KCNET NEWSLETTER 10/26/03 TECHNICAL PAGE
VIRUS AND OTHER STINKY STUFF TECHNICALLY SPEAKING INTERESTING SITES
VIRUS AND OTHER STINKY STUFF Redline - WORM_REDIST.E WORM_REDIST.E is a non-destructive worm that spreads via email using Microsoft Outlook, and via peer-to-peer (P2P) file-sharing networks. It also has password-stealing capabilities. It runs on Windows 95, 98, ME, NT, 2000, and XP. Upon execution, this worm displays the following message box: Error Starting Program A required .DLL file, MSVBM60.DLL, was not found. It drops the following copies of itself into the Windows folder: * Ircskins.skn * Msgsf32.exe * Msipxc32.exe * Scrset32.scr * Winscz32.exe * Winsetr32.exe It drops the following copies of itself into the Windows system folder: * Icmpmgr32.exe * Lnkscrc32.scr * Msgmain32.exe * Msgsvc32.pif * Msrun32.exe * Svcmsg32.pif * Winlnkf32.pif It drops the following copy into the Startup folder: * Startw32.pif The worm creates registry entries that allow its dropped copy, WINSCZ32.EXE, to execute at every Windows startup. This worm propagates by sending a copy of itself to all email addresses found in the infected users' address book. It uses Microsoft Outlook (MAPI) to send email with varying details. A sample of the email it sends, are as follows: Subject: A new screensaver Message Body: Take a look at this new screensaver in the attachments that I downloaded from the internet a while ago. If you like it, try setting it as your system screensaver :) Cya! Attachment: 3DFish.scr Subject: Your file Message Body: Here is that file that you asked for (in the attachments). Sorry that I sent it late, I had trouble finding it on the computer. Attachment: Picture2.pif This worm also attempts to propagate to other P2P and chat clients. To do so, it drops the following copies of itself: * Bruce Almighty (Downloader).pif * Legally Blonde 2 (Downloader).pif * Movie - Finding Nemo (Downloader).pif * Movie - Terminator 3 (Downloader).pif * Movie - The Hulk (Downloader).pif * Movie - The Italian Job (Downloader).pif * Sinbad - Legend of the Seven Seas (Downloader).pif into the following paths, if they exist: * %Program Files%\BearShare\Shared * %Program Files%\Grokster\My Grokster * %Program Files%\ICQ\Shared Files * %Program Files%\Kazaa Lite\My Shared Folder * %Program Files%\Kazaa\My Shared Folder * %Program Files%\KMD\My Shared Folder * %Program Files%\Limewire\Shared * %Program Files%\Morpheus\My Shared Folder * %Program Files%\Overnet\Incoming * %Program Files%\Rapigator\Share * %Program Files%\Shareaza\Downloads * %Program Files%\Tesla\Files * %Program Files%\WinMX\My Shared Folder * %Program Files%\XoloX\Downloads This worm also drops randomly named files into the following paths: * \My Music * \My Documents\My Music This worm also attempts to capture and send cached passwords to a remote malicious user. This function only applies on systems running Windows 95 and 98, since the API used is not available on NT-based systems. It appears that the information is being sent to the following email address: Zed_rRlf@hotmail.com
IF YOU SUSPECT THAT YOU HAVE A VIRUS OR IF YOU HAVE NOT SUCCESSFULLY SCANNED YOUR DRIVES FOR VIRUSES LATELY... THEN THE NEXT SUGGESTION IS FOR YOU. Free Virus scan. Trend Micro, more commonly referred to as Housecall, offers free virus scans and in most cases can fix damage down by a virus or worm that your computer may have contacted. The program works well. The first time one uses the free program it is necessary to download a small program. Trend Micro walks you through the process. Then the virus scans are quite simple for each return. You should disable any anti virus program that you have running. If you do not have a virus program I recommend that you use this program first and then download one of the free programs listed above of install any anti virus program you have purchased. Go to http://housecall.antivirus.com/ then choose the link "Scan without registering". Follow the directions.
