My first virus HELP!

[brobson]

I got an email with the title:
Returned mail: Data format error

"Dear user
We have found that your email account has been used to send a large amount of junk e-mail during the last week.
Probably, your computer was infected by a recent virus and now contains a trojaned proxy server.

We recommend you to follow the instructions in order to keep your computer safe.

Have a nice day,
aol.com user support team."

I very stupidly downloaded an attachment called aol.com.mim

Now I am getting 4 messages saying:

To: <jjensen@1800pharmacy.com>
Subject: Re:
Date: Wed, 08 Sep 2004 18:18:30 +0000

Problem: Virus found
MIME type: application/octet-stream
File name: Cat.com
Virus name: W32/Bagle.ai@MM
Antivirus: McAfee Scanning Engine (4389/4.3.20)

All invalid attachments of the message were deleted and the message was
delivered to the recipient.

ANd an email from http://www.newpicturesloginmemebers.biz
and someone cursing me inside.

WHat do I do!?!?!
Brenda
Mac OSX
333 imac 256/60 HD

 

[iLikeMyiMac]

Perhaps you had a windows attachment that was infected with a virus.

 

[Mudbug]

see if this helps: http://www.grisoft.com/us/us_remtext.php?id=bagbugnet

 

[jsw]

Is this on a PC?

Because it shouldn't be an issue with Mac mail unless you forward an infected email to someone else - then the virus can get forwarded.

 

[angelneo]

It could be that your email hijacked by spammers? It's really easy to spoof other people email identity. I have not used AOL email before so I am not sure of how high is this possibility
Are you using your Mac to check your email? If you are, I don't think that virus can infect a Mac.

 

[Mudbug]

If this is in fact on your mac, you can stop worrying because it's just a spoof. If it's a PC that you infected, then run the program in the link I gave you before. http://www.grisoft.com/us/us_remtext.php?id=bagbugnet

 

[MisterMe]

I got an email with the title:
Returned mail: Data format error

"Dear user
We have found that your email account has been used to send a large amount of junk e-mail during the last week.
Probably, your computer was infected by a recent virus and now contains a trojaned proxy server.

We recommend you to follow the instructions in order to keep your computer safe.

Have a nice day,
aol.com user support team."

I very stupidly downloaded an attachment called aol.com.mim

Now I am getting 4 messages saying:

To: <jjensen@1800pharmacy.com>
Subject: Re:
Date: Wed, 08 Sep 2004 18:18:30 +0000

Problem: Virus found
MIME type: application/octet-stream
File name: Cat.com
Virus name: W32/Bagle.ai@MM
Antivirus: McAfee Scanning Engine (4389/4.3.20)

All invalid attachments of the message were deleted and the message was
delivered to the recipient.

ANd an email from http://www.newpicturesloginmemebers.biz
and someone cursing me inside.

WHat do I do!?!?!
Brenda
Mac OSX
333 imac 256/60 HD

This is a well known hoax. It has been around for months. This thing spoofs your email address and your ISP. Now remember this: There are no Mac viruses. If there is ever a Mac virus, you will not be its first victim. If you ever get another email which claims that you have a virus, just ignore it. If you are afraid to ignore it, don't do anything silly. Post a copy of the scary correspondence here and someone will help you. In the meantime, if you are a .mac subscriber, install Virex. Otherwise, buy and install Virex, Norton, or another antiviral utility.

 

[brobson]

Thanks everyone!! It is so nice to have a place to turn. Everytime I got on live with apple tech, my computer froze.
Looking forward to my G5!
I guess I should put the Norton software on first? before I transfer my harddrive to the new imac?
Brenda

 

[brobson]

I really should use the preview button before I push send. I meant to say AOL live tech support froze, not apple.
Thanks again

 

[bostonwhaler1]

...

Norton tends to cause more problems than it solves. As far as a disk utility is concerned, the Mac Disk Utility in OS X is more than enough for most users. If you really want virus protection, get Virex, as mentioned above. If you're concerned about something on your current iMac "infecting" your new iMac, don't be. You don't have a virus, so there's nothing to worry about. Just link the two via firewire and transfer away!

Enjoy the new iMac, I'm jealous!

 

[brobson]

Thanks Again!

 

[varmit]

I really should use the preview button before I push send. I meant to say AOL live tech support froze, not apple.
Thanks again

you know there is an edit button, where you can change what you posted or put more in it.

edit: <-- This is to say I added to it using the edit function.

 

[buzzfgo]

New guy here. If you can't get a virus on a mac do you really need antivirus software?

 

[janey]

New guy here. If you can't get a virus on a mac do you really need antivirus software?

no. the antivirus companies just try to take advantage of Mac users who dont know better by trying to sell them antivirus software for the Mac.


