corsasport.co.uk
 

Corsa Sport » Message Board » General Chat » pc help


New Topic

New Poll
  Subscribe | Add to Favourites

You are not logged in and may not post or reply to messages. Please log in or create a new account or mail us about fixing an existing one - register@corsasport.co.uk

There are also many more features available when you are logged in such as private messages, buddy list, location services, post search and more.


Author pc help
Dan
Premium Member

Avatar

Registered: 22nd Apr 02
Location: Gorleston on Sea, Norfolk
User status: Offline
18th Feb 05 at 12:42   View Garage View User's Profile U2U Member Reply With Quote

why have all my jpegs and mpegs turned 2 vbscript?

is it a virus?


Adult GiftsClick here to vist us
Macca_G
Member

Registered: 15th Jan 03
Location: Stockport, Manchester
User status: Offline
18th Feb 05 at 12:48   View User's Profile U2U Member Reply With Quote

visual basic script..? probably just installed something that uses vbscipt as a default player for them... just chage them back..
Dan
Premium Member

Avatar

Registered: 22nd Apr 02
Location: Gorleston on Sea, Norfolk
User status: Offline
18th Feb 05 at 12:51   View Garage View User's Profile U2U Member Reply With Quote

wont let me...

virus checker just found summit called vbs.loveletter?


Adult GiftsClick here to vist us
willay
Moderator
Organiser: South East, National Events
Premium Member


Avatar

Registered: 10th Nov 02
Location: Roydon, Essex
User status: Offline
18th Feb 05 at 12:51   View Garage View User's Profile U2U Member Reply With Quote

you'd have the love letter virus then.
Dan
Premium Member

Avatar

Registered: 22nd Apr 02
Location: Gorleston on Sea, Norfolk
User status: Offline
18th Feb 05 at 12:53   View Garage View User's Profile U2U Member Reply With Quote

what the hell is i?? what do i do?? donmt wanna fuck up pc


Adult GiftsClick here to vist us
willay
Moderator
Organiser: South East, National Events
Premium Member


Avatar

Registered: 10th Nov 02
Location: Roydon, Essex
User status: Offline
18th Feb 05 at 12:54   View Garage View User's Profile U2U Member Reply With Quote

its friday, turn your pc off and go ruin your girlfriend.


willay has spoken.
Dan
Premium Member

Avatar

Registered: 22nd Apr 02
Location: Gorleston on Sea, Norfolk
User status: Offline
18th Feb 05 at 13:03   View Garage View User's Profile U2U Member Reply With Quote

i should be doing my conversion!!

but dad has a 30ft container in the air, held up by a few bits of wood and keeps looking 2 fall...im staying clear..

he is insane


Adult GiftsClick here to vist us
LukeGSi
Member

Registered: 9th Dec 03
User status: Offline
18th Feb 05 at 15:23   View User's Profile U2U Member Reply With Quote

Stop downloading porn
Macca_G
Member

Registered: 15th Jan 03
Location: Stockport, Manchester
User status: Offline
18th Feb 05 at 15:24   View User's Profile U2U Member Reply With Quote

Goto www.pandasoftware.com do the active scan - if its a virus this will sort it

[Edited on 18-02-2005 by Macca_G]
Ian
Site Administrator

Avatar

Registered: 28th Aug 99
Location: Liverpool
User status: Offline
18th Feb 05 at 15:26   View Garage View User's Profile U2U Member Reply With Quote

Sounds like a virus which was popular a few years ago. It deletes all images and video and replaces them with copies of itself.
Macca_G
Member

Registered: 15th Jan 03
Location: Stockport, Manchester
User status: Offline
18th Feb 05 at 15:31   View User's Profile U2U Member Reply With Quote

VBS.LoveLetter.CA spreads using Microsoft Outlook. It attempts to email itself to all contacts that have not yet been targeted by the worm. The payload of this worm overwrites files of certain extensions with its own code.

NOTE: Virus definitions prior to March 2, 2001 detected this as VBS.LoveLetter.Variant.

The subject is one of the following:

MERRY X-MAS FROM MICROSOFT. =PLEASE VISIT => (http://WWW.MICROSOFT.COM)<=
[String of 6 random characters]
[No Subject]

The body of the email is one of the following:
STAR F**KERS INC. EVEN TRENT KNOWS ITS TRUE
[String of 10 random characters]
[No Body Text]


Also Known As: VBS.LoveLetter.Variant, I-Worm.Loveletter, VBS/LoveLetter@MM

Type: Worm
Infection Length: 12,477 bytes



Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP







Virus Definitions (Intelligent Updater) *
September 29, 2000


*
Intelligent Updater definitions are released daily, but require manual download and installation.
Click here to download manually.

