I recently discovered that my computer had a worm called the "blaster
worm". I was able to delete two files that were causing the problem,
but one came back and I deleted it a second time. I've been scanning
the computer with Norton anti-virus, there's no virus but the computer
is still running slow.

The problem I have is that I'm concerned I'll spread the worm to
anyone who downloads one of my Mp3 songs off the internet. I recently
uploaded my first Mp3 onto soundclick.com and no longer allow it to be
downloaded. This hurts my chances of moving up in the charts.

I thought that maybe if I scanned the Mp3 with Norton before sending
it, it might be ok, but I don't know. This bugs me because to really
hear the good sound of the song it should be downloaded. I tried
listening it directly from the website over my dial-up connection and
it sounded like you-know-what. But when I downloaded the song to my
computer it sounded just fine.

Phil

I don't think so.

In rec.audio.pro, (Phil) wrote:

I recently discovered that my computer had a worm called the "blaster
worm". I was able to delete two files that were causing the problem,
but one came back and I deleted it a second time. I've been scanning
the computer with Norton anti-virus, there's no virus but the computer
is still running slow.

If there's no virus, SOMETHING has to be causing the computer to
run slow. Perhaps you still have something that Norton didn't find. Do
you have the absolute up-to-date this evening's
virus-signature-whatever files for the Norton scanner?
I've used this online scanner. All it's ever detected on my system
are the huge number of viruses in the email attachments subdirectory
that I never "open" and so they're not running on my computer.
http://housecall.trendmicro.com/

The problem I have is that I'm concerned I'll spread the worm to
anyone who downloads one of my Mp3 songs off the internet.

MP3 files don't have any executable code, and can't carry a virus.

But I'm sure Microsoft will release a virus-enabled lossy
compression format any day now...

I recently
uploaded my first Mp3 onto soundclick.com and no longer allow it to be
downloaded. This hurts my chances of moving up in the charts.

I thought that maybe if I scanned the Mp3 with Norton before sending
it, it might be ok, but I don't know.

If you're worried about a file, that should do it...

This bugs me because to really
hear the good sound of the song it should be downloaded. I tried
listening it directly from the website over my dial-up connection and
it sounded like you-know-what. But when I downloaded the song to my
computer it sounded just fine.

Phil

-----
http://mindspring.com/~benbradley

"Ben Bradley" wrote in message
...
In rec.audio.pro, (Phil) wrote:

I recently discovered that my computer had a worm called the "blaster
worm". I was able to delete two files that were causing the problem,
but one came back and I deleted it a second time. I've been scanning
the computer with Norton anti-virus, there's no virus but the computer
is still running slow.

If there's no virus, SOMETHING has to be causing the computer to
run slow. Perhaps you still have something that Norton didn't find. Do
you have the absolute up-to-date this evening's
virus-signature-whatever files for the Norton scanner?

I've never had a virus disable my computers as much as Norton virus
scanners.

Makes me wonder if the problem is the shovel, rather than the hole.

dtk

The blaster worm may not be stopped by anti-virus scanners, since its
primary method of propagation is not file based. It uses a vulnerability in
the windows TCP/IP stack to attack directly over the network .Whilst
anti-virus SW may clean it, it will not prevent you being re-infected as
soon as you connect to the network. You either need to use firewall software
(or a hardware firewall) to prevent this, or fix the vulnerability by
patching your system.



"dt king" wrote in message
news:FUeyb.362400$Tr4.1074334@attbi_s03...
"Ben Bradley" wrote in message
...
In rec.audio.pro, (Phil) wrote:

I recently discovered that my computer had a worm called the "blaster
worm". I was able to delete two files that were causing the problem,
but one came back and I deleted it a second time. I've been scanning
the computer with Norton anti-virus, there's no virus but the computer
is still running slow.

If there's no virus, SOMETHING has to be causing the computer to
run slow. Perhaps you still have something that Norton didn't find. Do
you have the absolute up-to-date this evening's
virus-signature-whatever files for the Norton scanner?

I've never had a virus disable my computers as much as Norton virus
scanners.

Makes me wonder if the problem is the shovel, rather than the hole.

dtk

No. Would you like to?



--
I'm really Mike Rivers - )
However, until the spam goes away or Hell freezes over,
lots of IP addresses are blocked from this system. If
you e-mail me and it bounces, use your secret decoder ring
and reach me he double-m-eleven-double-zero at yahoo

The msblaster file is actually a "call home" initiator that, once on your
system, makes a call out to the actual virus file, so while it's possible to
delete the file, you also have to make certain that it's not running in the
background ready to re-infect your machine. If you're running Win2k or XP
check the task manager. If it's running, end the process and then go out
and delete the files and then run the virus software. Put a firewall on
your computer and don't give it permission to go out on the net with any
programs you don't first give authorization to. If you don't know why an
application wants to have a file access the internet, tell it no. ALWAYS.

