NOT OFF TOPIC! - W32.BeagleM Virus

Grazie wrote on 6/14/2004, 9:07 AM
Well Guys 'n Gals, Grazie had this nasty virus on a G: .. . It re-infected C: to the point where the registry was screwed . . NOW I've got a Virus protector on the MONSTA! and being very very careful . . . MONSTA! squeeky clean . . NIS and NAV doing their thing!

Hello Sony!

All the best . ..



busterkeaton wrote on 6/14/2004, 9:18 AM
Grazie, I have not had virus/worm problems since installing Panda Platinum Internet Security.
johnmeyer wrote on 6/14/2004, 9:27 AM
I do not use any virus software because it slows things down. However, I help others with their virus problems. 99% of all viruses come in through email. Make sure you have Outlook Express (or whatever you use) set to use the highest security level when opening emails (Tools -> Options -> Security tab). It should be set to use the "Restricted Zone." Then, go to the Internet Options icon in the Control Panel and select the Restricted Sites icon and then click on Custom Level. Make sure all the settings are set to not allow ANYTHING (scripts, etc.) to run.
TheHappyFriar wrote on 6/14/2004, 9:37 AM
I've got Mcafee 6 (cuz they took lots of nice features out of 7 & 8 that 6 had) on internet scan only. It scans my comp every day at 2am for viruses.

I'm still ticking so it's gotta work. :)
Grazie wrote on 6/14/2004, 9:45 AM
Hi Guys! . .Thanks for the "supportive" comments .. Now all I need to know is HOW to Activate Norton wothout subjecting the MONSTA! to the Internet! - I've got 15 days to activate .. it's working but the clock is ticking down . . . starting today .. I wish there aws a way to activate without access the Symantec Servers for this .. really scary stuff .. But, I do have foos in my belly, clean running water and a roof over my head . . it's all about perspective . ..

. . oh yes I had completed my Article before things things went South . .. again . .

craftech wrote on 6/14/2004, 9:52 AM
If you want an antivirus which is not a resource hog and which is rated consistently high, check out the VB 100 Virus Bulletin and have a look at Eset (Nod 32)
I think the download is around $40.

BillyBoy wrote on 6/14/2004, 10:09 AM
Besides a anti-virus program you should have a firewall. Several decent free ones out there. I've been using Outpost (free version) for over a year.

Basically a firewall is like a traffic cop. In monitors all inbound AND outbound traffic coming from or trying to get to the Internet. The inbound part is obvious. The outbound feature provides protection from any application ALREADY on your system, popping up a window and asking YOU if you want such and such application to have access to the outside world.

Since most worms and trojans are the real evil stuff even if one is already on your system lurking in some dark corner unknown to you a firewall will prevent it from functioning...unless you're dumb enough to give it permission to have access to the Internet.

Firewalls like Outpost are simple to set up. When first installed they pop up a window for each application that wants Internet access and asks you if its ok. Obviously you say yes for your browser, email client, etc.. Then it sets up and remembers a "rule" for that application and won't bother you again, unless the footprint of the application changes which may indicate you upgraded... or some malicious application is pretending to be what its not and trying to pass itself off as a trusted application. A decent firewall will warn you. Any virus, worm or trojan trying to phone home will be intercepted by the firewall and blocked. Again its a one time deal. Once it knows "x" is a trojan or something you don't want to allow Internet access it writes rule blocking it and the firewall won't nag you about it again.

The reason some trojan wants to connect to the outside world is so some hacker can in effect use your computer to do some nasty stuff like make your PC part of a denial of service attack. By networking hundreds, even thousands of PC's of unsuspecting users the hacker can attempt to overwhelm some site by flooding it with requests or the hacker via the trojan can simply hijack your files or at least snoop without you knowing.

You don't have to open some email attachment. A very common way to gain access is through port sniffing. If you are connected to the Internet some hacker can "sniff" a range of IP numbers and by probing common ports sneak in a back door and install a remote control application that the hacker can access anytime you're on line.

Another nice little application to have is some metering application like DU Meter which in real time shows your download/upload traffic. If You see a large value for uploads and you didn't upload then someone is using your PC. Because of how the Internet works even if all you ever do is download there is some upload traffic which is your computer talking to the ones it connects with. That's normal but should be a small percentage of your download value.
Grazie wrote on 6/14/2004, 10:20 AM
BB, yeah got a firewall installed on everything . . Thanks for your concern and detailed descriptions of what gets you thru' the nite - yeah?