If you're really worried, just think reasonably. Don't open attachments unless you know the person, make sure you have a decent alphanumeric password that you change once in a while, dont run things as root, you get the idea.

Now for a little bit of funny geeky humour, well...i find it funny lol. I found this in my apache access log. This is on my powerbook.

67.119.233.191 - - [04/Sep/2004:23:30:02 -0700] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 279
67.119.233.191 - - [04/Sep/2004:23:30:03 -0700] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 277
67.119.233.191 - - [04/Sep/2004:23:30:03 -0700] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 287
67.119.233.191 - - [04/Sep/2004:23:30:03 -0700] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 287
67.119.233.191 - - [04/Sep/2004:23:30:03 -0700] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 301
67.119.233.191 - - [04/Sep/2004:23:30:04 -0700] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 318

 

[Dr. Dastardly]

no. the antivirus companies just try to take advantage of Mac users who dont know better by trying to sell them antivirus software for the Mac.


If you're really worried, just think reasonably. Don't open attachments unless you know the person, make sure you have a decent alphanumeric password that you change once in a while, dont run things as root, you get the idea.

Now for a little bit of funny geeky humour, well...i find it funny lol. I found this in my apache access log. This is on my powerbook.

67.119.233.191 - - [04/Sep/2004:23:30:02 -0700] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 279
67.119.233.191 - - [04/Sep/2004:23:30:03 -0700] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 277
67.119.233.191 - - [04/Sep/2004:23:30:03 -0700] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 287
67.119.233.191 - - [04/Sep/2004:23:30:03 -0700] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 287
67.119.233.191 - - [04/Sep/2004:23:30:03 -0700] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 301
67.119.233.191 - - [04/Sep/2004:23:30:04 -0700] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 318

HAHAHA this stuff cracks me up!

 

[buzzfgo]

what does all that mean?

 

[fugeelama]

what does all that mean?

It means that someone's pee-cee virus was trying to access critical Windows files on a Mac... something that doesn't affect us Apple owners

 

[buzzfgo]

Stupid PC......

 

[Les Kern]

Ten bucks says the mail system is from Kerio.
We get dozens of those a day, and it spoofs. Often times it says "from the mchs tech team". Our users are pretty wise now that we told them about the virus warnings and capabilities of Kerio Mail Server. (An EXCELLENT product by the way)
Kerio has the ability to either silently delete the mail, or send the message stripped of the virus. I decided to "send" since we have a few users with an old Melissa virus infecting some of their Word files. Macs can carry, and Melissa DOES affect the Mac by opening as read only, and forcing you to "disable macros". Doing a virus scan then locking the "normal template" will stop further Mac infection. (Or getting rid of Word altogether, which is my dream!)
Bottom line: the virus writer has forced you to waste time and worry for nothing!

 

[7on]

New guy here. If you can't get a virus on a mac do you really need antivirus software?

Some people think it's necessary because you can get let's say a humorus picture from Uncle Bob in an email. You want to forward this picture to others, however, you didn't notice the "2 Attachments" thing in Mail. You send it, affecting PCs. Of course you need common sense to be able to notice a weird .pif attachment doesn't belong in a mail message - something which anti-virus owners lack.

 

[King Cobra]

Sometimes it's fun to get the most bizzare email messages:


From: "Bounced mail" <my isp>
Date: July 29, 2004 6:41:29 PM EDT
To: ----
Subject: DELIVERY REPORTS ABOUT YOUR E-MAIL

