toggle.org, TOGGLE On-line Newsletter

Number 226 - March 2002

"Goner" Virus
by Marsh Allen, February 2002 TAPCUG DataLine
I was asked to write up a report on the virus I acquired on my computer and the results. On December 5, I downloaded my e-mail on Juno with disastrous results. I had a total of 7 messages to be read, and my screen scrolls down as you read them. The first was from my nephew in Fort Collins and he always has a neat joke to send on. This time, however, it said "Hi. This is a neat screen saver. Thought you might like it." I, of course, expected to find a scantily clad woman or an Afghan Freedom Fighter in the attachment, but not so. It didn't even open up so I had something to view. The next item was junk mail, so I deleted it. The next item was from the nephew again telling me in no uncertain words to not open the prior message. He had acquired a virus and his detector did not pick it up. (Mine did not either!!) He noticed it when he sent out one e-mail and the log showed a large amount sent. The virus had sent the attachment to everyone on his address book!! I tried to scan for the virus but it attacked my McAffee so it would not run. I tried to open up Juno again and it failed also. When I tried to uninstall McAffee to reinstall it, it would not let me do that for some .dll files were missing. I checked several other programs and the .dll files were missing in them too. Windows was missing many. I tried to install	Windows over the top of itself and it would not accept it!! I was really screwed. I was able to find out how much evil had been done. The program printed out 3 pages of corrections to be made. I got out the laptop and checked in the net and found that it was a real killer. I talked to Vickie and she expressed concern about all my files. Fortunately I had most of the files backed up so I will lose hardly anything in the process. Please have an up to date virus scanner in place. It is much cheaper that way. I back them up onto floppies so I was in the clear. I took my computer to Yes Computers and they stripped all of the bad files and reinstalled the missing files. The computer works great now. However my VISA bill is larger. I did have to delete all my incoming message files for I could not call up a message without the computer locking up even after it got back from the store. So I lost the incoming messages that I had not read yet!! The message from all this is to keep your anti-virus programs up-to-date and working and to make backups!! TOGGLE Editor's Note: To see Symantec's (Norton Antivirus) procedure for recovering from an attack by this virus go to and how to remove it W32.Goner.A@mm Removal Tool go to http:// security response. symantec.com/ avcenter/ venc/ data/ w32.goner.a@mm. removal. tool.html
Number 226 - March 2002