Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Goner Virus -- email virus wreaking havoc on web
www.mcafee.com ^ | December 4, 2001 | Christopher M. Hoss

Posted on 12/04/2001 10:25:07 AM PST by topher

http://vil.mcafee.com/dispVirus.asp?virus_k=99272&

The above web link describes the GONER VIRUS/WORM and the potential damage.

The good news is that YOU MUST OPEN THE SCREENSAVER ATTACHMENT TO BE INFECTED.

Evidence that your PC is infected is the presence of the file GONE.SCR

The McAfee Web Server is overloaded by people trying to get into the site.

Here is a CLICKABLE link to the McAfee web site:

Goner Virus Info from McAfee (12/04/2001)

This virus has appeared on the Internet just today (Tuesday, December 4, 2001).

I can email people information about the virus, but I have it in Microsoft Doc/RTF format currently because it had pictures and graphics about what appears on the PC.


TOPICS: Breaking News; Miscellaneous; News/Current Events
KEYWORDS:
Navigation: use the links below to view more comments.
first previous 1-2021-4041-6061-80 ... 141-149 next last
To: lowbridge
Already been posted a couple times.

I felt this needed to posted under breaking news with a link to the McAfee site. If I can get into the Norton site, I will post a link to that one.

We had trouble with Internet access at work\ earlier today, so this one seems to be exploding on the net.

On one of the other threads, it said it crashed the AT&T email servers (so many emails being sent).

21 posted on 12/04/2001 10:56:03 AM PST by topher
[ Post Reply | Private Reply | To 3 | View Replies]

To: bwteim
Perhaps one tactic is to ensure that IT and Personnel work together and hammer out a user agreement that says blah blah I understand that tech tools I am about to receive blah blah etc and if I don't do such and such is grounds for my section being billed for time and resources that IT wasted ....

they sign. we already bill them on percentage. doesn't matter.

HELP DESK: "If you get one of these, don't open it."
MORON: "I opened it, can you fix it, I'm in a hurry, it's really important."
HELP DESK: "How did you live this long?"
MORON: "Excuse me?"
HELP DESK: "Nope, no excuse."

22 posted on 12/04/2001 11:00:50 AM PST by glock rocks
[ Post Reply | Private Reply | To 15 | View Replies]

To: Mr. Jeeves
I've just spent two hours cleaning it up. I have too many idiot users who can't remember not to open strange attachments.

Why do you even let users receive attachments that can be executed in the first place? Try out a package called Postfix as your SMTP server. It makes blocking harmful attachments a snap.

23 posted on 12/04/2001 11:01:22 AM PST by toupsie
[ Post Reply | Private Reply | To 2 | View Replies]

To: bwteim
Just curious, how do the "idiot" users rate their IT support?

If they're typical "idiot" (L)users, then they probably say that tech support sucks because tech support won't fix their copy of MSN Messenger or Spinner just because they didn't put it on the original image. "And yeah, I know, help desk said that it might cause issues with Windows 2000, but I didn't think it would happen on my computer. And why should I back my files up? Oh, and yes, I know the power is out right now, but can you still install the anti-virus on my machine from the servers? What do you mean I have to turn the power on at the surge suppressor before I can turn on my computer?"

24 posted on 12/04/2001 11:05:01 AM PST by Tennessee_Bob
[ Post Reply | Private Reply | To 6 | View Replies]

To: topher
It just wiped out Outlook in our department, and we're all on Macs. This must be a bad one. 8-(
25 posted on 12/04/2001 11:05:07 AM PST by Aquinasfan
[ Post Reply | Private Reply | To 1 | View Replies]

To: glock rocks
sometimes i think some HUGE capacitors hooked up to the help desk lines would be helpful.

We wanted a pimp slap button on our phones, that way when the know it alls call and refuse to listen to instructions (if you know what's wrong, why are you wasting my time on the phone?), you just hit "pimpslap" on the console. You hear a KERWHAP (and possibly a hollow ringing sound), and suddenly the (L)user is ready to listen to instructions.

26 posted on 12/04/2001 11:07:27 AM PST by Tennessee_Bob
[ Post Reply | Private Reply | To 10 | View Replies]

To: bwteim
Just curious, how do the "idiot" users rate their IT support?

Excellent point. I have fired too many IT support emplopyees for being rude to users whose main job is not understanding the operation of a computer but the generation of profit.

A decent IT department would have dealt with this at the mail server level than pray that non-computer experts would be able to deal with the problem. I would be embarassed to publically admit that a virus/worm had made it past my defenses into a user's mailbox.

27 posted on 12/04/2001 11:07:53 AM PST by toupsie
[ Post Reply | Private Reply | To 6 | View Replies]

To: topher
I contend that the vast majority of idiots who open attachements like this are chicks. They all send themselves so many stupid emails all day long that they could not possibly identify which are real and which aren't.
28 posted on 12/04/2001 11:10:22 AM PST by Rodney King
[ Post Reply | Private Reply | To 1 | View Replies]

To: topher
Yep, we are getting hammered here at work today by this virus. I've recieved about a hundred of these things in my Inbox, but my Macafee Vshield has taken it out before it could do any damage. Unfortunatly, we have a lot of users who DISABLE their virus scanners in order to increase the performance of their computers.
29 posted on 12/04/2001 11:15:27 AM PST by Arthalion
[ Post Reply | Private Reply | To 1 | View Replies]

To: toupsie
I would be embarassed to publically admit that a virus/worm had made it past my defenses into a user's mailbox.

i agree with you on that. there are very few in my organization who
use outlook express, and they are those who always have the problems.
i don't work on the help desk, but can see both sides... most of all, i hope
microsoft can someday clean up their act.

that overly optimistic statement is to balance my previous pessimistic post.

