Idiot ! Idiot ! IDIOT - Updated !!!! (McAfee VirusScan)

Member Name: sidneygee

Product:	McAfee VirusScan
Date:	30/11/01 (576 review reads)
Rating:

Advantages: Keeps your system free of Viruses

Disadvantages: You have to have it installed., Idiots like me use Computers

Right !! I am an IDIOT !!!! And although I have sorted out three users affected by the Badtrans virus - two by my own idiocy and one by someone elses - and gained 'brownie points' for doing so, I am still wearing sack-cloth and rubbed over with ashes.

If there was a brain-reprocessing plant in Edinburgh, then I would still turn myself over ...

The BACKGROUND
You see I have a McAfee VirusScan, but I had not re-installed it .... BIG MISTAKE !!!

My computer is now rather elderly and due for replacement soon. Exactly when this is done will depend on whether I am off for a few trips abroad over the next year. If I am, then I will not replace until I am back in the UK after these contracts. If you check the prices/specification of computers over the months you will understand my reticence.

I anticipate spending about £900 to £1000 on my next 'box'. Today, I could buy a better specification for £600 than I could for £950 three months’ ago. ... so whenever you buy, there is a better offer still, in only week or a fortnight.

Anyway, that is my excuse for trying to keep my current 150Mhz DAN Pentium struggling on for a few more months. But to do this, then periodically I find I have to clean the hard disks and re-install the Software.

This happened last about a month ago.

ANTI-VIRUS Software for Cheapskates
Those of you who know me well know that I am a star at cheap-skating – Indeed, I claim Welsh/Scottish/World & Olympic Championship medals (lol). So about 14 months' ago I was in a 'Bargain Books' shop and saw that they were selling McAfee Virus Scanners(Version 5.1.2) at a mere FIVE POONDS !!!! So I bought two ....

Well, you see, when you register on line, on www.mcafee.co.uk, you get 12 months' service from their website, and when this is expired you have to pay their annual fee, currently £17.95. Now you don't have to be slick at Ar
ithmetic to see that this payment of £10 would give me at least two years of professional protection..... So when I re-installed the software onto the hard disk, I did not re-install the Virus checker, thinking that I would wait for a little time, then install the second copy, and have another year of total protection. After all, what I was installing back was checked recently and was virus-free, and I have never fallen into the trap of opening ANY attachments that I did not know the history of.

On two occasions disgruntled Doo-Yooers have sent Virus-ridden attachments to me that have been successfully intercepted before they could do any damage.

Should I try to be more of a "Mr Nice Guy" on the site, so that I don't get sent these viruses ? (Naaaaah, enjoy it too much being 'uncompromising' - lol).

Indeed I knew that it was '.exe' and '.pif' attachments that were the main danger, so nothing that contained these attachments was ever opened.

But Why McAfee?
Now don’t get me started on a debate of the relative superiority of 'Norton', and any of the new-fangled ones.

Norton is more expensive than McAfee, and there are others which are cheaper. That is not the point. McAfee has been on the market for some years. When registered, it can be set to use its excellent update facility which checks the McAfee site for updates and downloads as necessary. There is absolutely no point in having Virus protection software if you don't update it frequently.

You can have it set up on your system in a variety of modes, but generally a 'System Scan' is all that is necessary for protection.

If you do not have a Virus-checking software, then registering online (at £17.95 for a year's updates)is cheaper than buying at PC World, at £24.95 and as long as you are sensible then you do not need the CD.

Installation is a very straight-f
orward step-wise process that even I can follow. McAfee also offer "Personal Firewall" at £20.95 on their site that I shall be considering for my new computer set-up.

"Personal Firewall is an online application service that offers Internet users advanced protection from system intrusion by hackers and other online threats. If you want to take advantage of all the extraordinary benefits of using the Internet while having the peace of mind that comes from knowing you're protected from the Internet's dangers, you need Personal Firewall".

Why my new set-up ? Well the current McAfee VirusScan software slows down my computer to snail's pace, so installing any more software operating whilst connected would be even greater idiocy on my part ....

BAD DAY !!
On 26 November, at 4.35 p.m., I arrived home and switched on the computer. At present we are still connected by a modem, through Freeserve Anytime, but will transfer to Broadband when the new 'box' is bought.

