The DataBus OLE - Are You Infected?

Are You Infected?

By Bob Esch, The DataBus Editor Emeritus

All, I'm sure you've heard that Sobig-infected and Fizzer-infected messages are spreading worldwide at an unprecedented pace. The inescapable conclusion:

Many of you folks may be infected with these worms. Here's how, in a minute right now, you can check your computer.

Right-click Start and choose Explore. Double-click Programs, then double-click Startup.

If you see any file in there with a name in the form ????.exe (such as Cti.exe or Cyye.exe), you may be infected with Bugbear.B. Perfectly legitimate programs will also be in your \Startup folder, so don't panic. But if you have a file in \Startup that you don't recognize, run to < http://securityresponse.symantec.com/avcenter/venc/data/w32.bugbear.b@mm.html > and check your system. NOW.

Look in your Windows folder (probably c:\Windows) for files named ISERVC.EXE or ISERVC.DLL or MSCVB32.EXE.

If you see ISERVC.EXE or ISERVC.DLL, you are infected with Fizzer. Hit F-Prot's Web site, http://www.f-prot.com/virusinfo/descriptions/fizzer.html , and run the disinfector.

If you see MSCVB32.EXE in your \Windows folder, you're infected with Sobig. Hit Symantec's Web site , < http://securityresponse.symantec.com/avcenter/venc/data/w32.sobig.c@mm.html > and run the disinfector.

All three of these viruses/worms travel in many different ways - so-called "blended threat" malware - but the most common point of entry to any network is via an infected email attachment (or an infected file in a Kazaa shared folder).

The file name extension on the attachment - .EXE, .PIF, .SCR or .COM is a dead giveaway. Providing Windows shows you file name extensions, of course. Windows should show file name extensions by default, but XP doesn't. Everybody - that is *everybody* - needs to see file name extensions, and understand the implications of double-clicking on files with potentially destructive file names.

How to make Windows Explorer show the file extensions? Simple. Right-click Start and choose Explore. Left-click on your C:/ drive icon and look in the right-side pane below the folders. [The filenames should also show their extensions, like xxxx.exe.]

If they don't, go to the pull-down menu at the top called Tools, then click on Folder Options, then the View tab. Uncheck the box^† in front of 'Hide Extensions for Known File Types', then click on Apply and OK.

^†(While there, do yourself a favor and put a check in the box in front of 'Display the full path in the address bar' if it is not already checked.)

top ^