Autorun HTML/VBScript viruses killing me

[ssoni223]

I just got the same damn virus that killed my last PC
This time I took steps outlined on McCaffees'site:
http://vil.mcafee.com/dispVirus.asp?virus_k=99069&


If I can just run in text mode,. this can be avoided.
How do I turn off HTML format in Outlook Express?
I cant see anything under Tools->Options
Else, I will return to using hotmail.com, and not the Outlook GUI.

Thanks for any help

 

[Theslowone]

Is this virus native to outlook express/outlook only, if so try Eudora or some other email client.

Sorry for the spelling...its late.

 

[OZEE]

TURN OFF AUTO-PREVIEW I've cleaned viruses from three computers this week -- all infected by "unopened" email that executed in auto-preview.

GET/MAINTAIN VIRUS PROTECTION There's too many viruses that are self-executing like this right now to go without good virus protection. McAfee or Norton -- and keep the dat file current. And have them scan everything.

And DON'T OPEN ATTACHMENTS YOU AREN'T EXPECTING And watch for DOUBLE EXTENSIONS If it ends in .exe, .bat, .com, .pif, .scr be very careful. Lots of viruses right now come as .doc.pif or .mp3.pif. These will get you just like running a .exe. Also, the most current virus (Goner) is coming as a .scr -- that's a screen-saver extension.

By the way -- This virus (badtrans) shouldn't have killed your pc. It's easily cleaned -- if you'll follow the instructions posted on McAfee, Norton, or antivirus.com. You need to delete up to four files (at least one of them is hidden) and a quick registry fix (of which you should be very careful -- get help if you're not comfortable in the registry -- editing the registry can kill your computer...)

 

[ssoni223]

yea, im hip to all that
I NEVER open weird attachments, etc. EXE's, etc
This one got me, b/c of the auto preview, so I never even had a chance
this thing autoran,,,,it wasnt even an attachment,,,some kind of javascript inthe HTML possibly

How do I turn off auto preview ?
but does that just mean it wont show in the lower pane?
that wont help bc the virus ran when i opened the msg
so it owuld happen anyways, when i 2x click to read the msg
i was not able to know it was a virus just from the subject header


for protection
I want to goto raw text format, and have to EXPLICITLY run attachments, if i want


The last virus didnt techniucaly kill my PC
my Outlook just plain died sometime afterwards
wounnt open,,,,and PC was acting flaky, so i just did a new install


the viris then hit my new build on its second day
and yea, i easily removed it.
just need to kill the god damn auto preview
if i cant, ll just use the website for read email,,

 

[OZEE]

To get rid of preview pane ... View-Layout. Then deselect the preview pane in the lower half of the screen...

And yes - doing this gets rid of the lower pane in OE. I haven't heard of badtrans being distributed in javascript, but I suppose it could. Anycase, your anti-virus should have caught it if it was setup to scan everything in email.

 

[KB]

In addition to etting some Anti-Virus software, update your Outlook Express to the latest version and install the security updates on MS's site. This will prevent this type of virus from running in OE.

 

[ssoni223]

I am running stock win2k w/ SP1.

I can't find the URL's for Outlook Express Updates.
Is that just part of the IE updates?
Should I run IE6? The same logic applies.
Does it work propery?

However, I am not going to upgrade to XP b/c of the new hardware security stuff.
I want NO MSFT updates, b/c they've finally wisend up to the subscription model.
I will stick with win2k for several years, I think.
I'm sure they're putting in all sorts of security and interdependence in the new software.

 

[Jeff7]

THIS should help

It's the WindowsUpdate site.

 

[Palek]

Whoa, still running SP1? SP2 has been out for a very long time! Update your system! Go to the Windows Update site, someone above posted a link to it...

And stop using Outlook Express altogether, I suggest... There are other E-mail client programs out there without all the security holes of OE, that are just as functional or even better.

 

[ssoni223]

I use hotmail, so can I use a different email client other than OE ?
(Not sure if hotmail works w/ POP...) I would have to change to YHOO mail.

I'll run SP2, but no one told me how to turn off autopreview or HTML format
The virus was an AUTORUN virus. Turnig of AUTO PREVIEW would not save me
b/c I wouldnt know what was in the email till i clicked it open anyways.
Need to have TEXT based, so i have to EXPLICITY run the attachment

Thanks for helping

 

[Psychoholic]

<< This one got me, b/c of the auto preview, so I never even had a chance
this thing autoran,,,,it wasnt even an attachment,,,some kind of javascript inthe HTML possibly >>


If your virus definitions are current and you have your virus scanner set to scan all files that are run, this will be a non-issue.

 

[Palek]

I used to have a Hotmail account too, but I noticed that Norton Antivirus could not check the contents of incoming mails that were being downloaded from the Hotmail server, most likely because MS uses some proprietary technology to connect Outlook Express to Hotmail (otherwise you could use other mailers with Hotmail, which they definitely DO NOT WANT). Since Norton Antivirus cannot monitor emails coming to your Hotmail account, you should not feel safe even if you DO have the latest virus definitions.

I recommend that you limit your use of Hotmail to browsers, and you should be careful even with that, because some ill-willed people have been creating HTML-formatted mails that have malignant scripts in them - some of them allowing someone complete access to your machine if you just open them in Internet Explorer. You should try to use the Opera browser even for Hotmail, because it limits the use of certain scripts - among them the ones that pose a security risk - , and makes browsing safer altogether. Of course if you try to use Hotmail from Opera, Microsoft will attempt to scare you off with a warning message which says that Hotmail does not function properly with a browser other that IE or Netscape (I was amazed that they put Netscape in there even), but the only function I found unavailable so far was the Messenger window embedded in your Hotmail window when logged in, which I found a nuisance anyway... To make a long story short, it is not safe to use Hotmail with OE, and it is a little risky even with Internet Explorer if you open spam mail by mistake (but that is true for other web-based accounts as well if the provider does not filter emails for scripts).

Switch to Yahoo if you want a web-based email account that you can also use with an e-mail client. Yahoo uses standard POP which makes it available for virus checks by Norton Antivirus. Yahoo also functions properly with other browsers (like Opera). Besides, Yahoo ISN'T Microsoft, which is a big plus in my book. Not that I am one of those people who foam at the mouth upon hearing the name Microsoft, but I think that MS are getting enough of our time and money through their OS-es and office applications. I am ALL for boycotting the use of their free products that stifle competing companies.

Oh, did I mention that Opera has its own built-in email client? It does not have as many bell and whistles as Outlook or Eudora, but it works well, and it is perfect for using multiple accounts. The only problem with it right now is that Norton Antivirus does not recognize it as an email-client, therefore it is not possible to use filtering with it...

 

[ssoni223]

While on this topic, what is the best anti-virus product?
norton? McCafee?

I will need to phase out OE, but until then, I have an OE question:
Also, does anyone knopw how to turn off adding every single incoming email address to your address book?

Thanks for the replies!

 

[Sleater]

Another good security setting, since new viruses can run through html is to make these changes to Internet Explorer:

In IE go to 'Tools'--->internet options-->click on the security tab

Then click on 'custom level' and you'll find 5 Active-X settings at the top.

Click 'prompt' for all of them except 'download unsigned active-x controls' and 'initialize and script active-x controls not marked as safe' and select 'disable' for those two. You'll now be prompted everytime active-x wants to run (which is admittedly annoying). But it's safe. Always choose 'no' except when you're absolutely sure the site is safe and clean.

 

[ssoni223]

I changed the settings.
I also set "active scripting" to Prompt.
So these IE settings are carried over into OE?
Thanks for the tip !