Free Virus programs to download Quite a few KCnet members use these programs and like them. Be careful if you download a virus program and you already have one installed on your computer. You need to at least disable the program already installed. http://www.grisoft.com/us/us_dwnl_free.php Another good free program to take a look at is: http://www.free-av.com/
10 Most Prevalent Viruses Surveyed by Trend Micro US for October 6 - October 12. 1. TROJ_ISTBAR.B 2. WORM_SWEN.A 3. TROJ_QHOSTS.A 4. WORM_NACHI.A 5. BKDR_SDBOT.441B1 6. ADW_TENGET.A 7. WORM_MSBLAST.C 8. WORM_MSBLAST.A 9. WORM_KLEZ.H 10. WORM_FRIENDGRT.A
Tried and Untrue Viruses Believe it or not, the amount of harm done by sending false computer virus alarms to your thousand closest friends can be just as damaging as the alleged virus (if it even exists!); if you remember the story of the boy who cried wolf, you understand why. If you think you've got the scoop on the latest new devastating virus, check it out at the Web sites below before taking it on yourself to alert the world. If the virus is as terrible as you think it is, odds are the virus fighters already know about it and -- good news here! -- your antivirus software provider probably knows about it too and already has an update for it. Here are a few sites of many that can help you determine if an email is a hoax or real. http://www.snopes.com/ http://www.urbanlegends.com/ulz/ http://hoaxbusters.ciac.org/HBHoaxIndex.html http://vil.nai.com/VIL/hoaxes.asp http://kumite.com/myths/ http://www.symantec.com/avcenter/hoax.html http://www.scambusters.org/VirusHoaxes.html
TECHNICALLY SPEAKING: New Google Options From a recent Langalist. One of the things I like about Google is that the folks there keep improving it--- but without taking themselves too seriously. For example, if you go to the "Google Technology" explanation on their site, you see the internal working of the Google search engine on display--- hordes of trained pigeons sitting in front of web browsers, pecking away at special keyboards. The site supposedly tracks the performance of the Google pigeons by monitoring "wingspan versus beak speed, in pecks per second." http://www.google.com/technology/pigeonrank.html Yes, it's very silly, but I think it's a good sign if someone--- a person or a corporation--- can do very good work *and* still have enough creative spark left over for humor. To me, it suggests a kind of intellectual vitality that's as welcome as it is rare. Google has recently offered more customizations, letting you alter the search engine's interface. But, as is often the case the Google, not only is this change functional and serious, but it also has optional elements that are... well, check this out: Hi Fred, Just a note to thank you for the wonderful newsletter you have. I subscribe to your free edition and it is great. I am a very fond user of Google search engine and use it for searching anything I need on the internet; my friends know this and they played a prank on my just the other day. I was away from my desk and they came in and changed my personal preferences on Google. Apparently there is a preference setting on the language you choose to see your google page in.... they set mine to "Elmer Fudd". Needless to say - I was initially shocked then loved the new language setting. You should try this - there is pig-latin, elmer fudd, and many languages set up that just take the edge off a hard work day. Regards, Paraag Suchak Thanks, Paraag. Indeed, among the many (about 90!) purely serious, fully-functional language preference options--- everything from Afrikaans to Zulu--- you'll also find Klingon, "bork bork bork," pig latin, elmer fudd, and more. I suppose Dwarf and Elvish won't be far behind...
