I receive the “goldfish” email virus. I may have may a big mistake, I almost opened the attachment because I had a previous email indicating I sent a research question regarding “goldfish” Then I had an email on goldfish that showed me as the sender. Anyway when I tried to open the attachment (stupid me) I got a virus warning, so I hit cancel. I assumed Norton found the virus and I was OK I did a scan before I deleted the email but Norton did not detect any virus. I also ran a report but it’s not showing any detection. Should I just wait and see or is there any action I should take now? ************************************************************** 07-20-02, 07:21 AM TomGL2 Delete the email and attachment. If you chose "Quarantine" at the antivirus alert, open the Quarantine console and delete the infected file.
The problem should not have gone as far as it did. Norton scans incoming email, and should have generated an alert while the email was downloading. Press Ctl-Alt-Delete and look for Poproxy in the Close Programs list. If it does not appear, then Norton's email scanner has not loaded, and you should try to correct the problem.
If the email scanner is running, you should test to determine if it is working properly. Click Start, Run, type "Notepad C:\Windows\Desktop\VirusTest.txt" and press Enter. Disable Norton Antivirus, then cut&paste the following 68-character line into the document --
Note that this is a single line, so remove any wordwrap which may occur. Click File, Exit, and Yes to save the file. To verify the file is correct, right-click the file and click "Scan with Norton Antivirus". You should receive an alert that the computer is infected with the "EICAR test string". Click Cancel and Yes.
Please note that this is NOT a virus, but a standard virus scanner test file. See Eicar.org for more testing information.
Send two emails to yourself, one with VirusTest.txt as an attachment, and one with the line inserted into the email message.
Once the emails have been sent, you should enable Norton Antivirus.
Wait a few minutes, then open your email program and check for new mail. If Norton's email scanner is working, it should generate an alert for each of the "infected" emails. ************************************************************** 07-20-02, 08:06 AM moe257 Thanks I followed your instructions and my virus scanner is working. What I'm concerned about is the message I got from Norton when I first opened the attachment.
It said "Virus detected Name W32yahaf@mm unable to repair file. "access to file was denied" does that mean I'm infected or I was denied access to the file with the virus?
The attachment was never fully opened after I received those messages. I deleted the file. I'm also getting a lot of "automated responses" from commercial sites thanking me for my inquiry. I never sent those "inquiries" and I think my email address is being used to spread the virus. ************************************************************** 07-20-02, 09:53 AM TomGL2 It is very unlikely that this virus infected the computer, particularly since the virus scan showed the computer to be clean. Window's "access denied" is a general message to indicate no program was permitted to open the file.
[This message was edited by TomGL2 on 07-20-02 at 10:02 AM.] ************************************************************** 07-20-02, 10:01 AM moe257 Thanks so much for your help. I also ran a complete scan on my computer and it isn't showing any virus. I just got a new computer and I was really worried. It bothers me that those automatic replies in my email may mean that my address is being used to spread the virus. I also checked the particular virus on Norton and it does come up as "rare" ************************************************************** 07-20-02, 10:13 AM TomGL2 Besides running a good antivirus (which Norton is), it's important to use a firewall to block Internet-based threats, particularly hackers. I especially recommend ZoneLab's ZoneAlarm, which is free for personal use, and has received numerous awards from the industry. ************************************************************** 07-20-02, 05:14 PM Di TomGL2 - I read in your first reply to Moe257 that you should delete the anti-virus alerts from the quarantine file. Thanks for this info. I've 10 sitting in there and thought I was stuck with them! Couldn't find anything in the help file about this...Again- Thanks big grin ************************************************************** 07-22-02, 05:02 PM Tree Hi TomGL!
Just one question.....when I go into the quarantined files in Norton, I delete only the infected TEMP files.
Is it not true that you should NOT delete files that are not TEMP files?
roll eyes Lemme know. ************************************************************** 07-22-02, 06:45 PM moe257 Thanks for all the help. I followed your steps and everything seems ok. I am concerned because I have been getting that email almost daily in my MSN mailbox "goldfish" sometimes a couple a day. I read up on the virus in Norton the real name is w32yahaf@mm. It says it's rare and is circulated through MSN. Some are automated replies regarding inquiries that I never made and some are from individuals that I don't know. I always delete them and run a scan. It is normal to get caught in a circle with a virus? Should I delete my MSN messenger or take any other steps for protection? ************************************************************** 07-22-02, 09:35 PM TomGL2 Tree, there is no purpose in keeping infected, unrepairable files. You should nnote the filenames, though, because viruses frequently replace system files, and you'll need to restore those from the original disks.
For instance, RegEdit.exe is a Windows system file often replaced. Because it is replaced, there is nothing left of the original and the file cannot be repaired. You'd use the System File Checker (Windows 98), or the System Configuration utility (Windows ME), to extract the file from the Windows installation (CAB) files. ************************************************************** 07-23-02, 12:08 AM Tree Thanks!
Ok, I got it!
I have deleted some quarantined infected files, but I have not run accross any that were vital to my system! WHEW!!!
When I do..... I'll be looking you up, baby cakes!
LOLOL!
razz By the way.... you know SOOO MUCH, IT BLOWS ME AWAY!!!!!!! ************************************************************** 07-24-02, 04:24 AM moe257 I wanted to bring this question to the top again because as of today, I'm still in this circle. I have that virus alert in my address book (it's the only address I have in my address book) but it didn't seem to work. I'm concerned because many of the emails that were forward with my name went to government agencies. The census bureau responded saying they received an infected email from me and they are investigating Thanks for all the help.
I followed your steps and everything seems ok. I am concerned because I have been getting that email almost daily in my MSN mailbox "goldfish" sometimes a couple a day. I read up on the virus in Norton the real name is w32yahaf@mm. It says it's rare and is circulated through MSN. Some are automated replies regarding inquiries that I never made and some are from individuals that I don't know. Should I delete my MSN messenger or take any other steps for protection? ************************************************************** 07-24-02, 10:05 AM TomGL2 Moe257, Symantec has authored a removal tool effective against W32.Yaha.E@mm and W32.Yaha.F@mm. I suggest you use it, if only to verify the computer is not infected (it is probably clean). If there is evidence of infection, remove and reinstall Norton Antivirus and your firewall software.
This virus is not rare; as of June 2002, Symantec rates its distribution at 8 (on a scale of 0 to 10). The virus can infect the computer when you simply view the email, either in the Preview Pane or in its own window, because the attachment can execute without any action on your part. This problem exists in Internet Explorer 5 and earlier, 5.01, 5.01 SP1, 5.5, and 5.5 SP1.
You've mentioned that infected emails have been received by several agencies such as the Census Bureau, and these emails seem to have come from your computer. Your computer is not the source -- the virus forges the return address. An email address is randomly selected from the sender's address book and inserted into the From field. This makes it appear that the email originates from some other sender.
This message has been edited. Last edited by: DorianGreyed,
