through old msg's goto: http://groups.yahoo.com/group/vantage/messages
(3) To view links to Vendors that provide Vantage services goto: http://groups.yahoo.com/group/vantage/links

Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.


[Non-text portions of this message have been removed]
I wonder if anyone can give me some help here...

This afternoon I went to the mapped Epic51 folder on the server. Besides the usual four folders (Vantage, Progress, Vntgtrn, and Vntgsts), there were also three 'new' files. Two of them were shortcuts to a particular porn site. The shortcuts I could delete. The third file has no visible name. It just sits there. I can't delete it. I can't rename it. I can't change it's properties. From a PC mapped to the folder, if I right-click on it and select properties it says that it is a folder with 8.8GB of 2100 files in 7 folders. This nearly matches (the size on disk bytes does not match) the information you get when you select properties on the Epic51 folder.

We ran McAfee with the latest DAT on those folders/files but it says there is no virus. Does anyone have a clue what is going on and how to get rid of it?

How these files got there I suspect a virus on a user's PC. How to get rid of the third file, I have no clue.

Troy Funte
Liberty Electronics



[Non-text portions of this message have been removed]
This sounds like the virus-like problem we had a couple weeks ago with the
Friendly Greetings cards. That problem was putting porn links on the PC's.
Check through the mail on the Vantage groups and look for a link that has
instructions to remove this program and clean your disk. I think it was on
the McAfee website. I followed the instructions and haven't found any porn
on my computer (yet!)

Karen Brodniak
Accounting Manager
Phone: 425-742-7011 x44
Fax: 425-353-8945
karen.brodniak@...

-----Original Message-----
From: Troy Funte [mailto:tfunte@...]
Sent: Tuesday, November 12, 2002 5:17 PM
To: Vantage
Subject: [Vantage] [OT] odd 'virus-like' behaviour

I wonder if anyone can give me some help here...

This afternoon I went to the mapped Epic51 folder on the server. Besides
the usual four folders (Vantage, Progress, Vntgtrn, and Vntgsts), there were
also three 'new' files. Two of them were shortcuts to a particular porn
site. The shortcuts I could delete. The third file has no visible name. It
just sits there. I can't delete it. I can't rename it. I can't change
it's properties. From a PC mapped to the folder, if I right-click on it and
select properties it says that it is a folder with 8.8GB of 2100 files in 7
folders. This nearly matches (the size on disk bytes does not match) the
information you get when you select properties on the Epic51 folder.

We ran McAfee with the latest DAT on those folders/files but it says there
is no virus. Does anyone have a clue what is going on and how to get rid of
it?

How these files got there I suspect a virus on a user's PC. How to get rid
of the third file, I have no clue.

Troy Funte
Liberty Electronics



[Non-text portions of this message have been removed]


Useful links for the Yahoo!Groups Vantage Board are: ( Note: You must have
already linked your email address to a yahoo id to enable access. )
(1) To access the Files Section of our Yahoo!Group for Report Builder and
Crystal Reports and other 'goodies', please goto:
http://groups.yahoo.com/group/vantage/files/.
(2) To search through old msg's goto:
http://groups.yahoo.com/group/vantage/messages
(3) To view links to Vendors that provide Vantage services goto:
http://groups.yahoo.com/group/vantage/links

Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service
<http://docs.yahoo.com/info/terms/> .


[Non-text portions of this message have been removed]
I saw this on a customer's server. The directory and file names were
high-bit characters. It appeared to me that the hack ran a application
that caused it to create random files until the hard drive filled to
capacity. It also put the same files on another partition. It then
blue-screened the server. I was able to delete the directory, but I
don't think that was all that should have been done. The problem went
away after a few days when the hard drive failed.

If you want, I'll e-mail a screen shot of the root directory to you so
you can see what it looked like before I deleted them.


Troy Funte wrote:

>I wonder if anyone can give me some help here...
>
>This afternoon I went to the mapped Epic51 folder on the server. Besides the usual four folders (Vantage, Progress, Vntgtrn, and Vntgsts), there were also three 'new' files. Two of them were shortcuts to a particular porn site. The shortcuts I could delete. The third file has no visible name. It just sits there. I can't delete it. I can't rename it. I can't change it's properties. From a PC mapped to the folder, if I right-click on it and select properties it says that it is a folder with 8.8GB of 2100 files in 7 folders. This nearly matches (the size on disk bytes does not match) the information you get when you select properties on the Epic51 folder.
>
>We ran McAfee with the latest DAT on those folders/files but it says there is no virus. Does anyone have a clue what is going on and how to get rid of it?
>
>How these files got there I suspect a virus on a user's PC. How to get rid of the third file, I have no clue.
>
>Troy Funte
>Liberty Electronics
>
>
>
>[Non-text portions of this message have been removed]
>
>
>
>Useful links for the Yahoo!Groups Vantage Board are: ( Note: You must have already linked your email address to a yahoo id to enable access. )
>(1) To access the Files Section of our Yahoo!Group for Report Builder and Crystal Reports and other 'goodies', please goto: http://groups.yahoo.com/group/vantage/files/.
>(2) To search through old msg's goto: http://groups.yahoo.com/group/vantage/messages
>(3) To view links to Vendors that provide Vantage services goto: http://groups.yahoo.com/group/vantage/links
>
>Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
>
>
>
>
>

--
John Himebaugh, MIS
InterOcean Systems, Inc.
3540 Aero Court
San Diego, CA 92123
Voice: 858.565.8400
Fax: 858.268.9695