--


Roger W. Norman
SirMusic Studio
Purchase your copy of the Fifth of RAP CD set at www.recaudiopro.net.
See how far $20 really goes.




"Phil" wrote in message
om...
I recently discovered that my computer had a worm called the "blaster
worm". I was able to delete two files that were causing the problem,
but one came back and I deleted it a second time. I've been scanning
the computer with Norton anti-virus, there's no virus but the computer
is still running slow.

The problem I have is that I'm concerned I'll spread the worm to
anyone who downloads one of my Mp3 songs off the internet. I recently
uploaded my first Mp3 onto soundclick.com and no longer allow it to be
downloaded. This hurts my chances of moving up in the charts.

I thought that maybe if I scanned the Mp3 with Norton before sending
it, it might be ok, but I don't know. This bugs me because to really
hear the good sound of the song it should be downloaded. I tried
listening it directly from the website over my dial-up connection and
it sounded like you-know-what. But when I downloaded the song to my
computer it sounded just fine.

Phil

Mike Rivers wrote:


No. Would you like to?

Actually it *MIGHT* be possible. If the scum can find a buffer overflow in
whatever windows uses for its default Mp3 player (say trusting the file
about the length of some data) and it is exploitable then the potential
exists. Given the record of problems with
IE/Sendmail/SSHD/MSExchage/IIS.... (Across various platforms) I am inclined
to suspect that a program which is less obviously network based and which
will have had far less scrutiny may well have such a vulnerability.

Actually the nasty trick would be for someone to find a vulnerability in one
of the common windows P2P clients then distribute a interesting looking
file with a payload which modified all the files in their shared diretory
to also have the payload (but still play correctly). Not an easy thing to
do, but very nasty if someone pulled it off.

You almost have to take the view that *ANY* application which is going to
be widely deployed and where the users will tend to share files needs to be
written to not trust anything about the file to be correct (and extensively
code reviewed to try to ensure that this is the case).

Given that I have seen this bogosity in a piece of safety critical realtime
code:

void cmd_extract (char *message)
{
/* cmd is up to 3 non nul chars followed by a comma */
char cmd[4];
int i = 0;
/* Function to call */
int (*fn)(int, int, char*);
fn = NULL;

/* Extract the command */
while (message[i] !=','){
cmd[i] = message[i];
i++;
}
cmd[i] = 0;
------ do lots of other stuff */

message was receved over an RS232 link in an electrically nasty enviroment.
Once in a blue moon this thing would cause a hard crash, what was eventually
discovered was that occasionally the comma would be corrupted in
transmission.

This actually got thru a SIL level 3 review and made it into a prototype
before the problem surfaced, if it was in something where a crash after a
month of continious operation would not have caused a weeks worth of debug
effort for the whole team then it would very likely have made it into
production.
Now this code was not written by a stupid man, and the reviewers included
one of the best code reviewers I have ever met, but still it got thru.

It seems *very* likely that normal application code which does not have
the potential to kill people if there is a bug (just cost lots of money),
does not routinely get reviewed at this level and therefore that bugs like
this are more likely to slip thru and will not normally cause a problem
(until some pimply faced youth with no sex life goes out to deliberately
prod them....).

Just because a file is non executable does not mean that it cannot cause the
program loading it to run arbitary code.

NOTE: I take the view that anyone asking the question is not nearly good
enougth to actually write such a worm, and that there is not sufficient
detail above to actually help someone to pull it off (Shouldn't have to say
this!).

Regards, Dan.
--
And on the evening of the first day, the lord said.... LX1, Go!
And there was light.
The email address *IS* valid, do not remove the spamblock.

Mike Rivers wrote:


No. Would you like to?

Actually it *MIGHT* be possible. If the scum can find a buffer overflow in
whatever windows uses for its default Mp3 player (say trusting the file
about the length of some data) and it is exploitable then the potential
exists. Given the record of problems with
IE/Sendmail/SSHD/MSExchage/IIS.... (Across various platforms) I am inclined
to suspect that a program which is less obviously network based and which
will have had far less scrutiny may well have such a vulnerability.

Actually the nasty trick would be for someone to find a vulnerability in one
of the common windows P2P clients then distribute a interesting looking
file with a payload which modified all the files in their shared diretory
to also have the payload (but still play correctly). Not an easy thing to
do, but very nasty if someone pulled it off.

You almost have to take the view that *ANY* application which is going to
be widely deployed and where the users will tend to share files needs to be
written to not trust anything about the file to be correct (and extensively
code reviewed to try to ensure that this is the case).