HOW FAST (OR SLOW) IS YOUR CONNECTION? Kim Komando suggestion. Stop wondering. If you want a real-time readout on your Internet connection, check with the measuring services on the Web. Here are two places to run tests for free: Bandwidth Place: http://bandwidthplace.com/speedtest/ Broadband Reports: http://www.dslreports.com/stest
NEED SOME SCREEN SHOTS? Another one from Kim. I received this question via e-mail the other day. "How can I take pictures of what I see on the screen and put those in a Microsoft Word document?" Easy! Press the Print Screen (or PrtScn) key on your keyboard. This places a copy of the entire screen on the Windows Clipboard. To capture only the current active window, press the ALT + Print Screen keys. To paste the image into a document, select Edit from Word's menu and Paste. This tip works in Excel, FrontPage, Outlook, PowerPoint and Publisher, too. There are software programs you can buy that allow you to do more, such as save the shots in different file formats. Before you go buy a program, though, here are a few free ones to try: PrintScreen -- http://www.gadwin.com/printscreen/ HoverSnap -- http://www.hoverdesk.net/freeware.htm
Ken Condo came upon a good Print Screen program and we explored it in the Users Class a few months ago. It was featured in the very next issue of the KCnet Newsletter . The program is called GrabClipSave. You can download this free program at http://www.boumchalak.net/Tools/GCS/gcs.html
This next one came from PC Magazine and is a question concerning a special kind of spam that members often ask KCnet techs. It is interesting. For the past month, I have been receiving e-mail with addresses similar to but not exactly mine in the To: field. Supposing my address were My_name1, I've received mail for My_name143, My_ name1guy, and other variations. These messages are all spam. I suspect that I may not be receiving mail properly addressed to me, but how can I find out? My ISP's customer service claims that this is not the company's problem. Friends have suggested that the spammer may be using a program that generates names in an incremental pattern, or that my ISP may be sending me mail for which the address is similar to mine but not the same. Any light you can shed on this will be appreciated. Jim Birdsall PC Mag responded: Unfortunately, your ISP is correct in stating that this particular problem is not its responsibility. The ISP is not sending you messages that are meant for someone else; all those pieces of spam are actually addressed to you. Spammers do indeed send e-mail to computer-generated lists of names. They typically put the names in the Bcc: (blind carbon copy) field, where those names can't be seen. But since a message with no name in the To: field can be instantly flagged as spam, they'll choose one name from the group for the To: field. As the names in the group are similar, it will seem that you have received mail that was addressed to someone whose address is similar to yours. It's possible that by switching from a national ISP to a small, local one you might get less of this automatically generated spam. But there's really no way to avoid this except to use a spam-filtering program.
Window States A great tip from Worldstart. Ever have a program that always starts in a "normal" state but you really want it maximized? Well, here's a little trick to help you do just that (and more) with a quick little bit of shortcut editing. Note: although this seems to work on most programs, sometimes you'll run across a program that just won't cooperate. 1. First, right-click the shortcut to the program and select Properties. 2. Under the Shortcut tab, you'll see a drop box labeled "Run." In that box, you'll find options to run the program as either Normal (it starts up at it's default size), Minimized (it starts up minimized to the toolbar), or Maximized (it starts up full screen). Select the start-up state you want and you're all set. I tried this with Internet Explorer to prevent the small browser window problem. It works when clicking the desktop or start menu shortcut, but if you open links in a new window (Shift+click) it will still default to the last window size you used.
Filmstrip View in XP This one also from Worldstart. I'm including it here for those who do not have Windows XP. Just look at one more feature you are missing. When Windows ME came on the scene it featured a cool folder view called "Thumbnail View" that displays all images as little thumbnails to make them easier to manage. Win XP expanded this feature, allowing us to add a picture to a file folder icon in thumbnail view (see archive for 7/31/03). In addition, XP has another view mode for pictures called "Filmstrip View". In the My Pictures folder, and its subfolders, you can see a "filmstrip" of images that scroll from left to right at the bottom of the window. In the upper part of the window is a preview pane where the image can be rotated clockwise or counter-clockwise. The thumbnails in the filmstrip work just like they do in thumbnail view. This saves having to open an image file in Picture viewer or some other imaging software to see a larger version of it. In addition, you can drag the corner of the window to make it bigger (or click the "Maximize" button)—the larger you make this window, the bigger the picture in the preview pane. Yet another little treat from Uncle Bill.
