Goner Virus -- email virus wreaking havoc on web

www.mcafee.com ^ | December 4, 2001 | Christopher M. Hoss

[topher]

Already been posted a couple times.

I felt this needed to posted under breaking news with a link to the McAfee site. If I can get into the Norton site, I will post a link to that one.

We had trouble with Internet access at work\ earlier today, so this one seems to be exploding on the net.

On one of the other threads, it said it crashed the AT&T email servers (so many emails being sent).

[glock rocks]

Perhaps one tactic is to ensure that IT and Personnel work together and hammer out a user agreement that says blah blah I understand that tech tools I am about to receive blah blah etc and if I don't do such and such is grounds for my section being billed for time and resources that IT wasted ....

they sign. we already bill them on percentage. doesn't matter.

HELP DESK: "If you get one of these, don't open it."
MORON: "I opened it, can you fix it, I'm in a hurry, it's really important."
HELP DESK: "How did you live this long?"
MORON: "Excuse me?"
HELP DESK: "Nope, no excuse."

[toupsie]

I've just spent two hours cleaning it up. I have too many idiot users who can't remember not to open strange attachments.

Why do you even let users receive attachments that can be executed in the first place? Try out a package called Postfix as your SMTP server. It makes blocking harmful attachments a snap.

[Tennessee_Bob]

Just curious, how do the "idiot" users rate their IT support?

If they're typical "idiot" (L)users, then they probably say that tech support sucks because tech support won't fix their copy of MSN Messenger or Spinner just because they didn't put it on the original image. "And yeah, I know, help desk said that it might cause issues with Windows 2000, but I didn't think it would happen on my computer. And why should I back my files up? Oh, and yes, I know the power is out right now, but can you still install the anti-virus on my machine from the servers? What do you mean I have to turn the power on at the surge suppressor before I can turn on my computer?"

[Aquinasfan]

It just wiped out Outlook in our department, and we're all on Macs. This must be a bad one. 8-(

[Tennessee_Bob]

sometimes i think some HUGE capacitors hooked up to the help desk lines would be helpful.

We wanted a pimp slap button on our phones, that way when the know it alls call and refuse to listen to instructions (if you know what's wrong, why are you wasting my time on the phone?), you just hit "pimpslap" on the console. You hear a KERWHAP (and possibly a hollow ringing sound), and suddenly the (L)user is ready to listen to instructions.

[toupsie]

Just curious, how do the "idiot" users rate their IT support?

Excellent point. I have fired too many IT support emplopyees for being rude to users whose main job is not understanding the operation of a computer but the generation of profit.

A decent IT department would have dealt with this at the mail server level than pray that non-computer experts would be able to deal with the problem. I would be embarassed to publically admit that a virus/worm had made it past my defenses into a user's mailbox.

[Rodney King]

I contend that the vast majority of idiots who open attachements like this are chicks. They all send themselves so many stupid emails all day long that they could not possibly identify which are real and which aren't.

[Arthalion]

Yep, we are getting hammered here at work today by this virus. I've recieved about a hundred of these things in my Inbox, but my Macafee Vshield has taken it out before it could do any damage. Unfortunatly, we have a lot of users who DISABLE their virus scanners in order to increase the performance of their computers.

[glock rocks]

I would be embarassed to publically admit that a virus/worm had made it past my defenses into a user's mailbox.

i agree with you on that. there are very few in my organization who
use outlook express, and they are those who always have the problems.
i don't work on the help desk, but can see both sides... most of all, i hope
microsoft can someday clean up their act.

that overly optimistic statement is to balance my previous pessimistic post.

[thefactor]

Is that Saturday Night Live skit based on you? "Your Company's Computer Guy". Hilarious.

[HangFire]

FreeRepublic just saved my a$$! No sooner than reading this thread, I received an email from an old trusted friend, you guessed it! It read;

How are you ? When I saw this screen saver, I immediately thought about you I am in a harry, I promise you will love it!

