I have always taken this Forums advice and never opened e-mail attachments without finding out if they were genuine first.
I normally delete to be safe.In the last fortnight I have had 5 Netsky viruses detected by my AVG anti virus system.I never opened any attachments but only highlighted the e-mails to delete them.I could not understand why the minute I highlighted them a virus alert popped up.

I have now found out that the e-mails were using something called a MIME exploit to try and infect my computer.I use Outlook Express and Incredi Mail.Please explain what a MIME exploit is and is there any way to detect this type of e-mail before highlighting it prior to deleting?So you experts out there please help.

ils32

Hi ILS32,

Did it say which variant you picked up? It should tell you it has found Netsky.x where x is a letter. This denotes the particular one you got. There's 16 different variants on the database at the moment, and it will save me a lot of reading.. :)

Cheers

Liam


---------------------------------------------------------------------------------
A member of the Alliance of Security Analysis Professionals (http://asap.maddoktor2.com/) since 2004.

Sorry E-Liam I assummed that they would all be similar.The version AVG detected was the Netsky.C and Netsky.D. AVG caught them and put them in its Vault were I deleted it.I just want to be able to stop AVG having to detect them or a new variety which it might miss in the future.

ils32

Have you done any file sharing on Kazaa, as it can be passed on through there as well?

Have you done any file sharing on Kazaa,

No spannersatcx, I have never used Kazaa.All I am hoping is to find a way of spotting this type of e-mail which downloads the virus the moment you highlight it to delete it.

ils32

Hi ILS,

I'm back from work, and have had a quick read up. Unlike most e-mail attachments that are just that, a separate attachment, that can't, if containing a virus, be activated until opened; Netsky, along with the now famous My Doom and Dumari virii are actually embedded in the body of the e-mail itself.

When you click the email notification once, or highlight an email for deletion for whatever reason, you will see a copy of the main body; ie. where you would get the normal text message preview, appear in the lower pane of Outlook. I haven't used Incredimail, but I assume it does something similar. This is all that's needed for the virus to enter your machine. Anything you do with that email must be done by clicking at least once. Once you do that, it's in..

There is a setting in Outlook that stops you from viewing messages in this way, but I can't remember where that is at the moment. I'll try and find out for you.. in the meantime, here are a couple of pages that will give you a clue as to which emails to be wary of..

WORM_NETSKY.C (http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_NETSKY.C)

WORM_NETSKY.D (http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_NETSKY.D)

Cheers

Liam

---------------------------------------------------------------------------------
A member of the Alliance of Security Analysis Professionals (http://asap.maddoktor2.com/) since 2004.

Thanks E-Liam for the explanation.

AVG detected the virus and informed me that it had isolated it and had put it into the vault where I deleted it. Further scans with AVG tell me my computer is clear of the Netsky.C and D.
Is there any benefit in scanning with Housecall?
If I do will AVG + Noadware be affected?
Its just that I am a bit wary of playing about with anything involving the registry which I would have to do if the virus was still on my computer.

ils32

After thought.
If you cann't click on it to delete it when you spot it. What do you do?You cann't just leave it sitting there.So do you delete and hope your anti virus software detects it when you do?

ILS32,

The advantage of scanning with HouseCall is that it gives you a second opinion. The payload of some viruses is to disable your current antivirus program. (It will look like it is scanning but it is in fact not doing anything.) Since HouseCall is not resident on your computer, it will not fall prey to this type of attack. The second thing is, many people do not update their antivirus program, and my scanning with HouseCall, at least we know the person we are helping has at least one good scan of their system.

Take Care,

Richard

P.S. As long as AVG has the virus quarantined you are safe. ;)

Does Netsky affect Macs using Outlook Express?

Thanks again E-Liam and Richard.
Scanned with Housecall and all clear.

ils32

Hi BusyB,
Does Netsky affect Macs using Outlook Express?
Not that I'm aware of.. :)

Hi Ils,

you're welcome. :)

Cheers

Liam

E-Liam,

Thanks for that as I'm getting a lot of e-mails with a file attached which I have deleted without opening file. I was concerned however that by OE selecting the title to delete that I might get infected. I'm guessing thathe mails are coming from a club mailing list that I'm a member of.
I'm new to Macs so not too sure how secure they are.

Thanks again.

ILS32,

Glad to hear your comp is once again pest free! ;)

Take Care,

Richard