"Hey"

Help and Discussion

Moderator: The Mod Squad

"Hey"

Postby c327 » Thu Jun 21, 2012 1:35 am

Recently I talked to a few people who caught the "Hey" nasty via their email program, I was not included in that deal. I don't open anything that looks even the slightest suspicious.

My guess is that someone opened an infected email that went on to send itself to every person that was entered in their Address Book or list of Contacts. From there it just spread like wild fire.

I really am not sure if this was a virus or just spam and just what was it supposed to do besides mail itself to others? How deep a roots does this nasty plant itself in ones P.C.? Are passwords compromised?
“Respect cannot be learned, purchased or acquired - it can only be earned” "Pay It Forward"
c327
Black Belt 4th Degree
Black Belt 4th Degree
 
Posts: 4039
Joined: Fri Feb 27, 2004 1:01 am
Location: Saint Augustine Florida

Postby evasive » Thu Jun 21, 2012 2:36 am

There's a few messages around the internet on this one, normally chaning your email password and using a decent and recent virusscanner will take care of it. It's already signaled in the wild as early as 2009 so more than likely someone was thinking they can run windows with _no_ virus scanner.
We hate rut, but we fear change.
********************************
System error, strike any user to continue...
evasive
Mobo-fu Master
Mobo-fu Master
 
Posts: 36807
Joined: Sun May 06, 2001 12:01 am
Location: Netherlands

Postby c327 » Thu Jun 21, 2012 12:03 pm

evasive wrote:There's a few messages around the internet on this one, normally chaning your email password and using a decent and recent virusscanner will take care of it. It's already signaled in the wild as early as 2009 so more than likely someone was thinking they can run windows with _no_ virus scanner.


Is this a virus or Spam??

Can a person who gets this nasty consider their P.C. as being hacked?

What was this nasty supposed to accomplish any way besides aggravating people ???

I know at least 2 people real good that caught this and was redelivered via their email program with out them knowing about it. These two people are senior citizens and probably don't know too much about protecting their P.C's until something happens and by then most of their friends have been given it.
“Respect cannot be learned, purchased or acquired - it can only be earned” "Pay It Forward"
c327
Black Belt 4th Degree
Black Belt 4th Degree
 
Posts: 4039
Joined: Fri Feb 27, 2004 1:01 am
Location: Saint Augustine Florida

Postby Karlsweldt » Fri Jun 22, 2012 5:16 am

Listed as an ASPTrojan.
Do the proper steps for removal, first disabling the 'restore' feature of the OS. Then cleansing with anti-malware and anti-virus program in 'safe' mode, where the nasty is less likely to be active and in stealth mode. Then after a few restarts to ensure it is gone, enable the 'restore' feature.
One line from that page reads as:
NEVER accept unsolicited file attachments, even if they appear to be from someone you know.

Ridding a system of a Trojan or virus is not simple. There may be 'threads' generated by the primary invader in many files.. including the System Registry and other critical files! The longer it resides, the deeper it roots itself.
With Emails, avoid those "pass this on" plea. You will be giving your Email address to many unknown people.. and hackers!!!!!!!
F@H.. to solve mankind's maladies.. in our lifetimes!
Karlsweldt
Mobo-fu Master
Mobo-fu Master
 
Posts: 19273
Joined: Wed Nov 12, 2003 11:57 am
Location: 07438

Postby c327 » Fri Jun 22, 2012 9:00 pm

I see this nasty has been in the wild for some time....

I was wondering that if a PC became infected with a deeply rooted nasty that required the user to reload the O.S. and prior to doing so backed up their important files they had stored on the infected PC and then reloaded the files etc. back on the newly reloaded O.S. if they were in fact possibly reloading the nasty at the same time????
“Respect cannot be learned, purchased or acquired - it can only be earned” "Pay It Forward"
c327
Black Belt 4th Degree
Black Belt 4th Degree
 
Posts: 4039
Joined: Fri Feb 27, 2004 1:01 am
Location: Saint Augustine Florida

Postby Karlsweldt » Sat Jun 23, 2012 9:18 am

c327 wrote:I see this nasty has been in the wild for some time....

I was wondering that if a PC became infected with a deeply rooted nasty that required the user to reload the O.S. and prior to doing so backed up their important files they had stored on the infected PC and then reloaded the files etc. back on the newly reloaded O.S. if they were in fact possibly reloading the nasty at the same time????


Very possible! A virus can become part of the transfer, and the only way to get rid of it when restoring files is to first scan the drive from a known-clean system via USB or other non-internal connection.
When it comes to the need to reinstall an OS, the safest way is to first delete any existing partitions on the drive, then shut down with none formed.. powering off for a few seconds. This ensures that no resident traces will be in system memory. And with no partitions on the drive, no means of a virus to reside.
The OS install disk can do this process. After a restart, then boot directly to the OS install disk and all should be OK.
A warning with "package" systems.. there likely is a hidden partition on the drive, may be about 20 gigs or so.. of system drivers and other data. Hopefully, this was copied off when the system was purchased. But try to save that partition, or you will need to search for specific drivers for that system! Hopefully, if there, it has not been infected. But do a scan of that resource to ensure it is clean.
F@H.. to solve mankind's maladies.. in our lifetimes!
Karlsweldt
Mobo-fu Master
Mobo-fu Master
 
Posts: 19273
Joined: Wed Nov 12, 2003 11:57 am
Location: 07438


Return to Virus/Spyware/Security

Who is online

Users browsing this forum: No registered users and 0 guests