View Full Version : Virus warning! The "AnnaKournikova" virus is eating us alive!
02-12-2001, 03:53 PM
Heads up! We are right in the middle of a virus plague at my firm, and we're going crazy. Warning to Dopers, although most of you have probably already heard: don't open any email with the words "Here you have . . ." in the subject line, and especially don't open its attachment called something like "AnnaKournikova.jpg . . ." Save yourself some major grief.
02-12-2001, 03:57 PM
Thanks for the heads up!
The attatchment is AnnaKournikova.jpg.vbs
We just got the alert from our security.
02-12-2001, 04:24 PM
I just got the alert here as well. Melissa clone. Great.
02-12-2001, 04:29 PM
We got it too! How many times is it going to take before the people stop opening unknown files, especially those with extensions they don't understand? Aaaauugh!
02-12-2001, 04:41 PM
Well, if you saw some of the Anna Kournikova pictures going around about a month ago, you can guess as to why some dumbasses open the files. Thanks for the heads up.
02-12-2001, 04:41 PM
I got the first one at 9 a.m. this morning, and as usual, viewed it first. The attachment didn't look at all kosher, and the email was not typical of the type that the sender usually forwarded to me, so I deleted it without opening it. You don't have to be a computer brainiac to do this; just use some horse sense.
Then in a couple of hours, we got hit by a huge storm of duplicates of that email, and all of them were "from" people in this firm in high positions, people whom one would suppose had enough brain cells to know not to open suspicious emails! Aaaaargh! And they're still coming, even as I type!
02-12-2001, 04:41 PM
Outlook was kind enough to open it for me; I didn't have the vbs filter on. Does anyone know how to get rid of the damn 0 byte file it leaves?
02-12-2001, 04:42 PM
I just got about 50 copies of this from various people. Don't these people realize that a 6KB image of Anna Kournakova wouldn't be worth looking at anyway, even it it wasn't a virus.
02-12-2001, 04:49 PM
Well, they announced it over our PA system at work at around 11:30AM. AND they sent out an e-mail. AND I got at least 25 copies in my inbox.
If I didn't open it, it can't get into my personal address book(seperate from the company address book), right? Just want to make sure, so I can warn those who would need to be warned.
02-12-2001, 05:01 PM
Where I work, everybody has a global address book that is about 60,000 names long. My last name starts with S, I have so far recevied 10 copies of this. The guy who sits across from me has a last name that starts with A. He has received 183 copies of this.
We must have better filters on our mail servers, or higher bandwidth servers. The Love Bug brought us to our knees but this doesn't seem to be having much affect (other than me and the guy across from me getting to comment on the intelligence of our colleagues).
This is a reason why I still use pine for email. Long live ISP shell accounts.
02-12-2001, 05:21 PM
soulsling's hot on the trail (http://boards.straightdope.com/sdmb/showthread.php?threadid=59650) of this obnoxious little script kiddie, if anyone wants to find him and punch his lights out. None of the emails have actually reached my inbox yet; our IT people sent out a warning today, but I still expect my inbox to fill up tomorrow.
Althea, you should be able to just delete that file if you've already deleted the virus itself. Have you tried Symantec's removal instructions (http://email@example.com)?
Of course, all this could be avoided if people would just get rid of the big virus on their machines--you know, the "Outlook" virus.
02-12-2001, 05:39 PM
Balance, I went to Symantic's removal instructions first. VirusScan killed the original file, but I had to reboot before it would let me get rid of the 0 byte copy it created. Damn Windows ME doing stupid shit again. Thank you though.
Here's a better heads up for everyone: don't open ANY .VBS FILE, EVER! AND MAKE SURE WINDOWS IS DISPLAYING YOUR FILE EXTENSIONS, SO YOU DON'T OPEN A FILE THAT APPEARS TO BE A .JPG WHILST REALLY BEING A .VBS!
Man, I'm glad I'm not working in tech support now. Last year it was a shitstorm when half the people in my fucking office opened that stupid "Here is a loveletter from me!" virus. These email viruses come around every year or so, and they're always the same thing: VBScript attachments. So just play it safe and don't open them, when was the last time anyone used vbscripts for a legitimate use? And while I'm at it, I'd like to send a big "Fuck You" to Microsoft for making it so easy to create these things. Thank you for listening to my brief rant.
02-13-2001, 06:51 AM
Gosh, I have Outlook. I also have a Norton Virus subscription.
Is there a way I can tell Outlook NOT to automatically open mail? If I get rid of Outlook, how will I read my mail?
I'm soooo confused.
02-13-2001, 10:23 AM
Lisa, I use Netscape Messenger at home--it works very nicely, without all the extraneous junk ("features") that Outlook insists on using by default...like automatically running vbs files. I also have a web-based email account (the Excite account to which my published address here is linked). I despise Look Out!...I mean "Outlook", not because it's a Microshaft product, but because it's Evil and Rude.
If you really don't want to get rid of it (or can't, for IT hysterical reasons), you can set it up not to open the VBasic scripts. Make sure that you set it up to show extensions as well, so that you don't get tricked into opening one yourself. The lastest plague the script kiddies have started uses a filename of the form x.xxx with a ".vbs" extension. By default, Windows as a whole hides the extension, so it looks like a file of another type--a text file, bitmap, or jpeg for example. That's burned a lot of people.
02-13-2001, 10:45 AM
Virus type: VBScript
This VBScript virus/worm needs the file WScript/CScript.EXE to
run. This type of virus is generated by a program that was created by
(K)Alamar. This virus is polymorphic and can have many features.
For each feature enumerated in the Technical Details section, follow its corresponding number with the number below on how to clean it.
1.. From the Start->Run menu, type REGEDIT. Click on the plus
(+) sign until you reach the key Run:
Search for the key that points to the worm and delete this
key. Then click on the plus (+) sign until you reach:
From here, delete the key "Worm".
2.. No cleaning required
3.. Delete the file SCRIPT.INI for mIRC and EVENT.INI for PIRCH.
4.. Delete the files detected as VBS_KALAMAR
5.. No clean needed
6.. No clean needed
7.. No clean needed
Scan your system with Trend antivirus and delete all files
detected as VBS_KALAMAR. To do this Trend customers must download the latest
pattern file and scan their system. Other email users may use Trend
HouseCall, a free online virus scanner.
vBulletin® v3.7.3, Copyright ©2000-2013, Jelsoft Enterprises Ltd.