Here are the top Fifty Downloads for the week of October 10 from CNET. http://download.com.com/3101-2001-0-1.html Eventually, we all come face-to-face with the Windows blue screen of death and shed tears over lost e-mails and unrecoverable system files. This weekend's Download Dispatch helps avoid the misery with a good look at the top backup tools on Download.com. New Releases features a great work-productivity tool, and Top Movers strikes back with the Anti-Boss Key. Happy downloading! http://download.com.com/3120-20-0.html?qt=backup&tg=dl-20&search=+Go%21+
My new computer has Windows XP and I can't find "Hibernate" listed under the shut down options. What can I do? It's still there—so close that if it were a raccoon it'd bite ya! When you go to Start / Turn Off Computer (or from the desktop just hit Alt+F4) you will see three choices: Standby, Turn Off, and Restart. Now, hold down the Shift key and look what happens—"Standby" turns into "Hibernate". So what's the difference between "Standby" and "Hibernate" anyway? Why would you choose one over the other? In Standby your computer uses less power than when it's just sitting there not being used. It stays available for immediate use. The information in memory is not saved on your hard disk, so If the power gets interrupted, the information in memory is gone. Hibernate shuts down your computer after saving everything in memory to your hard disk. When you bring your computer out of hibernation, all programs and documents that were open are restored to your desktop. Now that you know how to hibernate XP you're ready for winter?
INTERESTING SITES: DO YOU OR A FAMILY MEMBER QUALIFY FOR FREE MEDICINE? This one from a Kim Komando Newsletter. Most drug manufacturers sponsor what's called "Patient Assistance Programs." These programs are intended to help those who otherwise can't afford prescription drugs. This could include those who do not have health insurance or seniors not covered by Medicare. If you are approved, they say it only takes two to three weeks to get medications. Two places to help you find patient assistance programs for which you or a family member may qualify are: http://www.helpingpatients.org/ http://freemedicineprogram.com/
FALL IS ALMOST HERE & YOU KNOW WHAT THAT MEANS Also from Kim Komando. We all need to consider the SHOT. You have reasons for not getting a flu shot, don't you? For example, you can get the flu from the shot, right? Wrong! The side effects are worse than the flu, correct? Get all the flu facts and find the location nearest you to get the shot here: http://www.findaflushot.com/lungusa/
Here is a cute one, tongue-in-cheek site, about flying today and choosing an airline company to do it with. Quite a few chuckles on this page. As a business person, you’re used to biting, scratching and clawing your way to what you want. Why should getting a seat on the airplane be any different? Introducing SkyHigh Airlines Challenge Seating. SkyHigh has created a seat-selection grudge match that will take your self-confidence from taxi to takeoff in just 100 feet! Equipped with only a chest protector, a length of rope and a mouth guard, you’ll be set loose out of our padded holding pen and down the jetway to get the seat you want...no deserve. SkyHigh Airlines Challenge Seating. http://www.skyhighairlines.com/main.asp
Strong Numbers This one from Amanda and it is a good one. This site calls itself the "Blue Book for Everything". I know that when you think Blue Book, you think vehicles. Well normally you would find your car or truck’s value in a blue book. At this site you can find the value for everything including Camera’s & Electronics, Toys & Games, Music & Instruments, and much more. So if you’ve got something you want to sell, you probably want to check here and see what it’s blue book value is. I’m adding this site to my favorites for the next time we have a garage sale. This would also be a good site for those of you who buy and sell on auction sites too. Check it out! http://www.strongnumbers.com/
US Lighthouses Another from Amanda. Lighthouses are both a beacon for ships coming home and the passion of many Americans. With this site you can definitely indulge in America’s history. View lighthouses from all 50 states, by state or by alphabetical listing. You can even find lighthouses near you that to visit. With a quick check of this site you can plan a fun fall trip. Check the "Lighthouse Event" section for events at lighthouses near you. With photos and descriptions you will learn what you need to know about lighthouses in the United States. Enjoy! http://www.us-lighthouses.org/
Medical History of American Presidents. I found this series of pages very interesting. (MLF) The coughs, cancers, and cures of the Presidents. Also: Vice-Presidents, English Royalty, and others. This website tabulates the illnesses of American Presidents and other notable people. Both laypersons and physicians will find it interesting. To get started, read Why do this? http://www.doctorzebra.com/prez/