Now off to reinstall and . .bla blah blah .. .

Life is GOOD!

busterkeaton wrote on 6/14/2004, 10:26 AM
As BillyBoy mentions a firewall is important too, since worms can spread by scanning your ports when you're connected to the internet. That means you can get infected without downloading or actively doing anything. Panda Platinum Internet Security includes a firewall and a few other features, like spyware detector and an anti-dialer feature. It's pretty light on system resources too.

RexA wrote on 6/14/2004, 10:45 AM
I will second the recommendation for NOD32. I have been using it for a couple years. I originally had McAffee but could not keep it active because of the slow downs John Meyer mentioned. NOD runs so efficiently that I keep it enabled.

A firewall is definately important too. I run the free version of Zone Alarm. To check how well your firewall is working, I find Grc ShieldsUP to be a good test.
Grazie wrote on 6/14/2004, 11:13 AM
Thanks Rexie . . . .

I aint gonna download anything that I can't grab hold of with both @@&@^@%@$ing hands .. yeah? . . . If it don't come in a shrink wrap container with Govt Approval .. then I aint interested .. sorry Rexy . .I'll give it go, but not today . .I'm a wee bit pissed-orf . .again! . .

BJ_M wrote on 6/14/2004, 11:21 AM
norton has a habit of screwing up some systems as bad as some virus ..

clearvu wrote on 6/14/2004, 7:59 PM
I've got Norton too. But the only thing that actually runs on it is the email inbound scanning and that's it. If I download a file, I always check it manually for viruses.

As far as I know, because it only runs when checking email, my system does not get bogged down.
RichMacDonald wrote on 6/14/2004, 10:43 PM
I got sick of Norton. I've been very happy with the free anti-virus tool from AVG, available at this link
FuTz wrote on 6/15/2004, 4:23 AM

I got a friend who's running this AVG thing too and has no problems... but he's got a network, with Linux based Firewall in an old Intel 300MHz tower as a first barrier...
He's a wise guy...
RichMacDonald wrote on 6/15/2004, 8:08 AM
>I got a friend who's running this AVG thing too and has no problems... but he's got a network, with Linux based Firewall in an old Intel 300MHz tower as a first barrier...

At work we run AVG along with a Linux-based firewall. At home, I run the free AVG version. Both are terrific. Updates itself automatically. Set and forget. Hasn't interfered with anything else.
vitamin_D wrote on 6/15/2004, 8:17 AM
As BJ_M wrote, you've got the option to turn off automatic detection settings in your antivirus software. Do this, and things won't come to a crawl.

The best AV software out there is F-Secure, with Kaspersky coming in second. I've had problems with Kaspersky (most AV software has a 30 day trial), but F-Secure works wonderfully. Norton and McAfee are the most widely known/used, but unfortunately rate poorly. Go figure.

Pair your AV off with a decent software firewall -- like Outpost or, if you're looking to have things EXTREMELY SECURE, Tiny Personal Firewall. Outpost will work for most people, and has a shallow learning curve when compared to Tiny.

- jim
BillyBoy wrote on 6/15/2004, 8:26 AM
The point is...

use SOMEBODY'S anti-virus and firewall.
craftech wrote on 6/15/2004, 6:57 PM
If you have followed Microsoft Security Updates over the years, you will notice that a large percentage of them address vulnerabilities in Microsoft Outlook or Outlook Express. Notice that the W32/Beagle virus exploits .wab files for example. Since many Microsoft programs and even some hand held devices require Outlook to function (Thanks Microsoft) one cannot just remove it. Moreover with version 6 of Internet Explorer the two have been integrated (on purpose).
Be that as it may, you do no have to maintain an address book with .wab extensions. You can use another e-mail client and just keep Outlook installed for Microsoft program functionality. That will protect you from many future vulnerabilities since most people just knuckle under to Microsoft and use Outlook for convenience. I would suggest you change your address book to another e-mail client's address book.
Also, my main computer (on which I am typing this) is not my editing computer. As I have stated before, a dedicated editing computer is far more reliable than an all purpose one and reduces the variables when one has to troubleshoot. For my editing computer, I only access the internet for occasional downloads. The rest of the time the cable from my router to my editing computer is unplugged. I certainly don't ever use it for e-mail either.