30 posted on 12/04/2001 11:18:09 AM PST by glock rocks
[ Post Reply | Private Reply | To 27 | View Replies]

To: Mr. Jeeves
Is that Saturday Night Live skit based on you? "Your Company's Computer Guy". Hilarious.
31 posted on 12/04/2001 11:22:24 AM PST by thefactor
[ Post Reply | Private Reply | To 2 | View Replies]

To: All
FreeRepublic just saved my a$$! No sooner than reading this thread, I received an email from an old trusted friend, you guessed it! It read;

How are you ? When I saw this screen saver, I immediately thought about you I am in a harry, I promise you will love it!

If not for this thread I know I would have opened the attachment, once again thanks FR!

32 posted on 12/04/2001 11:24:10 AM PST by HangFire
[ Post Reply | Private Reply | To 30 | View Replies]

To: Mrs. P
This is for you and everyone else who doesn't know that answer.

Open Windows Explorer
Goto Tools --> Folder Options in the menu
In the Folder Options select the View TAB
In the list of Advanced Settings de-select "Hide file extensions for known file types"
Select "OK"

Now whenever you see a file attachment in any Microsoft writen Windows Program the File Nome will display with the extension. The is usefull when a virus is sent to you that has a double extension such as Fubar.txt.exe which under the default settings will display as an inocent text file when in really is a program.

33 posted on 12/04/2001 11:27:52 AM PST by Woodman
[ Post Reply | Private Reply | To 16 | View Replies]

To: clueless idiot
The subject is "Hi" and the message text is: --- How are you ? When I saw this screen saver, I immediately thought about you I am in a harry, I promise you will love it!

I just deleted this from my in basket. It looked suspicious when it came from 5 fellow employees but had the same message from each. I was crusing FR and ran across this warning. Thank you for posting it! c*c

34 posted on 12/04/2001 11:32:26 AM PST by chit*chat
[ Post Reply | Private Reply | To 13 | View Replies]

To: bwteim
"Why in the h&** does a user have to identify an ever changing array of file extensions in order to carry out the task at hand when all they are trying to do is answer some email or run some mail labels? Technology is supposed to enable, not disable."

You just read why you have to ID extensions. There are probably less than a half dozen you should ever see in your email. Ask a technically inclined co-worker what they are. Then if you don't recognize one, ask first. It's not that hard. Besides, technology is, always has been, and always will be a dual edged sword.

35 posted on 12/04/2001 11:34:14 AM PST by elfman2
[ Post Reply | Private Reply | To 12 | View Replies]

To: topher
An anti-virus program called "Innoculated" was recommended to me by a friend.

Anyone know where to get it?

Anyone have any info good or bad on it?

36 posted on 12/04/2001 11:37:08 AM PST by copycat
[ Post Reply | Private Reply | To 21 | View Replies]

To: Arthalion
I did a search and destroy on all @mm file extensions, but I can't delete the gone.scr file from my registry. Any ideas, anyone??
37 posted on 12/04/2001 11:40:45 AM PST by BFO
[ Post Reply | Private Reply | To 29 | View Replies]

To: bwteim
Why in the h&** does a user have to identify an ever changing array of file extensions in order to carry out the task at hand when all they are trying to do is answer some email or run some mail labels? Technology is supposed to enable, not disable.

Well, as I say, think of it as evolution in action...

Seriously, it's not that hard to remember a few acronyms, is it? .doc,(obvious) .pdf (public data format, you'll need Adobe Acrobat or similar) or .txt (text only format) for a document, .jpg and .gif are picture files, .zip means it's compressed, .exe (for executable) is a program, .html for a web page. Basically, never open any .exe . If you don't know what it is, don't open it. I don't think I've ever heard of. Mostly the only ones you'll see in emails are .doc, .gif or .jpg, or .exe when the virus comes through.

38 posted on 12/04/2001 11:43:27 AM PST by JenB
[ Post Reply | Private Reply | To 12 | View Replies]

OK, are we CERTAIN that this virus can't be caught without opening an attachment? When the thread first started, I did a search of my PC's hard drive.(Windows ME), first for files or folders with "goner.scr", luckily nothing found. So I then did a 'containing text' search for "goner.scr", and it showed up in "User" in folder "C:\Windows" in a DAT file modified 12/4/2001. Interesting, since I haven't opened an e-mail attachment in weeks, never from someone I don't know, and hadn't even touched my Outlook Express since AT&T switched my broadband over to their new broadband Sunday night. But I thought that it would be infected only if "goner.scr" was a file? So went to post the question, and everything froze up. Only has happened once before in the 4 months I've had this computer. Coincidence? Couldn't shut down other than cutting off the power, did so, came back up and immediately start scanning the hard drive for any errors from improper shutdown. But VERY slow, in 20 minutes got to cluster 50,000 out of 1.2 million, and froze. Usually it takes about a minute or so. Couldn't cancel, did ctrl alt delete, got unstable message, had to cut power again. Repeat whole process, same result. After third shutdown, cancelled the damage scan early(while still possible) and now am posting. So any ideas if this was just a coincidence, evidence of goner or something else? But more importantly, any chance that this or some other virus or damaging agent could bypass the need for opening an attachment, possibly related to the AT&T cutover to their new broadband? BTW, am using Zone Alarm Pro(paid for version!), and have never turned it off. Thanks for any info.
39 posted on 12/04/2001 11:52:27 AM PST by Diddle E. Squat
[ Post Reply | Private Reply | To 36 | View Replies]

To: Woodman
bump for later-

thanks Woodman

40 posted on 12/04/2001 11:55:46 AM PST by Principled
[ Post Reply | Private Reply | To 33 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-2021-4041-6061-80 ... 141-149 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson