Trojan Horse Virus

L6steel · Jan 27, 2000

Sorry if this off topic.
This is for real folks! I got it and called aol's tech support to veryfy it and get instructions for removing it. Forumites, there is a trojan horse virus going around the www. I got it in an email from a fellow forumite, so it's in this group and anyone here has the potential to recieve it as an attachment to an email. The way it spreads is by reading the buddy list on your pc and then sending itself out to all the screen names on your list. It sends an email with the subject as "HEY YOU", and the content says, "Hey, I finally scanned some of my pictures." Besides the hassles it causes, it steals your password. When I tried to sign on it said I had used an invalid password and a small window popped up where I had to type it in again. Then the virus emails the password to who ever. I used Mcafee virus scan to remove it from 4 files, but it was still in another file and it couldn't be removed or cleaned. I ended up reformatting my hard drive. I lost lots of stuff, but atleast my pc is ok. Just wanted to let you folks know what to look out for. Take care!! Michael

------------------
"Always think of your fellow knife makers as partners in the search for the perfect blade, not as people trying to compete with you and your work!"

MICKEY77 · Jan 27, 2000

Thanx for the tip off...

Jake Evans · Jan 28, 2000

Hi Michael, any idea who it came from? He might not even know he has it yet. Believe me, I'll be on the lookout for it, thanks for passing the word.

Jake

JoHnYKwSt · Jan 28, 2000

Be on the look out guys this is serious. I was actually going to post this but saw Mike already did. I got this virus about a week ago. It is still on my computer. Norton finds it but cannot clean it. I cannot clean it either (I have manually cleaned viruses before, especially trojan ones). This is one nasty virus. It does not allow you to restart or shut down your computer. It will always ask for your password twice. And at times when you sign onto AOL it will freeze aol. And yes it is a password stealer. Although this virus is mainly on aol all users be aware, especially aol users. Just because you have norton or mcafee dont think you are immune! This virus is very new and if you have not done a live update in the last couple of weeks your anti virus software wont even find it. Even if you anti virus software does find it, it will not be able to clean it. Word has it that both norton and mcafee are working on a "cure". They say they should crack it in about 2 weeks time.

As for the name of the forumite who gave Mike the virus this would not help. First of all this virus is VERY widespread on AOL. Second it auto sends to people on your buddy list.

------------------
Johnny
[]xxxxxx[]=============>

Walt Welch · Jan 28, 2000

Gentlemen; thank you for the very timely information. Should anyone wish further information about this trojan, which is called 'APStrojan.qa,' go here to the McAfee site where it is discussed: http://www.mcafee.com/viruses/apstrojan/

Your McAfee Virus Scan or Virus Clinic should detect this trojan, if your DAT files and search engine are up to date.

JoHnYKwSt; may I ask if you had an up to date emergency boot disc, and did you use it?

Thanks again everyone for this valuable warning. Walt

Jackal · Jan 28, 2000

Hahaha...yet another reason to stay away from AOL.

Find the affected file names, make sure they aren't necessary to your system, drop out to DOS, and manually erase the affected files. That is, if you can not first remove the virus from DOS using a virus scanner.

-AR

------------------
- AKTI Member ID# A000322

Allen Blade · Jan 28, 2000

Hello,

Those things are nasty litle buggers arent they.....usally they can be removed fine as long as they dont attach themselves to your WIN.INI file which alot of them do.then ya have big problems,,,usally have to Format and reload windows,,

my .02

Take Care, Allen

------------------
Allen Blade
Spokane,WA USA

" It is Always Better to learn The RIGHT Way, Than to Continue Doing it WRONG "

My Custom Knives :
http://www.geocities.com/yosemite/meadows/1770/allenblade.html

L6steel · Jan 28, 2000

I went to Mcafee online scan and it found the virus in 5 files. It was able to delete 4 of them, but there was one called Uninstallms.exe that it couldn't delete or clean. I tried to find it in exlpore, but couldn't. I just decided to reformat my hard drive, and this got rid of it all. I lost some stuff, but nothing I can't recover.
Jake, as soon as I found out I had it, I knew where it came from so I emailed them to let them know they had it. I found out today they have gotten rid of it.
You know what really burned me?? I alerted the knifelist by cutting and pasting the info aol and mcafee sent me in an email (I never forward anything) and Russ got all bent outa shape and emailed me with a gripe and complained that I had forwarded the stuff. Thats why I'm no longer on the list.
I just wanted to let everyone I could know about it and the possible solutions. What makes this thing so bad is how it reads the buddy list and sends itself out to the names. What kind of jackass would write a program like this???
Well, I hope everyone knows about it now. From now on, I'm checking with the sender before I open any email attachments again!! Take care Forumites!!! Michael

------------------
"Always think of your fellow knife makers as partners in the search for the perfect blade, not as people trying to compete with you and your work!"

JoHnYKwSt · Jan 28, 2000

Ok Update...

I still have not gotten rid of the virus. And I dont see any possible solution at the moment without formatting my hard drives. I would have formatted a long time ago but I have 12 gigs of stuff that I do not want to lose. I'm waiting to buy a CD-R so I can back up my stuff. This is a nasty little virus. You can't just go out to DOS and delete it. I've tried.

Walt,

I tried the boot disk. I had one which was made by Mcafee, it does not work. The virus somehow does not allow windows to start. I also deleted MSVBVM50.DLL from my computer, it did not help.

Alan,

Although the virus never infected the win.ini files, it does not allow me to get to any of my registry files.

------------------
Johnny
[]xxxxxx[]=============>

clip point · Jan 28, 2000

AOL! Ha!

just kidding, guys...

clip

Walt Welch · Jan 29, 2000

JoHnYKwSt; I don't claim to be computer literate, but there is a McAfee emergency boot disc for boot system viruses. McAfee came out with a new DAT file today. Perhaps the new file would have helped, although I understand that this worm was covered by the previous DAT file.

Further, there is a Windows boot disc; did you have one of these, and did you use it?

Just curious, Walt

JoHnYKwSt · Jan 30, 2000

I finally got rid of the virus! A big thank you to Walt for providing the link.

I tried a windows system disk, and a mcafee boot disk, both did not help.

I did a couple of things to shut down the virus but this was before I tried the downloading the updated DAT file from Walt's link. The easiest way is to get the updated DAT file and Mcafee should then find the files and delete them for you.

------------------
Johnny
[]xxxxxx[]=============>

[This message has been edited by JoHnYKwSt (edited 01-30-2000).]

Jake Evans · Jan 31, 2000

Well guys, I just tried Walts link and came up clean. I was SHOCKED to see that my PC has 19766 files. I had no idea there were that many and my "c" drive still tells me I have a little more then 17 GIGS of space left. I guess I'm ok for a while yet. Thanks for the link Walt.

Jake