Skip to comments.
Chronic W32.Swen Virus Attack - Anyone Else Getting It?
The Vanity Virus Times
| 10/22/03
| Michael
Posted on 10/22/2003 12:44:35 PM PDT by Wright is right!
I am currently getting about 20 emails a day with the W32.Swen.A@mm virus, which Norton is heading off at the pass, but it's still annoying because everytime it happens, Norton A/V covers up most of my screen with a billboard proudly announcing that it's nipped a virus in the bud and would I like to quarantine it. It says ON the billboard, "We recommend that you let us quarantine all of the infections automatically," but there is no way to make the process automatic. You have to manually approve each quarantine.
This virus, which I don't recall seeing anything about, either here on FR or in the media, has been hitting me fast and furious via email for the last month or so, 20-30 per day. Anyone else getting it?
And does anyone have a way of making Norton Anti-Virus 2002 quarantine auto instead of having it interrupt me every time a virus comes in?
Michael
TOPICS: News/Current Events
KEYWORDS: lowqualitycrap; microsoft; virus; w32swen; windows
Navigation: use the links below to view more comments.
first 1-20, 21-26 next last
To: Wright is right!
I'd be interested in the responses, too. I'm getting the same damned thing on mine.
2
posted on
10/22/2003 12:46:09 PM PDT
by
sinkspur
(Adopt a dog or a cat from a shelter! Save a life, and maybe you'll save your own, too!)
To: Wright is right!
What does this virus look like? I haven't heard of it yet. Is it a specific subject-line?
3
posted on
10/22/2003 12:48:27 PM PDT
by
Egon
(Safety Tip: You can get AIDS by sitting at a public toilet before the previous person vacates!)
To: Wright is right!
No. I've had epidemics of virus attacks in the past, but nothing right now.
These things email themselves from infected computers as well as from the original spammers, so maybe you're one or two degrees of separation from a friend with an infected computer.
4
posted on
10/22/2003 12:48:44 PM PDT
by
Cicero
(Marcus Tullius)
To: Wright is right!
W32/Swen@MM |
|
W32/Swen@MM, I-Worm.Swen (AVP), W32/Gibe.e@MM, Win32.HLLM.Gibe.2 (DialogueScience) is a Medium Risk mass-mailing worm for home users. Sometimes posing as a Microsoft Security Update, this worm is intended to spread via the following methods:
- Mailing itself to recipients extracted from the victim's machine
- Copying itself over network shares (mapped drives)
- Sharing itself over the KaZaa P2P network
- Sending itself via IRC
The worm terminates processes relevant to various security and anti-virus products. Additionally, the worm contains its own SMTP engine to create outgoing messages to harvested email addresses from the victim's machine. Various outgoing messages are created, with multiple subject lines and attachment names. Some make use of an Internet Explorer vulnerability to ensure the worm attachment is run upon viewing the email. See Microsoft Security Bulletin (MS01-020) . Messages created to take advantage of this vulnerability will be detected as Exploit-MIME.gen.exe with the 4215 DATs or greater (and earlier as Exploit-MIME.gen). When the worm is run on the victim's machine, a series of fraudulent message boxes are displayed. The worm installs itself (using a random filename) into %WinDir%, for example: C:\WINDOWS\ZNFUL.EXE. W32/Swen@MM modifies various registry keys and disables the execution of REGEDIT.EXE on the victim's machine. Additionally, the worm terminates various processes on the victim's machine. |
|
What are the common subject lines, attachment names and message content associated with W32/Swen@MM emails? |
|
Subject: Returned Response From: Email Delivery Service (kmailengine@yahoo.com) Body: Undeliverable mail to (email address) |
|
How do you know if you've been infected? |
|
- Display of a series of dialog boxes
- Unexpected termination of various security and anti-virus products
- Inability to run RegEdit on the victim's machine
|
|
How do you clean your system if its already infected? |
|
Ensure that your virus definition DAT files are current. Detection is included in the Daily DAT files (beta). W32/Swen@MM disables the execution of REGEDIT.EXE. The UNDO.REG tool will reverse the changes made by the virus and allow the user to execute REGEDIT.EXE as normal. Additional Windows ME/XP removal considerations |
|
5
posted on
10/22/2003 12:49:39 PM PDT
by
Oldeconomybuyer
(The democRATS are near the tipping point.)
To: Wright is right!
Nothing here yet. Will keep on the lookout, tho.
6
posted on
10/22/2003 12:49:41 PM PDT
by
martin_fierro
(A v v n c v l v s M a x i m v s)
To: Wright is right!
Nothing here - thank goodness.
7
posted on
10/22/2003 12:50:17 PM PDT
by
lodwick
FR Tech Tips List
|
FREE PC PROTECTION (not an exhaustive list):
|
8
posted on
10/22/2003 12:50:18 PM PDT
by
martin_fierro
(A v v n c v l v s M a x i m v s)
To: martin_fierro
Muttly eat virus.