If not for this thread I know I would have opened the attachment, once again thanks FR!

[Woodman]

This is for you and everyone else who doesn't know that answer.

Open Windows Explorer
Goto Tools --> Folder Options in the menu
In the Folder Options select the View TAB
In the list of Advanced Settings de-select "Hide file extensions for known file types"
Select "OK"

Now whenever you see a file attachment in any Microsoft writen Windows Program the File Nome will display with the extension. The is usefull when a virus is sent to you that has a double extension such as Fubar.txt.exe which under the default settings will display as an inocent text file when in really is a program.

[chit*chat]

The subject is "Hi" and the message text is: --- How are you ? When I saw this screen saver, I immediately thought about you I am in a harry, I promise you will love it!

I just deleted this from my in basket. It looked suspicious when it came from 5 fellow employees but had the same message from each. I was crusing FR and ran across this warning. Thank you for posting it! c*c

[elfman2]

"Why in the h&** does a user have to identify an ever changing array of file extensions in order to carry out the task at hand when all they are trying to do is answer some email or run some mail labels? Technology is supposed to enable, not disable."

You just read why you have to ID extensions. There are probably less than a half dozen you should ever see in your email. Ask a technically inclined co-worker what they are. Then if you don't recognize one, ask first. It's not that hard. Besides, technology is, always has been, and always will be a dual edged sword.

[copycat]

An anti-virus program called "Innoculated" was recommended to me by a friend.

Anyone know where to get it?

Anyone have any info good or bad on it?

[BFO]

I did a search and destroy on all @mm file extensions, but I can't delete the gone.scr file from my registry. Any ideas, anyone??

[JenB]

Why in the h&** does a user have to identify an ever changing array of file extensions in order to carry out the task at hand when all they are trying to do is answer some email or run some mail labels? Technology is supposed to enable, not disable.

Well, as I say, think of it as evolution in action...

Seriously, it's not that hard to remember a few acronyms, is it? .doc,(obvious) .pdf (public data format, you'll need Adobe Acrobat or similar) or .txt (text only format) for a document, .jpg and .gif are picture files, .zip means it's compressed, .exe (for executable) is a program, .html for a web page. Basically, never open any .exe . If you don't know what it is, don't open it. I don't think I've ever heard of. Mostly the only ones you'll see in emails are .doc, .gif or .jpg, or .exe when the virus comes through.

[Diddle E. Squat]

OK, are we CERTAIN that this virus can't be caught without opening an attachment? When the thread first started, I did a search of my PC's hard drive.(Windows ME), first for files or folders with "goner.scr", luckily nothing found. So I then did a 'containing text' search for "goner.scr", and it showed up in "User" in folder "C:\Windows" in a DAT file modified 12/4/2001. Interesting, since I haven't opened an e-mail attachment in weeks, never from someone I don't know, and hadn't even touched my Outlook Express since AT&T switched my broadband over to their new broadband Sunday night. But I thought that it would be infected only if "goner.scr" was a file? So went to post the question, and everything froze up. Only has happened once before in the 4 months I've had this computer. Coincidence? Couldn't shut down other than cutting off the power, did so, came back up and immediately start scanning the hard drive for any errors from improper shutdown. But VERY slow, in 20 minutes got to cluster 50,000 out of 1.2 million, and froze. Usually it takes about a minute or so. Couldn't cancel, did ctrl alt delete, got unstable message, had to cut power again. Repeat whole process, same result. After third shutdown, cancelled the damage scan early(while still possible) and now am posting. So any ideas if this was just a coincidence, evidence of goner or something else? But more importantly, any chance that this or some other virus or damaging agent could bypass the need for opening an attachment, possibly related to the AT&T cutover to their new broadband? BTW, am using Zone Alarm Pro(paid for version!), and have never turned it off. Thanks for any info.

[Principled]

bump for later-

thanks Woodman