I opened Outlook Express, and Internet Explorer. Opened my "another.com" email accounts and "dooyoo.co.uk". Whilst they were loading I checked my Freeserve email account. A couple of messages for me and one for my son, apparently from BBC Radio 2 (but actually from one of their 'agents'), from a person named "Pam Hobson".

It referred to the "Radio 2 Young Folk Award", and the attachments were a ".txt" file and one labelled ".MP3.scr". Now this was thought by me to be an audio file, and this would be relevant, since a Folk-Rock group appearing in the Young Folk Award Final features our son as the Fiddler.... So I opened it. Logical .... but BIG Mistake!!

I soon realised that it was a virus, since the opening up of both sites through Internet Explorer were slowed right down, but the flickering icon was going like the clappers, showing that th
ere was a connection and that information was being exchanged with the Internet.

I checked the 'status' and it was obvious that loads of information was being transmitted FROM my computer.

It was no more than about 4 minutes in total, probably less.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Everyone must have felt that horrid empty fear in the pit of their stomach – I have certainly felt it before, but not for some time .... You see I had been able to avoid viruses, either by taking care not to open '.exe' and '.pif' files, or by having the software installed. But what I feared then was that I would have to download all my files onto zip discs, then wipe my hard-disks again, then re-install the software, and virus scanner, then scanning the disks and cleaning up any infected files ... a lot of time that I did not really have ... and a visit to York scheduled for the Wednesday of that week to discuss a rather large potential contract ... as I say, not the ideal time ....

And there is always the possibility that the files have become so corrupted that they cannot be 'fixed' ....

Solution ?
Well, I installed my 'unused' issue of McAfee onto the hard-disk, but this would not sort out the problem. I tried to connect to their website for an update, but gave up after about 3 minutes because the amount of traffic being sent out swamped that which was coming back. So, I switched off and had a wee think.

I went out to PC world at 7 p.m. and invested in an up-to-date copy of the McAfee Virus Scan software (6.0) for £29.95 including the QuickClean software. Tried to install it... Bl**dy useless. Because it is designated to operate with WIN 95B onwards. Mine is obviously the WIN 95A software, since the text appeared as a load of symbols on the screen.

(Needless to say those 'Mr Nice Guys' at PC World the next day wouldn’t take this back - a
nd the guy who told me when questioned that it was suitable for my machine even denied having spoken to me ! This, of course is another story .... Grrrrr ... )

"Right !" I said – well that wasn't exactly the word I used ...


But this 'new' version of VirusScan would not have been any use, since I now understand that this was a new virus, which would not have been dealt with on the CD-ROM, the whole point being that you have to update regularly or automatically.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

In this life, there are two sayings that come to mind and are relevant in this story:

"a little knowledge (which is what I have with computing) is a dangerous thing" ; and,

"it ain't WHAT you know .. it is ... WHO you know!".

So, phoned my Son ("No Chance .... I have this design Project to finish .. by the way, Dad, what do you know about hydraulic pumps .... ?").

Then elder daughter .....

As anticipated, she was more interested in sampling the delights of a restaurant booking made on www.5pm.co.uk, but she said she would ring back later.

So (much) later, she telephoned me, and recalled that at work (Accountancy Office) they had been warned about not opening ANY attachments, if they had not updated their Anti-virus software within the week.

Then (the Darling !) had an idea. You see, she has always remained 'good friends' with all her ex-boyfriends. There are so many of them, that they could certainly form two teams to play each other at soccer or cricket - and at this rate, it won't be long before they could form two Rugby Union teams ! Anyway, two of them have Degrees in Computing/Artificial Intelligence and work for computer service companies in Edinburgh, so she phoned the first (who was "too drunk"), and the second (who wasn't - for a change lol).


BADTRANS 32 V
IRUS
This friend, Iain, kindly allowed me to telephone him. He said that he had spent much of the day sorting out four of his company's clients with what was probably the same virus – "Bandtrans32". Once infected it would raid your list of email addresses and send messages and copies of itself to them in random. The ".scr" attachment that I had received is described as a "Windoze screensaver", and are simply (?) executable files that have had their extension renamed (if any of that makes sense to you !).

