Commercial Antivirus sites (which also generally have free removal tools, including for BugBear and Klez): http://www.mcafee.com/ http://www.norton.com/ Mcafee's page about bugbear, which also has a link to a removal tool for Bugbear and Klez http://www.mcafee.com/anti-virus/viruses/bugbear/ Download page for the removal tool: http://vil.nai.com/vil/stinger/ If you don't have an anti-virus program, consider www.grisoft.com (free antivirus program with free updates). If you don't have protection on your home computer consider ZoneAlarm http://www.zonelabs.com a personal firewall product free for personal use. Cheers Paul Hanly ----- Original Message ----- From: "margm" <[email protected]> To: <[email protected]> Sent: Saturday, October 05, 2002 5:55 PM Subject: [NE] Virus warning from List Admin > Dear Listers > I copied this from Rootswebs latest Review Newsletter . > Please becareful > # 1 rule is NEVER open a file attachement you arent > expecting. If one comes thru from someone you know and it > has a funny file extension ..... DONT OPEN IT > Or if you absolutely must open it to a floppy disk . If it > is a nasty no harm is done > > This latest Bugbear one is mimicking some rootswebs mailing > lists . You can not get any virus thru Rootswebs system > > Rule number 2 is to have up to date anti virus software > > Text below is from the Rootsweb Review > > " > . Be Careful Out There. The Bugbear is no teddy bear. It is > an e-mail > worm containing backdoor components that can allow an > infected system to > be remotely compromised; it also includes the ability to > kill antivirus > and firewall software, leaving infected systems wide open to > further > attacks and lulling you into a false sense of security > thinking your > system is virus-free. Genealogists have much more > interesting things to > do than deal with an Internet worm with a Trojan horse, but > such is life > online. > > Bugbear, which hit Great Britain and Australia users first > on Monday, > September 30, according to news reports, is also known as > Tanatos. It > arrives via e-mail with no distinct characteristics except > that the > attached file is always 50,688 bytes long. The subject line > and text are > stolen from existing e-mail it finds on an infected machine. > Many > RootsWeb users are expressing concerns about this latest > varmint because > unless you pay extra-careful attention you might think an > e-mail with > the attached Bugbear worm is coming from a trusted genealogy > friend, > family member, or from your favorite Mailing List. > > RootsWeb's Mailing Lists do not allow any attachments, but > that doesn't > mean you won't receive something that will fool you into > thinking the > message is from a RootsWeb Mailing List. This is one clever > worm. There > are confirmed reports of Bugbear even forging some prepends > commonly > used on many of our Mailing Lists. If you receive e-mail > with an > attachment that appears to be from say [SURNAME-L] and you > are not > subscribed to that Mailing List, that is a good indication > that it is a > message with the Bugbear worm attached. Even if you are > subscribed to a > certain list and there is an attachment, do not open it. > > Many of us are still fighting off the Klez worm, which > steals and forges > our e-mail addresses and subject lines, and now along comes > Bugbear and > the Opaserv worms. The latter is a network worm that was > discovered > September 30 also. > > Are you at risk? You certainly are if you are a Windows > user, and > especially if you use Microsoft Internet Explorer 5.01 or > 5.5 browsers > and have not applied the patch found in MS01-020. > [Note: Copy and paste carefully; this is a 2-line URL:] > http://www.microsoft.com/technet/security/bulletin/ > MS01-020.asp?frame=true > > According to CNET News.com, a flaw in MIME (the multipurpose > Internet > mail extensions) lets a malicious program attached to an > e-mail message > execute (start) when the text of the message appears in > Outlook or > Outlook Express (popular e-mail applications). The software > problem was > patched by Microsoft almost 18 months ago, but it is obvious > that many > genealogists have not updated their computers. Don't know > what version > of Microsoft Internet Explorer you have? Launch the browser, > click on > the Help menu and select About Internet Explorer to find > out. > > To prevent infection, Windows users be sure your system is > current: > http://windowsupdate.microsoft.com/default.htm > and everyone should update their antivirus software and > refrain from > opening any attachment unless the sender confirms that he or > she sent > it to you. The major antivirus (AV) software companies have > updated > their files to include protection from Bugbear -- but you > need to be > sure your AV is up-to-date. Moreover, don't rely exclusively > on your AV > to protect you from every virus or worm that comes along. > > If you use Outlook or Outlook Express for your e-mail > application, be > sure to set your VIEW options to show attachments. In > Outlook Express > make sure that the Preview Pane option is off. In Outlook, > under VIEW, > turn off the Auto Review and the Preview Pane. Some e-mail > clients treat > Mailing List digests as separate attachments, but those will > always have > the Mailing List digest request address as the FROM address > and they > will have the digest volume and number in the subject line. > However, be > wary, if attachment is exactly 50,688 bytes, it probably is > the Bugbear. > > For additional tips and links, please see: Virus, Trojans, > Worms: > http://helpdesk.rootsweb.com/announce.html#virus > E-mail headers: > http://helpdesk.rootsweb.com/listadmins/headersfull.html > > > When in doubt throw it out ! > > Bye > Marg Morters > List-admin > NSW-CENTRAL-COAST > NSW-SYDNEY > NSW-NEW-ENGLAND > AUS-USA > > > > ============================== > To join Ancestry.com and access our 1.2 billion online genealogy records, go to: > http://www.ancestry.com/rd/redir.asp?targetid=571&sourceid=1237 >