I've been getting several emails the past couple of days containing the "SoBig" virus. For those of you who don't know, the message usually just says "re:details" or "Thank You" or something like that, and has an attachment somewhere around the 100kb mark. It's pretty nasty, and growing daily. It's actually a worm, so it's nastier than your average virus. Naturally, DON'T OPEN it.

Anyway, make sure your virus programs are up to date, and even run a couple of the free online scanners. Here are a couple of good ones:

http://security.symantec.com/default.asp?productid=symhome&langid=ie&venid=sym

http://housecall.trendmicro.com/

Take Rob's advice. /ubbthreads/images/graemlins/flag.gif Rob has just finished cleaning the sYc's main computer, something like 32 different virus'. Started with one, not for sure how, most likely something I did. It took out our virus protection, and away it went. /ubbthreads/images/graemlins/thumbsdown.gif

Rob & Tom, and all.
We had it here at work too. It gets into your address book and pulls names, then sends emails with the virus attachments. Since it appears to be coming from someone you know, you're likely to open the attachment, then you're "dead".
It was also in our local newspaper this morning with a list of the common email titles. Other ones are "wicked screen saver", and "your application". Drag those straight to the trash and empty your trash.
The "patch" for the Microsoft worm is available on the Microsoft web site.
By the way, my system is scrubbed clean now, so don't worry about getting it from me.
Be careful, and good luck to all.
Verne.

FOR THOSE OF YOU THAT HAVE A COMPUTER AT HOME. THIS MIGHT BE SOMETHING TO
THINK ABOUT, IT SOUND EASY ENOUGH

Subject: COMPUTER TRICK

This was in an issue of "PC World" magazine. It does work! As you
may know, when/if a worm virus gets into your computer it heads straight
for your e-mail address book and sends itself to everyone in there, thus
infecting all your friends and associates. This trick won't keep the virus
from getting into your computer, but it will stop it from using your
address book to spread further, and it will alert you to the fact that the
worm has gotten into your system.
Here's what you do:
First: Open your address book and click on "new contact" or "new person"
just as you would do if you were adding a new friend to your list of email
addresses.
Second: In the window where you would type your friend's FIRST name, type
in !000 (that's an exclamation mark followed by 3 zeros). In the window
below where it prompts you to enter the new email address, type in
WormAlert.
Third: Then complete everything by clicking add, enter, OK, etc.
Now, here's what you've done and why it works: the "name" !000 will be
placed at the top of your address book as entry #1. This will be where the
worm will start in an effort to send itself to all your friends. But when
it tries to send itself to !000, it will be undeliverable because of the
phony e-mail address you entered (WormAlert). If the first attempt fails
(which it will because of the phony address), the worm goes no further and
your friends will not be infected.
Here's the second great advantage of this method: If an e-mail cannot be
delivered, you will be notified of this in your InBox almost immediately.
Hence, if you ever get an e-mail telling you that an e-mail addressed to
WormAlert could not be delivered, you know right away that you have the
worm virus in your system. You can then take steps to get rid of it.
Pretty slick, huh? If everybody you know does this, then you needn't ever
worry about opening mail from friends.

I've had this on my computer for a few months and it hasn't been activated so it hasn't alerted me yet. So far so good! /ubbthreads/images/graemlins/biggthumpup.gif

Man the tricks you computer WIZARDS come up with!I did as exactly as you said to do and it is there.I have the old windows 98 so the last problem with windows did not affect my old 98 just the newer versions,but last year I bet I got that Klez crap 15 times if I got it once.Finally got Mcafee and changed to ev1.net and so far everything has been good.I have received numerous alerts from ev1 postmaster saying I had been sent a virus but they will not let them get through.I guess computers are sort of like sex! sometimes you just can't be protected enough /ubbthreads/images/graemlins/grin.gif

Bobby

Thanks, I ran the first link this morning. It took almost 30 minutes so be patient.

Yep, it will take a while, but it's worth it. It's best to run as many virus scans as you can, both licensed and free...I've had different scans pick up different things more than once.

And, according to the news, the SoBig thing is getting around.

I read the info on this great site every day and came upon this thread about viruses. Can anyone help me. I'm not certain why this is happening: I have Eudora Lite email program. I also have Norton scanning my incomimg and outgoing emails. Just today I started getting the following message when I check my email:

(Yield Sign) There has been an error transferring your mail. I said:
PASS <shhhh! Don't tell anyone>
and then the POP server ([email protected]) said:
ERR connection closed by peer

I don't get the message every time. Just sometimes and then it asks me for my password. Password should be saved as always. I type in my password and it will let me check my mail a couple of times and then I get the same message again.
I tried to use my wifes email through her computer to send myself an email and I get it alright, but when I use my own email ([email protected]) and try to send myself an email, I can't receive it. Also when I use my account to try to send my wife an email, she doesn't receive it. Could this be some sort of Virus? Please help. Thanks! Bill Brown (redlines4us)

With regards to my post above. I think my Norton was trying to stop an email from entering my box that had a virus attached. /ubbthreads/images/graemlins/beers.gifI turned off my virus protection on my email account, checked my email without opening attachments. I then discarded the emails, turned on my virus protection and it works just fine. Later! Bill

I kind of thought that might be the deal. Our inbox has been getting flooded with "failure notices" due to others being hit with SoBig.

Thanks Rob!

Just a note to be careful of all of those "Microsoft update" or "Microsoft patch" emails that are flooding everyone's inboxes. They're NOT from Microsoft (go to properties and check the header info), so be VERY careful. I had a link to some info about with and actual name of the virus, but in all this board nonsense I've managed to lose it. So, if someone has it, post it, so we can all take a look.

I still have one copy on the wifes deleted files but am afraid to touch the thing, it really hosed me big time, How do I post it without opening it!!

Bud.

No no, I am looking for a link to info about the virus, not a copy of the virus itself! I've got plenty of those here!

If anyone runs across an article about it, just post THE LINK! /ubbthreads/images/graemlins/grin.gif

Swen worm articles:

Yahoo News (http://story.news.yahoo.com/news?tmpl=story&cid=74&ncid=74&e=3&u=/cmp/20030920/tc_cmp/15000773)

Washington Post (http://www.washingtonpost.com/wp-srv/technology/articles/svenwormgrafix_091903.htm)

Microsoft (http://www.microsoft.com/security/antivirus/swen.asp)

Link to a free tool to remove the worm from your system:

McAfee "Stinger" (http://vil.nai.com/vil/stinger/)

I thought that might get your attention, /ubbthreads/images/graemlins/haha.gif /ubbthreads/images/graemlins/haha.gif /ubbthreads/images/graemlins/haha.gif

Bud.