No problem.
9
posted on
10/22/2003 12:51:20 PM PDT
by
PoorMuttly
(Mutly See...Muttly Eat)
To: Wright is right!
With Norton AntiVirus 2002, click on Options, click on Email on the left-hand side, and select the option "Repair then silently quarantine if unsuccessful" under "How to Respond when a Virus is Found".
- Maigrey's husband
10
posted on
10/22/2003 12:52:30 PM PDT
by
Maigrey
(These (liberals) are the same people who think therapy will help the terrorists. -GWB, 9/23/03)
To: sinkspur
I just changed my settings yesterday, so the jury is still out if this change "takes", but fwiw I havn't seen any more since then... here is the procedure:
On the "System Tray", right-click on the Norton Antivirus Icon, and then left-click on the "Configure Norton Antivirus" option. Open the Internet/Email tab, and switch from your current setting "Ask me what to do" to be "Repair, and silently quarantine if unsuccessful"
11
posted on
10/22/2003 12:53:25 PM PDT
by
C210N
To: C210N
Thanks. I'll give that one a try.
12
posted on
10/22/2003 12:56:28 PM PDT
by
sinkspur
(Adopt a dog or a cat from a shelter! Save a life, and maybe you'll save your own, too!)
To: Maigrey
"With Norton AntiVirus 2002, click on Options, click on Email on the left-hand side, and select the option "Repair then silently quarantine if unsuccessful" under "How to Respond when a Virus is Found"." Seems like I tried that once before but I've just done that procedure again to see if it will work this time.
Fortunately, I'm using Forte Agent 1.9 for email (it's a fab news / Usenet reader but it also does mail really well and is IMPERVIOUS to virii, and I've got Zone Alarm going, too.
michael
13
posted on
10/22/2003 12:56:53 PM PDT
by
Wright is right!
(Never get excited about ANYTHING by the way it looks from behind.)
To: Wright is right!
It's been around for a while.
See previous posts here.
14
posted on
10/22/2003 1:01:03 PM PDT
by
Damocles
(sword of...)
To: Maigrey
OK, got another question - see if you know the answer to this.
I've got a paid copy of Norton A/V 2002 on the desktop. I also used the Norton CD to install 2002 to my laptop, but this was before I renewed the subscription. Now, everytime I open the laptop, Norton nags me to renew. Is there a clean way to make "Norton On The Laptop" know that I've renewed via "Norton On The Desktop?" Or do I have to pay twice?
Michael
15
posted on
10/22/2003 1:01:04 PM PDT
by
Wright is right!
(Never get excited about ANYTHING by the way it looks from behind.)
To: Wright is right!
THIS is the one I KEEP getting.....on weekends, mostly it seems......
X-Symantec-TimeoutProtection: 0
FROM: "MS Corporation Internet Security Center"
TO: " "
SUBJECT: Current Security Update
Date: Sun, 19 Oct 2003 10:35:54 +0300
16
posted on
10/22/2003 1:02:28 PM PDT
by
goodnesswins
(Free people are not equal. Equal people are not free.)
To: martin_fierro
17
posted on
10/22/2003 1:16:51 PM PDT
by
JoJo Gunn
(Liberalism - Better Living through Histrionics ©)
To: Wright is right!
>>Fortunately, I'm using Forte Agent 1.9 for email (it's a fab news / Usenet reader but it also does mail really well and is IMPERVIOUS to virii, and I've got Zone Alarm going, too.
Dittos. The only virii that my ISP's mail server's scanning didn't nail, Norton did.
18
posted on
10/22/2003 1:20:49 PM PDT
by
Keith in Iowa
(Tag line produced using 100% post-consumer recycled ethernet packets,)
To: Wright is right!
Is there a clean way to make "Norton On The Laptop" know that I've renewed via "Norton On The Desktop?" Or do I have to pay twice?The license "limits" the user to one user/one computer. I don't know of a way around that.
-- Maigrey's husband
19
posted on
10/22/2003 1:23:42 PM PDT
by
Maigrey
(These (liberals) are the same people who think therapy will help the terrorists. -GWB, 9/23/03)
To: JoJo Gunn
Thanks for the link -- will check it out.
20
posted on
10/22/2003 2:24:27 PM PDT
by
martin_fierro
(A v v n c v l v s M a x i m v s)
Navigation: use the links below to view more comments.
first 1-20, 21-26 next last
Disclaimer:
Opinions posted on Free Republic are those of the individual
posters and do not necessarily represent the opinion of Free Republic or its
management. All materials posted herein are protected by copyright law and the
exemption for fair use of copyrighted works.
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson