Hydrogenaudio Forums

Misc. => Off-Topic => Topic started by: NeoRenegade on 2001-11-30 23:33:38

Title: Run a virus scanner
Post by: NeoRenegade on 2001-11-30 23:33:38
I have just been infected with the Colombia virus. My MP3's were all copied into 12kB VBS files (luckily I didn't lose them), and all my JPG files were lost (converted to 12kB VBS files). I have reason to believe this site may be the infection point. It's worth making sure that it isn't.
Title: Run a virus scanner
Post by: JohnV on 2001-11-30 23:54:53
Quote
Originally posted by NeoRenegade
I have just been infected with the Colombia virus. My MP3's were all copied into 12kB VBS files (luckily I didn't lose them), and all my JPG files were lost (converted to 12kB VBS files). I have reason to believe this site may be the infection point. It's worth making sure that it isn't.
Excuse me, but what reasons you have to believe this site is the infection point?? Only possible thing I can even think of would be the account confirmation by email, but I really think people would have noticed something by now if this was the case. I really dont think hydrogenaudio spreads any email worm...

VBS_COLOMBIA
Aliases:
COLOMBIA, vbs/plan.a, plan.a, VBS/LoveLetter.worm, Vbs.Plan.A, VBS.LoveLetter.Variant, VBS/Loveletter.AS

Description:
This VBScript virus is another variant of the infamous VBS_LOVELETTER virus and uses the Windows Scripting Host (WSH) CSCRIPT.EXE/WSCRIPT.EXE to run the program.  Once executed, it looks for files with specific file extensions and overwrites them with its codes. If the current system date is September 17, it displays a message and disconnects all network drives mounted by the user.
Title: Run a virus scanner
Post by: NeoRenegade on 2001-12-01 01:27:45
Aside from www.winamp.com (http://www.winamp.com) and www.audiograbber.com-us.net (http://www.audiograbber.com-us.net) this is the only site I've been to today, literally.
Title: Run a virus scanner
Post by: JohnV on 2001-12-01 02:14:14
Eh so? Did you get email from hydrogenaudio.org domain today or what? It's an email worm.
Title: Run a virus scanner
Post by: JohnMK on 2001-12-01 02:28:51
Quote
Originally posted by NeoRenegade
Aside from www.winamp.com (http://www.winamp.com) and www.audiograbber.com-us.net (http://www.audiograbber.com-us.net) this is the only site I've been to today, literally.


This virus spreads via e-mail *only*. You should make sure you set up Outlook Express (since that's probably what you're using) to 'secure mode' or whatever it's called in the preferences.

Go Xing.

John
Title: Run a virus scanner
Post by: Somebody on 2001-12-01 03:03:49
Quote
Originally posted by Keynes

Go Xing.

Yes. Go Xing.
Title: Run a virus scanner
Post by: NeoRenegade on 2001-12-01 18:39:35
Go Xing? You know where I want it to go
Title: Run a virus scanner
Post by: NeoRenegade on 2001-12-02 20:46:16
I very possibly could have caught LoveLetter from here, because I have e-mail notification turned on and thus have opened 5+ e-mails from the hydrogenaudio mailer.
Title: Run a virus scanner
Post by: Dibrom on 2001-12-03 22:15:15
Quote
Originally posted by NeoRenegade
I very possibly could have caught LoveLetter from here, because I have e-mail notification turned on and thus have opened 5+ e-mails from the hydrogenaudio mailer.


I seriously doubt this has anything to do with hydrogenaudio.  This site isn't run on windows or anything like that.  Admittedly I haven't really read up on this virus, but I think whatever place was sending out this virus would have to be infected by it, and it requires the windows scripting host, that means it'd have to be running windows, which pretty much eliminates this site as a possibility.
Title: Run a virus scanner
Post by: NeoRenegade on 2001-12-04 16:41:33
Ok, good to know there's no problem with HydrogenAudio. The virus has been wiped from my computer, and the only remnant is the contents of My Computer looking odd when viewed "as a webpage"
Title: Run a virus scanner
Post by: Neo Neko on 2001-12-07 06:51:21
Microsoft strikes again!
SimplePortal 1.0.0 RC1 © 2008-2020