Grazie wrote on 6/15/2004, 11:28 PM
Thanks John - You've reassured me I AM taking the best/correct approach.

Yes, I have and do update & auto update and all the neccsary daily routines that I thought would make for a safe machine - must have sliiped up somewhere . . . .

Didn't know or was told about the Beagle. I've used the Symantic remover tool, what is your, "one cannot just remove it." - you mean Outlook & OE? What do you suggest as another s/w for emailing ? . If you can't remove it, what are the issues .. intergration with IE too?

Oh yes! I've remove any physical connections - a real BIG pain in the bottom. . guess the virus writers have won this one - yeah? . . . When I wanna swap files between pcs now, I guess CD and the like? And no, my edit machine is separated from this machine.

Yes, it is the MS updates for the Edit machine that would need me to go online .. . this scares the pants off me.

24Peter wrote on 6/16/2004, 10:12 AM
another vote for AVG grisoft free version. never interferes with any of my renders.
craftech wrote on 6/16/2004, 7:01 PM
what is your, "one cannot just remove it." - you mean Outlook & OE? What do you suggest as another s/w for emailing ? . If you can't remove it, what are the issues .. intergration with IE too?
Yes, Outlook. Leave it on there so IE will function, but after you change e-mail clients, copy the address book info from Outlook, then delete the .wab files from your computer.
I would suggest either Eudora (the free "sponsored" mode to start and "paid" mode if you really like it). You won't get spammed from using "sponsored mode". The other one I would recommend is Pegasus Mail. Many people seem happy with it.
The poster above recommended Grisoft AVG antivirus. I would not recommend it as it will not detect viruses very well. I would recommend Eset Nod 32 as I said above and the free version of Zone Alarm as a firewall. That combination will not slow your system down. Just don't grant automatic permission to any software that wants to access the internet including IE. Always check "ask". Block certain software such as RealNetworks and Acrobat Reader from accessing the internet as they are spam generators. The same goes for the tasks, disable all software that wants to start every time you start yourcomputer except for Explorer, Systray, Zone Alarm, and maybe your mouseware. If you have a particular thing you want always running enable it as well.
I am assuming that you are running Windows XP or Windows 2000 so your ports should be closed. You can do a port scan using to make sure.
I would suggest that you open a Hotmail or Yahoo account to act as a target for spam and use your regular account sparingly. Also note that you need to e-mail others from your Hotmail account or Yahoo account and a very few people from your regular e-mail account to avoid having your e-mail address become one of the casualties of a mass mailing worm or other virus if one of your "friends" or "contacts" has their address book hacked. Periodically change your Hotmail or Yahoo e-mail account. Both of those are spam magnets anyway.
You also need to change your security settings for IE, but I don't have time to go through that tonight. I will though, maybe tomorrow if you want me to.


Grazie wrote on 6/16/2004, 9:10 PM
John - You are a diamond! I'm kinda taking alot of your advice . .. Perhaps this conversation needs to happen "off" Forum ..

Many thanks people ...

vitamin_D wrote on 6/16/2004, 10:36 PM
The point is...

Well, I'd hasten to say that may be your point. Mine is that there are differences in AV software, and firewalls as well. Use one of the upper-tier of both, and you should be set.

AVG antivirus, for instance -- praised on this forum -- does little better than a D+ if it were receiving an academic grade:

- jim
craftech wrote on 6/17/2004, 6:41 AM
Perhaps this conversation needs to happen "off" Forum
I think I would like to post the next one as a part of this thread just in case someone else can benefit from it as well. Also, if I suggest the steps to someone else in the future, I can find the post and link it so it will be easier for me to help them. I'll probably post it sometime today or tonight EST... USA.
Also, something else real quick that I forgot to mention is that some antivirus software won't allow you to easily use another vendor's firewall. Example Panda software makes a fairly high rated Platinum 7 software, but it only works well with their own firewall. Their firewall slows your system down to a crawl and can lock a system up. That is why I removed it despite the fact that I got it for free through an offer they had to ZD Net users.
Zone Alarm seems to be the least demanding firewall. So you want an antivirus solution that won't insist on your having to use their own firewall.