CWNET COMPUTER VIRUS & SECURITY CENTER.
Alert! Spywares interferes with Microsoft patch!

Read the link above then download the programs to remove spywares below:

http://www.lavasoftusa.com/software/adaware/
http://www.safer-networking.org/en/mirrors/index.html

Currrent threat.
(Click the link below to get more info and virus removal tool)

Level Description Removal Tool Date
W32.Sasser.Worm FxSasser.exe May 1, 2004

W32.Netsky@mm

FxNetsky.exe April 28, 2004

W32.Mydoom@mm

FxMydoom.exe Jan 26, 2004

W32.Beagle@mm

FxBeagle.exe Jan 19, 2004

What is computer virus?

Malignant software that attempts to affect your computer without your permission. Viruses do not spontaneously generate; they are written by someone for a specific purpose. Many false warnings, or virus hoaxes, circulate on the Internet.

What is anti-virus software?
A program that scans your computer for known computer viruses. It will fix and remove the virus. The software needs to be updated regularly in order to protect your system from the new viruses being discovered every day.

What is a firewall?
An Internet firewall can help prevent outsiders (hackers,worms,etc) from getting to your computer through the Internet. Firewalls come in two forms, software or hardware, and they provide a protective boundary that helps screen out unwanted Internet invaders.

Why Do I Need a Firewall?
A firewall can screen for malicious Internet traffic such as hackers, worms, and certain types of viruses before they can cause problems on your system. In addition, firewalls can help keep your computer from participating in attacks on others without your knowledge. Using a firewall is especially important if you are always connected to the Internet, such as when you have a broadband cable or digital subscriber line (DSL or ADSL) connection. Click here to get your firewall.

Notice: Computer virus is in no way affiliated with CWNet or any CWNet services. While we will do our best to assist you, this is ultimately a end-user problem and is not supported by CWNet. We will provide links and vital information but may not be able to walk you through the complete removal of this virus. If you don't have anti-virus software installed on your PC, buy it and install it now! Click here for a list of top rated anti-virus softwares review.


Download Virus Removal Tool: http://securityresponse.symantec.com/avcenter/tools.list.html


Previous threat, Sobig / MSBlast virus:

Sobig

Yet another member of the Sobig virus family is loose. Sobig.f (w32.sobig.f@mm) spreads via e-mail and shared network files and could slow e-mail servers with excessive traffic. Like its siblings, Sobig.f has a built-in termination date, September 10, 2003, and can attempt to retrieve, download, and finally execute a Trojan to steal credit card numbers and other personal account information.

Tthe purpose of getting Sobig onto the computer is not to cause damage or purely to drive wide and rapid spread, but to gain control of machine, by downloading a Trojan and gain access to information such as bank details for the purpose of fraud. Such tactics effectively hand control of the machine over to the virus writer.

It will also enable unscrupulous marketers to disguise the source of spam by abusing victim's computers and identities.

With teleworking on the increase, and home security often less watertight than security within an organization’s own four walls, companies are warned to be aware that home users can represent their "Achilles heel".

How it works
Sobig.f arrives as an e-mail with the following characteristics:

The From and To addresses are collected from infected PCs, from files ending with the extensions .dbx, .eml, .htm, .html, .txt, and .wab.

The Sobig.f subject line reads:

  • Re: Details
  • Re: Approved
  • Re: Re: My details
  • Re: Thank you!
  • Re: That movie
  • Re: Wicked screensaver
  • Re: Your application
  • Thank you!
  • Your details

Its body text reads:

  • See the attached file for details
  • Please see the attached file for details.

The file attached to Sobig.f is:

  • application.pif
  • details.pif
  • document_9446.pif
  • document_all.pif
  • movie0045.pif
  • thank_you.pif
  • your_details.pif
  • your_document.pif
  • wicked_scr.scr

When executed, the worm will add the following to the system registry:

[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TrayX" = %windir%\winppr32.exe /sinc
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TrayX" = %windir%\winppr32.exe /sinc

Prevention
In general, do not open e-mail attachments without first saving them to hard disk and scanning them with updated antivirus software. If you do not have automatic antivirus signature file updates, contact your antivirus vendor to obtain the most-current antivirus signature files that include Sobig.f.

Removal
Most antivirus-software companies have updated their signature files to include this worm. The updates will stop the infection upon contact and, in some cases, will remove an active infection from your system. For more information, see Central Command, Computer Associates, F-Secure, McAfee, MessageLabs, Norman, Panda, Sophos, Symantec, and Trend Micro.


MSBlast

MSBlast (alias Lovsan, Blaster, and Posa) is an Internet worm that takes advantage of the Distributed Component Object Model (DCOM) Remote Procedure Call (RPC) interface buffer overflow flaw. Although Microsoft issued a patch on July 17, 2003, many people have yet to patch their systems. Ironically, the worm threatens to shut down the windowsupdate.com site, the source of Microsoft security patches. Because MSBlast is spreading quickly via the Internet and could shut down infected machines, this worm rates a 7 on the CNET Virus Meter.

How it works MSBlast does not spread via e-mail. Instead, it scans the Internet on port 135 looking for vulnerable computers. When it finds one, it attempts to exploit the DCOM RPC buffer overflow, create a remote root shell on TCP port 4444, then use FTP to download a file called msblast.exe onto the infected computer.

MSBlast contains a denial-of-service (DoS) attack aimed at Microsoft's windowsupdate.com. The attack will start on August 15 and continues throughout the end of the year. MSBlast updates the system Registry with the following line so that it will run each time the computer is rebooted.

Hkey_local_machine\software\Microsoft\Windows\CurrentVersion\ Run "windows auto update" = msblast.exe I just want to say LOVE YOU SAN!! Bill

Prevention
The best prevention is to install the patch from Microsoft. Users who have not yet patched their Windows 2000, NT, and XP systems should do so.

Removal
A few antivirus software companies have updated their signature files to include this worm. This will stop the infection upon contact and in some cases will remove an active infection from your system. For more information, see Central Command, F-Secure, McAfee, Symantec, and Trend Micro.


Get your firewall.

A firewall is built into Microsoft Windows® XP. Click here to get instructions on how to install your firewall with Windows® XP. If you have a computer with an earlier version of Windows, and it is connected directly to the Internet, you should purchase a firewall and use it. Check below for Firewall Software reviews, the link will bring you to a list of top firewall softwares. Buy one and install it for peace of mind.


Anti-Virus and Firewall Software Reviews


Cnet - Antivirus software reviews

Firewall Guide - Firewall software reviews

CNet - Firewall software reviews



Additional Links

Go here for the latest update on virus activity and removal process.

CNET Virus Alert Center.


Symantec Security Response

McAfee Security

CA Virus Information Center