˝ôFLf◊öHR≠{u´˙Í≥uπfl…À9≥Æ\]«Z] ùˆÉo<¯√ê„Ï
â¿∏‡ê«e
“ÒÑ≥°ÚF$ÌÔıŸø∑üQ‚-LPfi2≤x‘Ç8Î◊ÑÌØÌ˘,œ
„flQ€û≠Y>πÀÍ©Êƅ4»Èo–◊OMx˘’
l1·0⁄
ÎÇÎ*◊SÏ
›‚¸„w◊Áx˙¯$ë^ ≈IÚÎ∞»¿ÅzÙ¶œ-[8”ï-‚
ƒ(ïeÑu'<û
H ˜óºrw≠∑ʗ∆™}h∏ëz¬B.Ӌ∂¸ìß8ôlÓ¶Ib>
ˆ›‹‘Ÿffi%ǃfiı'Yr
}뉪hmIn◊S›B´≠:∞°“c8â®,ˇ
fi¬“`_'JfiÜ7ì^·%)
^X√R¯æ˜O¶QõúìÂî≤á;’”Op¶nºJö"(?|ÔRßBP]m¶u"∞;¶«∂§˚’QÃA^ÎÍê úº
1
‘ÚĢ‡ªa
ßeng:r`ÕVÑüÒŘæ¯ßº¢)¢[ë‹çpU„›g›ŒÓ*}fi.“w®ü‹˛kµl∂Q´˛¶%eA‰∂h’*4ü˙e€‡Ã4%¨(P&ÍG˝\‘«ınˇŸ≤ÔgmƒÊ…◊™6u¶-QÃfi ‡Ñt*≤á\µïa#.ìxπp[:9æ∆-Yn∆I6F˝´
JY\p≥úha`[{≠ñ»8À8%EûSëß~.–ZáJo™{8¤ÈÜ"ªº∂ÈpgÏ2›uFf◊MK9Bòë0Ó°Ú¸§¯í}wôE´⁄K_\‰hØ´#fiRññS¤usñîa∏˛^-ËR±l„cRԇìjvTº0È}
®Pɢ.§IîÄNûͺeîùõ∞Ïi$Ì&¸û;÷ϓ1ü‡ 㛪¶n?"ïP‘
µ}‰ê9”ôÇT¨ è/ÀµΩNzõÌR‘àflµ¬µÎ\,”·7g2Ô˝©TN)ü4Ϙ‚Qî„5Æ[A˛eÂÌˇı0pRkòı∑¥Ç
z€ñ\*„PÂJΩRœãpöV9†∂LÃè'Qä˝f<c(¨öœ˝¬†^¤I8gWÑouÊ%rt¬`õù‘9y∞7.NÀ
ÙÉcœH5ÂJö©…ÁäΩX*‡
¥Q≠;^ùˇ¸Öåø%Õ~*0ÒŸ€$0v[Ï}M}‰sAÇ¢ëJ˘nZ∂NY*Ì˙;Ïr¶^û¤ØÉDRåB·´ÔÙvn¬2Y6/ïi…∏–¥a°8W7'—a
nlè£7ê<τdt?◊ÅÜ©i¯IEõ‰∑y
‘õJnπ\>Æ9ökVu≈¨ô.Á5*Pôwv.»§åih[ŔyŒ∑[ñ¡vQ)t˚HÄÒ8Qvkoœòyg©¿Ó«D)«e∆€ñUæ◊∞µ^Ïñ;çêöeä6
^≤≤À¢pé”8|\îѓç∆«ƒ§©∂ıe5iK®à()0”Vögh\¥y¤⁄‹1¢ ‹ËtM§¡RÂ∂ÆVVˆRÌ°Wi|„–ÊX`C:_Pëèd˜Aƒá{·ópÕUıµÔ™Fyí÷»àÌYø%҄¤ÑÉthg√ãÌ≥/∆∫¢Sr:fi…gٖÚ∂∞
Ù_Ó¥£doí‰öuäE5`77ûˇ˚¥·†„≤˚(ÏV`±wN Œflbü‘e¯˝`û0√lZgêÂôœ»b"\˝vHxäπ0¡.Ô∞Î ı!éõ
/ÀO‡NhT÷÷πE€ˇC6ù1·˙»
7–wıx8éñé
˛Õ6#∆µQõÍ{™zÎlüåv[í®∏[(ˇkr]ѪQ¢KÃYŒTÅÄX˚fi"Ü≤©«Ñ5≤3˙Eov8'Zúßûq¢Hæüñ¢¥ùH›A!Åm7ȧ
†ÁfiW!‹A<ßTJjLU¬¨CØԆ;≈‡≤#†I™òn¶¢Ãe¯bflN D`ï%˙ü§ú!ÇTQ&w‚—äè∂≠Kò˜Ê¬%¯≠*Ò∏Ï¢U»ú«—ÃnB∫≤´ÅˇÅ®)^œt5€ØØ)∂u◊`⁄Ø-GƒójÃêéƔZÒ©XArÑ\˚w ˚%¬◊sI§ K∂h#2úfl{O2¡(ë©≠J:ÉS0ˆHÒäúmä™;Fvfl°L¨{µbµ^˘ŸÖ°ƒßF¥OÉäÙ$€E°√¥ó¿Í”„™.'fiYÂAºl{√¥‚uÑ(nMy˛£tT√÷Õ˙◊”üBY ˝∂Añ˝d^≤b
l·Å¢f˚W˛`èÌ8-Ìñ¥6ôàÒè1ö∂n∂Ï≥BlÇ&´h[$΃3%OE¡ôü
¸!∑◊x>È`ùÉJ<˜
ßÈv≠û?b˜y7\jÇ÷ŸùO”îi…bı˚ACÁˇ€p·◊‹ßåÅ>
Sπä.<oâ™≥oÕH‰õ9d<◊lH¶<Ì˛¡,ÚÜvXé5-ߡ)ZÚîh/fÕ±≈œÔî)IƒçZ,d]òM†±áw»dl<É##ÌÂØflüc‡˙op7”
©≥*Ø'Ï8¬LQcÕsÅ°ºeûÖF].Ø«%¿…≤rZ
’Àπ˝ä‰≠Îh˚ù$^Sµ∞£-ô‹ôÅ®E∑ä¬X«‚9f¬¡ Ô_h5sz∏ÖÅ`xÒ&ø̵oJpGváéiÚzÏ∂©flcçÖsDßí≠û¥π'Ïz±8ı¿vd´Œ?Ïǒ÷.éÜ ˙ı¨S∞Z’ÜÙ#Ω˝€]Òz“¸˙ïÒÈ«
NX—ã“Ó±Ç≠AöôLŸ/mHë”è)¯[H#-≈Ԙ
!Çıæıáz&0€NɌ:1»Á’o∑!¸∞µÄ≈çfi}ùüºdF°ñ¸˝å≈πtöD’≈°
kçtH»oXK)^`¤®"π>]ê>
F˜q¢ıQk‘á©EWˇ£GföÕ?ı∑›®πäàe¯GXõ[î®O^܅ŒÚ£ü!hT‡∂ÊAƒì¡Ω"î¤?E0!OѤ1‚f¸†3ßtèJKÌo√ƒ–÷¡¢wÓ5~,L'<?LÁ_ﮘMÂÚ$PExÁ≈DŽ'1̀‚ô…©úölÄZ´ì¯≥l≈0dª‹»Øå*]Èb±_óıi®K™H¨Ó1„#Øm.Vu¥t¿"ÆlßÃ#-õ>„CìÀ”¯˛\⁄°Ç6ObZ%z¿}≠∆Ω3uï$óïÇ«Á;ızTFèY˜∫_XÁöÆIπRŸflyõ)B2U⁄x}BJ˜a∞U


