Email Virus - A community message brought to you by Brian McKee

[Guest guest]

Dear All

Please be especially vigilant in opening any email message in the

next few days.

If you get email messages from anyone close to you or in your email

address book , but the subject line looks suspicious, PLEASE DO NOT

OPEN . That's my 2 cents, but here is the science behind it - thanks

to our own Brian.

JAI MAA

Nanda

================================================

 

EMAIL Virus?

 

Today in my email inbox I received what I believe is a Windows Virus

(specifically a worm).

 

Its from: devimandir

The subject of the email is: Mail Delivery System

 

It has an attachment called document.zip which also likely contains

the worm.

 

The from is obviously forged. chandi.org is hosted by a machine at:

IP 82.165.129.89, and the header indicates a different server sent

the file (see below).

 

I don't know which worm it is (my guess is sasser or its

derivatives)

because I run linux and am unaffected by such things.

 

If you receive such a message, DO NOT OPEN IT. Opening or even

viewing

it could infect you if you don't have the latest patches from

Microsoft.

If you do open it, download an Anti-virus software (see below) and

clean

your system right away.

 

Someone who has my email address in their (possibly Outlook) address

book is infected and their computer has become a spreader of this

worm.

 

It may have come from this computer:

 

nslookup 59.163.146.155

Server: 192.168.0.254

Address: 192.168.0.254#53

 

Non-authoritative answer:

155.146.163.59.in-addr.arpa name =

59.163.146.155.static.vsnl.net.in.

 

Authoritative answers can be found from:

163.59.in-addr.arpa nameserver = ns3.vsnl.com.

163.59.in-addr.arpa nameserver = dns.vsnl.net.in.

dns.vsnl.net.in internet address = 202.54.1.30

ns3.vsnl.com internet address = 203.197.12.42

 

So, if your computer is on the subdomain vsnl.net.in or vsnl.com,

AKA

TATA indicom, then it could be you.

 

The best way to rid yourself of the worm is to install a good

anti-virus

program.

 

There is a free one, called AVG which is pretty good according to my

friends, available at http://www.grisoft.com. Its a bit of a maze to

download the free version, but look for it, its there.

 

Once you install AVG run it, allow it to update and then see if it

can

clean your system. If it can't you will need to boot in safe mode

and

run it again.

 

To boot in safe mode, reboot your machine and just after the "Post"

screen disappears and you see the text "Loading Windows" press the

F8

key. This will take you to a special boot menu where you can choose

safe

mode.

 

Once you boot in safe mode, run AVG again and attempt to clean your

system. If it still can't, then you're going to have to get some

help

from a local nerd... Long distance nerding is difficult...

 

This has been a Devi Mandir Community announcement brought to by by

California Nerd #6.5536E07, Brian McKee