If Your computer acts strange while on Internet (Your browser often crashes with general protection fault error, computer blocks, files disappeared from HDD, CDD opens and closes without reason...), You can be victim of Back Orifice-a. That is a package that consists of two programs and enables other people to use Your computer over Internet without Your permission. First program is BO server and it has to be installed on your computer. You get it as most of viruses by downloading of some program from unreliable Internet sites, or you can get it over e-mail-a as attachment. When starting this program, Back Orifice server is automatically installed on Your computer and leaves open door to all hackers on the world to do what they wish with your computer.
If you want to check how many hackers tries to enter to Your computer you can download NOBO (74.240 bytes) . That is software that protects You from Back Orifice and gives you an information about person that attacked Your computer. You just have to send e-mail to his Internet provider to stop other attacks.
Bubbleboy is new sort of virus that spreads over e-mail, and uses security bug of MS Outlook 98/2000 that shows HTML documents. This worm can infect computer in e-mail preview. It makes file UPDATE.HTA in folder C:\windows\Start Menu\Programs\Startup and on first start it will start outlook in hidden window and send infected e-mail to everyone in your Address Book. Virus does not work if your Windows is not installed in folder C:\Windows.
Patch for security bag you can find starting from Q240308 in Microsoft knowledge database. You can solve problem if remove association to *.HTA files too.
If you don't want to allow logging to Windows by pressing Cancel button on password screen, find key HLM\Network\Logon and add DWORD value MustBeValidated. If you input value 1 and restart Windows, Cancel button will be inactive.
In case that you use PC Anywhere on Internet and you do not assign TCP/IP address, it automatically scans network trying to find some of available hosts. In case you change values of standard ports, your computer will not be reported as host to computer that scan network. Make backup of registry, and find key:
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\pcAnywhere\CurrentVersion\System]
"TCPIPDataPort"=dword:000015ff
"TCPIPStatusPort"=dword:00001600
and change values for ports. For new values of ports you can use 5641 (TCP) i 5642 (UDP) - hexadecimal 1609 and 160A.
W32.Swen.A@mm is a "worm" that uses
known bug in Microsoft Outlook and Outlook Express-u that allows it to start in
preview mode. It can come as an attachment of any message (for example as
security patch for Microsoft Internet Explorer ). When installed,
"worm" tries to stop antiviral and firewall software installed on
computer.
For details try Symantec
web site.
This "worm" can spread on Microsoft Internet Explorer 5.01 and 5.5.
You can fond security patch here.
If you already have this worm on your computer download security
patch, and cleaning software that you can find on Symantec
web site.
Disconnect from Web and start cleaning software and then install security
patch.
Recommendation: download new virus definitions file for your antiviral software.
If computer starts to report serious error that will cause it to shut down in 30 seconds and start counting down there is a big chance that it caught W32.Blaster.Worm.
Because
of security bug in Microsoft RPC protocol this worm is dangerous for computer
systems with Windows NT 4.0, Windows 2000, Windows XP and Windows 2003
operating systems installed.
To protect Your computer, install appropriate security
pack. Before installation you have to install Service
Pack.
If you already detected this worm on computer download security
pack, and some of cleaning software that you can find on Symantec
site, or here.
(first read manual for Windows XP & ME!!)
Disconnect, run cleaning software and then install security pack.
MyDoom
virus
Virus MyDoom (also
known as W32/Mydoom@MM, W32.Novarg.A@mm and WORM_MIMAIL.R) spreads
over Internet through e-mail attachments. "Worm"
comes as attachment with some of following extensions .bat, .cmd, .exe, .pif,
.scr or .zip. It is dangerous because it leaves open port u between 3127 to 3198,
that potential hackers can use very well.
Also it sends himself to all e-mail addresses that can find on computer. MyDoom is programmed to start DDoS (denial of service) attack on web location of SCO company from all infected computers between 1. and 12. February. This company offers 250.000 US$ reward for information that will lead to arrest of virus author. You can find free tool for virus removal that made company Computer Associates. Here is a link: http://www3.ca.com/solutions/collateral.asp?CT=27081&CID=54593 (333 KB).
Recommendation: download new virus definitions file for your antiviral software. Virus definitions from 26.01.2004.can protect you.