Given that I have seen this bogosity in a piece of safety critical realtime
code:

void cmd_extract (char *message)
{
/* cmd is up to 3 non nul chars followed by a comma */
char cmd[4];
int i = 0;
/* Function to call */
int (*fn)(int, int, char*);
fn = NULL;

/* Extract the command */
while (message[i] !=','){
cmd[i] = message[i];
i++;
}
cmd[i] = 0;
------ do lots of other stuff */

message was receved over an RS232 link in an electrically nasty enviroment.
Once in a blue moon this thing would cause a hard crash, what was eventually
discovered was that occasionally the comma would be corrupted in
transmission.

This actually got thru a SIL level 3 review and made it into a prototype
before the problem surfaced, if it was in something where a crash after a
month of continious operation would not have caused a weeks worth of debug
effort for the whole team then it would very likely have made it into
production.
Now this code was not written by a stupid man, and the reviewers included
one of the best code reviewers I have ever met, but still it got thru.

It seems *very* likely that normal application code which does not have
the potential to kill people if there is a bug (just cost lots of money),
does not routinely get reviewed at this level and therefore that bugs like
this are more likely to slip thru and will not normally cause a problem
(until some pimply faced youth with no sex life goes out to deliberately
prod them....).

Just because a file is non executable does not mean that it cannot cause the
program loading it to run arbitary code.

NOTE: I take the view that anyone asking the question is not nearly good
enougth to actually write such a worm, and that there is not sufficient
detail above to actually help someone to pull it off (Shouldn't have to say
this!).

Regards, Dan.
--
And on the evening of the first day, the lord said.... LX1, Go!
And there was light.
The email address *IS* valid, do not remove the spamblock.

Ben Bradley wrote:
If there's no virus, SOMETHING has to be causing the computer to
run slow. Perhaps you still have something that Norton didn't find. Do
you have the absolute up-to-date this evening's
virus-signature-whatever files for the Norton scanner?

-----------------------------------------------------------------------

I went to the Microsoft website and found out what files were causing
the problem. A search turned up two of the files in my computer and
they also showed up as "Start-up items". I deleted the files and ran a
virus scan. Norton found two more things to fix. I've been scanning
and searching ever since and one of the files teekids.exe came up
again. Even if the computer is free of this worm, it still needs a
clean uninstall/reinstall to get it working right. My Norton
anti-virus is updated automatically so it should be ok.
Thanks,
Phil

Try Spybot Search & Destroy next. It's helped me fix mysterious
slowdowns on half a dozen machines recently http://www.safer-networking.org/



Phil wrote:

Ben Bradley wrote:
If there's no virus, SOMETHING has to be causing the computer to
run slow. Perhaps you still have something that Norton didn't find. Do
you have the absolute up-to-date this evening's
virus-signature-whatever files for the Norton scanner?

-----------------------------------------------------------------------

I went to the Microsoft website and found out what files were causing
the problem. A search turned up two of the files in my computer and
they also showed up as "Start-up items". I deleted the files and ran a
virus scan. Norton found two more things to fix. I've been scanning
and searching ever since and one of the files teekids.exe came up
again. Even if the computer is free of this worm, it still needs a
clean uninstall/reinstall to get it working right. My Norton
anti-virus is updated automatically so it should be ok.
Thanks,
Phil

My Norton
anti-virus is updated automatically so it should be ok.
Thanks,
Phil

Sometimes it doesn't update often enough. Check out the following links :

http://securityresponse.symantec.com...un.trojan.html



Both new virus' were discovered on the 1st but the manual updater wont be
available until the second and the live updater wont be available until the
3rd. When ever in doubt go directly to Symantec's site and update as much
as is available.

John L Rice

In article ,
"John L Rice" wrote:

My Norton
anti-virus is updated automatically so it should be ok.
Thanks,
Phil

Sometimes it doesn't update often enough. Check out the following links :

http://securityresponse.symantec.com...un.trojan.html



Both new virus' were discovered on the 1st but the manual updater wont be
available until the second and the live updater wont be available until the
3rd. When ever in doubt go directly to Symantec's site and update as much
as is available.

John L Rice




I read mail on my mac g4 laptop do I need virus scanner for mac os x
10.2.8 soon to be upgraded to 10.?
George

"George" wrote in message
...
In article ,
"John L Rice" wrote:

My Norton
anti-virus is updated automatically so it should be ok.
Thanks,
Phil

Sometimes it doesn't update often enough. Check out the following links
:


http://securityresponse.symantec.com...un.trojan.html




Both new virus' were discovered on the 1st but the manual updater wont
be
available until the second and the live updater wont be available until
the
3rd. When ever in doubt go directly to Symantec's site and update as
much
as is available.

John L Rice




I read mail on my mac g4 laptop do I need virus scanner for mac os x
10.2.8 soon to be upgraded to 10.?
George

Hi George,

Sorry, I'm not really familiar with the needs of MAC users but I would guess
that MAC virus' are less abundant than PC virus'. Even so, you should
probably have some sort of virus detection software no matter what platform
you use if you ever connect to the internet, a network or share disks/files
with others.

Best of luck!

John L Rice