Then have a text attachment at the bottom saying that my ISP deleted the following virus from the email using Norton Antivirus:


Norton AntiVirus removed the attachment: TRANSCRIPT.SCR.

The attachment was infected with the W32.Mydoom.M@mm virus.


Makes you feel right at [127.0.0.1] sometimes.

 

[MisterMe]

Some people think it's necessary because you can get let's say a humorus picture from Uncle Bob in an email. You want to forward this picture to others, however, you didn't notice the "2 Attachments" thing in Mail. You send it, affecting PCs. Of course you need common sense to be able to notice a weird .pif attachment doesn't belong in a mail message - something which anti-virus owners lack.

Do you have any evidence--much less, proof--that people who use antivirus software lack common sense?

 

[big]

There are no Mac viruses

The computer virus problem is much less prevalent under the Unix platform, but that does not at all mean it is nonexistent. Unix viruses (though very few) do exist. Additionally, some of the oldest worms are UNIX based! If you consider your data important, you need to accept these facts.


http://www.iwar.org.uk/comsec/resources/plausibility.htm

 

[brobson]

AOL shut me down

Well whatever it was, AOL shut me down.
SOmeone apparantly got my password so I had to get them on the phone to even check my email! Only a 25 min wait to change my password!
anyway here's what one message board on AOL for Mac said:

X-WinProxy-AntiVirus: Removed W32/Bagle.AW.worm

The same thing has been happening to me and the above is what it says in the scan. >>

The Bagle/Beagle family does not infect Macs. You got the warning because the infection on someone's Windoze box spoofed your email address. Here is probably more than you wanted to know.

The Bagle family of Trojans/worms has gone entirely through the alphabet with variants, and most of the way through a second time. These all infect Windows 95 and more recent releases of Windows. They do not infect Macintosh, Linux or Unix. In fact, there are more Bagle variants than there are Macintosh trojans - total.

Different Antivirus software companies use somewhat different names for the same family or for variants within the same family. A search on McAfee's Windows side turned up 64 records matching "W32/Bagle". http://us.mcafee.com/virusInfo/default.asp?id=alphar

Symantec calls the entire family "Beagle" instead of Bagle. A typical description is at http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.ao@mm.html (for Beagle.AO) or here:
http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.ap@mm.html for Beagle (Bagle) AP.

Bagle.AW may be something that McAfee and Symantec assigned a different letter suffix. OR it may be something that has so far only appeared in Eastern Europe. A Google search for "Bagle.AW" turned up a lot of posts in what appears to be Polish. http://www.idg.pl/ftp/pc_2905/Szcze...Sp.z.o.o..W32.Netsky.A.T..W32.Bagle.A.W..html

At any event, your Mac cannot be infected by any known Bagle or Beagle worms. All of these Windows worms spoof email addresses, so that bounces and Mailer Daemon warnings go to the spoofed address, not to the infected computer.

Yikes that's a lot of words.
Brenda

 

[Baron58]

Makes you feel right at [127.0.0.1] sometimes.

mmm... what you meant to say was "Makes you feel right at ~ sometimes"