**
LiveUpdate virus definitions are usually released every Wednesday.
Click here for instructions on using LiveUpdate.







Wild

Number of infections: 0 - 49
Number of sites: 0 - 2
Geographical distribution: Low
Threat containment: Easy
Removal: Easy
Threat Metrics


Wild:
Low
Damage:
Medium
Distribution:
High



Damage

Payload Trigger: When VBS.LoveLetter.CA runs. If the date is December 25th, a special payload is triggered.
Payload:
Large scale e-mailing: All addresses are targeted once.
Modifies files: Overwrites files with certain extensions.
Degrades performance: On December 25th, all network drives are removed and a dialog box appears.
Distribution

Subject of email: MERRY X-MAS FROM MICROSOFT. =PLEASE VISIT => (http://WWW.MICROSOFT.COM)<=, [Random String of 10 Characters], or [No Subject]
Name of attachment: [Random String].VBS
Size of attachment: 12,477 Bytes
Target of infection: Files with the following extensions: .css, .hta, .jpeg, .jpg, .js, .jse, .mp2, .mp3, .sct, .vbe, .vbs and .wsh


When executed, VBS.LoveLetter.CA copies itself to \System\Linux32.vbs, Windows\Reload.vbs, and \System\[Random File Name].vbs.

The registry is modified so that when Microsoft Internet Explorer starts, it downloads three additional files. These files are then integrated into the system so that they start automatically.

After downloading the additional files it resets the Internet Explorer start page to a pornographic Web site.

VBS.LoveLetter.CA searches out specific files on all available drives, including mapped network volumes, and overwrites them with its own code. Files with the following extensions are targeted:

.css
.hta
.jpeg
.jpg
.js
.jse
.mp2
.mp3
.sct
.vbe
.vbs
.wsh

If the date is December 25, the following message appears:

EVEN TRENT KNOWS ITS TRUE=>STAR F**KERS INC.
Att. [random word] (REDRUM)


An attempt is then made to remove all network drives.





Symantec Security Response encourages all users and administrators to adhere to the following basic security "best practices":

Turn off and remove unneeded services. By default, many operating systems install auxiliary services that are not critical, such as an FTP server, telnet, and a Web server. These services are avenues of attack. If they are removed, blended threats have less avenues of attack and you have fewer services to maintain through patch updates.
If a blended threat exploits one or more network services, disable, or block access to, those services until a patch is applied.
Always keep your patch levels up-to-date, especially on computers that host public services and are accessible through the firewall, such as HTTP, FTP, mail, and DNS services (for example, all Windows-based computers should have the current Service Pack installed.). Additionally, please apply any security updates that are mentioned in this writeup, in trusted Security Bulletins, or on vendor Web sites.
Enforce a password policy. Complex passwords make it difficult to crack password files on compromised computers. This helps to prevent or limit damage when a computer is compromised.
Configure your email server to block or remove email that contains file attachments that are commonly used to spread viruses, such as .vbs, .bat, .exe, .pif and .scr files.
Isolate infected computers quickly to prevent further compromising your organization. Perform a forensic analysis and restore the computers using trusted media.
Train employees not to open attachments unless they are expecting them. Also, do not execute software that is downloaded from the Internet unless it has been scanned for viruses. Simply visiting a compromised Web site can cause infection if certain browser vulnerabilities are not patched.


Delete all files detected as VBS.LoveLetter.CA.





Write-up by: Andre Post


Macca_G
Member

Registered: 15th Jan 03
Location: Stockport, Manchester
User status: Offline
18th Feb 05 at 15:32   View User's Profile U2U Member Reply With Quote

Read the bottom bit
Dan
Premium Member

Avatar

Registered: 22nd Apr 02
Location: Gorleston on Sea, Norfolk
User status: Offline
18th Feb 05 at 15:34   View Garage View User's Profile U2U Member Reply With Quote

???


Adult GiftsClick here to vist us
Macca_G
Member

Registered: 15th Jan 03
Location: Stockport, Manchester
User status: Offline
18th Feb 05 at 15:35   View User's Profile U2U Member Reply With Quote

It tells you what it is and how to get rid of it..

 
New Topic

New Poll

Corsa Sport » Message Board » General Chat » pc help 24 database queries in 0.0125899 seconds