Virus warnings - Martyn, Back Room moderator
While we would not ordinarily want to see The Back Room used as a discussion forum about computer viruses, there was a specific reason for talking about this particular instance, because the virus in question was connected to email correspondence between Honest John and Back Room contributors. He was obliged to warn people that the virus was around.

At the same time, given the connection, it was entirely appropriate for other contributors to share what they knew about the problem. Thank you, everyone who contributed.
Re: HJ's viruses, & hoax trap - G Hall
Bearing in mind HJ's numerous virus problems and being caught out by a hoax, it is worth pointing out that anyone who depends on their PC for a living should:

1) avoid using Internet Explorer v5.1, v5.5, or v6 UNLESS they have enabled all the secutiry features on their browser and have updated to the latest free security patches from Microsofts web site. The Netscape browser is less vulnerable to attacks.

2) avoid using Outlook or Outlook Express; but if you do use either of them, do NOT select the option to preview e-mails. For heavy uses of e-mail, it is infinitely safer to use Eudora or other non-Microsoft software. You can get free versions of Eudora and Pegasus from Also, never open any e-mails or attachments with extensions such as .exe, .pif, and other such well publicised executables.

3) if you receive any apparently well meaning virus warnings, do not take any action until you have checked out the facts on the authorised anti-virus web sites. You can also look up the lists on the hoax-buster web sites which will tell you about other hoaxes such as the "tourist" on top of the WTC who took a photo of the plane as it approached the tower.
Re: New virus downloads itself from Web pages - G Hall
The latest NIMDA mutant can download from web pages. The zdnet page for this latest virus news and patches is:,,t281-s2095530,00.html

"Rather than updating sites with a message like Code Red does, it attaches malicious Java script to the bottom of Web pages," said Graham Cluley, senior technology consultant at Sophos. "This means that if you go and browse a page and you don't have the correct security on your browser, it looks as though the Javascript attempts to forward the virus from your machine to everyone in your contacts book." Cluley said the suspicion is that only Internet Explorer is vulnerable to this exploit, but he stressed that until the virus has been properly analysed it is impossible to say for certain.

This method of spreading through Web pages could be the reason for the high number of reports, said Cluley. To find out how to prevent against and remove the Nimda virus, see ZDNet's Help and HowTo on the subject.

The Nimda virus -- its full name is W32/Nimda.A-mm -- was first detected on Tuesday afternoon. Messagelabs, which provides an email scanning service for its corporate customers, said it stopped more than a hundred copies of the virus attached to emails within an hour of the first incident, which arrived from Korea at 13.10GMT. Most of the Nimda email viruses captured on Tuesday afternoon by Messagelabs originated from the US, leading the company to speculate that this is where the virus originates from. When Nimda arrives in an email, it appears as an attachment named README.EXE. This is the same name used by another current virus called W32/Apost-A, so antivirus firms say many people should already be aware of attachments bearing that name.

However, Nimda also appears to be capable of spreading by other means. "My guess is we may also see it spread through Internet relay chat," said Alex Shipp, senior antivirus technologist at Messagelabs. And this may not be the end of it. "We have also found an FTP component in there," said Shipp. "It may be trying to download nasty stuff from some Web site somewhere -- we're still not sure. We know it is using FTP but we don't know how yet."
Re: New virus downloads itself from Web pages - Andy P
I use IE5.5, but have two other programs which I find indespensible:

1. Idcide Privacy Companion - looks after cookies

2. Norton Internet Security - and this is the really worrying bit. This program has a firewall and I can almost guarantee that everytime I go surfing, someone, somewhere, tries to put a Trojan onto my system. These are the type that send details like passwords and other sensitive stuff to the IP where the Trojan originated.

Re: Virus warnings - Jonathan
If they try and the firewall blocks them, then how do you know that they are doing it?

I get pinged and contacted all the time I'm on line, most of it is the sites I am visiting. If you dial up and get a different ip each time, then it is extremely unlikely, unless there is something on your computer telling them that you are online.

Re: Virus warnings - Andy P
Norton indicates every time an attempt is made to place a virus on my system. As I type this, I've been on the net to less than half an hour and Norton has already blocked three attempted SubSeven Trojans.

As for not preventing viruses, I also have Norton Antivirus running, and so far I have only had one virus, and Norton immediately quarantined the offending virus.

Now, I wouldn't dream of going on the net without a firewall and up-to-date antivirus software. It's dangerous out there!

Re: Virus warnings - Brill
HJ wrote:

"As the result of a virus attack, I'm deleting all incoming e-mails without acknowledgement. Will put a CRISIS OVER message in the news as soon as I'm back in business."

. . . Much coverage/discussion here lately, is this problem peculiar to PCs? The Apple Mac fraternity seems less skittish on this subject.

Re: Apple Macs - G Hall
Yes PC/Microsoft-Windows/IE/OE are the most attacked as they are the more common platform and have software "windows" through which viruses get in.
Firewall - Lee H
I use Zone Alarm as my firewall, and it works pretty well. It's interesting just how much traffic attempts to pass through your computer without your knowledge, ZoneAlarm will stop it, or at least allow you to decide upon what action to take.

No brain installation and good value at £0.00 for personal (non-business/educational) use.

Go for the free download (if you're eligible) at the bottom of the page.

Re: Firewall - G Hall
Firewalls do not stop viruses like Nimda and Sircam and Badtrans from getting in to your pc.
Re: Firewall - Lee H
Nor do they make a good substitute for a word processor.

I was trying to help folk save some money and get some protection against miscreant programs.
Re: Firewall - David W

No ZoneAlarm can't stop you getting a virus but what it did do for me was to prevent the trojan payload of BADTRANS connecting my PC to another while on-line and giving away any data.

Furthermore it correctly identified KERNEL32.EXE as the program trying to access the Internet and told me the IP no. of the PC it wanted to find.

This enabled me to make some investigation as to where the virus was from.

Most importantly it was the pop-up alert of ZoneAlarm that made me realise something was going on and get the latest update from Symmantec to resolve the issue.

Without ZoneAlarm I might have been unaware and mailing the virus to others for contacts are doing to me at the moment!

I rate it highly for a free program as Lee says.

Re: Firewall - Slartibartfast
ditto to Zone Alarm.......well worth the non-money.

Value my car