So, we must treat ".scr" or indeed any other name that we have not seen before as file attachments with the same wariness as an ".exe" or ".pif" attachment..

Iain took me through the process for removing the Virus from the computer without wiping the hard-disk. It took about 40 minutes at that time, but I have managed to take three people through the process (two infected by my email, and the other by someone else) each in about 20 minutes.

REMOVAL
You should search the website of the anti-virus software that you have for information about this virus and see if you can update the anti-virus software, but in the meantime you will have to remove the virus that you have.

Assuming it is this virus mentioned above then you need to go to:

"Shutdown",
Then restart your computer in "MS-DOS mode".

[Note not all of the deletes given below will operate - it depends on which variant of the virus that you have, but two or more of them should delete successfully - which thus give no message after pressing Enter.]

Those which are there and get deleted, will just return you to the 'Command Prompt' indicator after pressing "Enter".

At the command prompt type in turn :

del c:\windows\inetd.exe

del c:\windows\system\kern32.exe

del c:\windows\system\hksdll.dll <
br>
del c:\windows\system\kernel32.exe – (This was deleted with 'my' version of the Virus)

del c:\windows\kdll.dll

del c:\windows\system\kdll.dll - (This was deleted with 'my' version of the Virus)


Then to double check type:

"cd\dir inetd.exe/"

for each of the above files - none should be found.

Then Restart the machine:

You need to run the Registry Editor.

Make sure you DON’T CONNECT to the internet - take out the modem cable if necessary -
then go into Outlook Express and delete the message you got the virus from.

Registry Editor Instructions:
Boot up as normal into Windows.
Go to Start,
Then to RUN ; and then type
"regedit" in the box and click on "OK".

Use the registry editor like you would the 'File Manager' facility and navigate to :

"HKEY_LOCAL_MACHINE" ; then
"SOFTWARE" ; then
"Microsoft" ; then
"Windows"; then
"CurrentVersion" ; then

"RunOnce"

If there is an entry such as :

"kernel32" with "kernel32.exe" or "kern32.exe" on the right-hand side then
right-click on it and choose "Delete". Mine had "kernel32" with "kern32.exe"

This should remove the virus, but then the real 'fun' starts of putting the latest anti-virus software on your computer and telling all your friends that you have inadvertently sent out this virus.

I have done this – and it took some time. Several of my friends and contacts on DooYoo had received the file, and most had been sensible NOT to open the attachments.

I expect those are where the file was entitled "SEE_ME_NUDE" (NOT a pretty sight, I might add !!!)

Others were labelled "sorry_about_yesterday&quo
t; (highly unlikely !).

A total of 38 of my contacts have admitted to receiving an infected message from my computer and a further 25 have confirmed they have not received any, with a whole host who have not yet responded.


Moral of this story ?

Well, I regard myself as an idiot for not having my Virus software re-installed. In the past whenever a potential virus has appeared, then I have voiced oaths in the direction of the miscreant from whence it was directed.

Now, of course, I know that many of them probably acted in good faith and not knowing an expert in computing, had machines that they dared not re-connect to the internet before getting (expensive) professional advice.

Being possessed of a suspicious mind, I am undecided as to whether the source of the Virus is the Anti-Virus Software writers, or a major Computer manufacturer .... or one of those Computer Services companies ....


Footnote

This Virus seems to have caused many problems throughout the world. My next door neighbour has received SIX emails with the virus, from all around the world. I have received emails from companies who had just blank emails from me. One went so far as to telephone me hoping for an order ... So how much has that Virus cost industry ?

To remove it takes about 20 minutes if done verbally over the telephone, down to 10 minutes if the details can be sent by fax or post, and then the recipent guided through the removl process over the telephone.

The Agency that sent the Virus to me admitted to having received it from the publisher of a Folk Music magazine. It took a Computer specialist the whole of Tuesday morning to remove it from their systems ...... hmmmmm ... obviously a better Computer services company for that type of service exists in Edinburgh .... good 'ole Iain - a bottle of a good whisky is now in your hands (or, more likely, your stomach).

© Sidneygee 2001

Summary: