General discussion

  • Creator
  • #2130579

    Have you been hit by the “Goner” worm?


    by jasonhiner ·

    Another new virus is spreading across the Internet. This one is referred to as the “Goner” worm (also GONE.A, WORM_GONER.A, I-Worm.Goner, Gone, or W32/Goner@MM). This one can do some serious damage and it is listed as “high risk” by a number of major anti-virus vendors. Have you been hit?

    For more info, see:

All Comments

  • Author
    • #3548373

      In a word: No

      by james r linn ·

      In reply to Have you been hit by the “Goner” worm?

      We have multiple layers of anti-virus protection. All of our layers had the right signature file to defeat this one.


      • #3548368

        It was caught

        by datechguy ·

        In reply to In a word: No

        We also ‘caught’ it as it came in on the Exchange server. Yet, what worries me is the Proxy and Terminal Server, which both have BlackIce on them. I read the description of the it at, and I was told by a colleague that this virus hasthe ability to shut BlackIce down. Whch goes to show that you need more than one form of anti-virus software on your boxes esposed to the world.

        • #3547417

          Not Exactly

          by jon p ·

          In reply to It was caught

          Black Ice is a nice piece of kit for the home user, but there’s NO WAY I’d trust it on a commecial machine such as a Terminal Server or a Proxy Server.

          Neither of these machines should be directly attached to the internet, I think that you shouldseriously consider spending a few hundred bucks on a firewall and consider some kind of mail sweeper SMTP gateway.

          This worm WOULD be able to shut down an unprotected machine, you should patch Outlook on the terminal server, and the proxy server couldn’t get hit by this virus if a) no-one maps any drives to that machine, and b) No-one uses any e-mail software on it. This is an “e-mail” worm, meaning that it can’t infect a machine in the way Code Red did, you have to actively click on the attachment to get the worm going.

          You’ve got and Exchange server, a Terminal server and a Proxy server, I’d hate to think that these machines are serving a network where the only protection from the internet is a Proxy server, this does a reasonable job for what it does, but it is NOT a firewall. The price of Firewalls has dropped recently, protect your investment, (And your job!) MimeSweeper, which is what I use for an SMTP gatekeeper will sit on an exchange box in a small network (but if you go for more than 25 users then get a separate box) it runs on NT workstation, and it can be independant of a domain, and stop all those nasties at the door!

    • #3548365


      by radiic ·

      In reply to Have you been hit by the “Goner” worm?

      I use trend micro AV. The company that you have the link for the virus info. My site gets updated every morning at 7:00 which updates all my servers,exchange servers, and workstations automatically. Well since there pattern file wasnt released until 7:44 this morning, all I had to do was loginto my ant virus server and click one button which updated my entire network and whammm I was protected. Thank god for Trend…I still sing there praises, and after today even more.


      • #3548345

        Hey rad… not for nothing but

        by lordinfidel ·

        In reply to Nope

        Are you able to block extensions in micro av?

        If so, try using my method of extension blocking. I basically never have to worry about updating my definitions.

        The bad guys can throw a million brand new vbs viruses at my network and they will never get thru. Even with 2 year old virus definitions.

        Blocking extensions in my opinion is the only way to safeguard your network with the least amount of work and maintenance.

        Just my thoughts

        • #3548316

          Yes it can BUT i have to update my

          by radiic ·

          In reply to Hey rad… not for nothing but

          store.exe in order to turn on the advanced mapi functions. Since i am the only one in the IT department that one keeps moving on the list of things to do. But I still no fear cause Trend is Great.


        • #3548313

          Update… You will be glad you did

          by lordinfidel ·

          In reply to Yes it can BUT i have to update my

          I’m telling ya…. Once it is working you can just sit back and relax every time some idiot comes out with a new virus.

          I used to have to baby sit our virus posture. Always being on the defensive.

          Now I breath easy and can work on other things without having to worry about a nasty slipping thru because my definitions did’nt catch it.

          Just an suggestion from one admin to another.

        • #3548210

          Reply To: Have you been hit by the “Goner” worm?

          by jluster ·

          In reply to Update… You will be glad you did

          “I’m telling ya…. Once it is working you can just sit back and relax every time some idiot comes out with a new virus.”

          So all you do is lean back and wait until the next big ActiveX/Java/OE/Outlook/HTML exploit hits your systems, this time with something more sophisticated than just a .scr.pif and hits you? Extension blocking might be nice as ONE layer of defense, but to sell this as THE solution is a bit careless, don’t you think?

        • #3545695

          You need to define exploit vs virus

          by lordinfidel ·

          In reply to Reply To: Have you been hit by the “Goner” worm?

          They are 2 different things.

          While A virus writer might use a new exploit to carry out his evil deed.

          His delivery method still has to be employed via a e-mail attachment.

          By blanket blocking attachments, you are essentially stopping futureviruses.

          So lets say a virus writer comes up with a new virus that exploits a hole in Outlook that was just discovered an hour ago. And that virus writer packages the virus as a vbs script.

          It is fair to say that any attempts to send a vbs script into my network will be blocked because I do not all vbs files thru e-mail. Hence effectively blocking the attack.

          This method is commonly used in firewalling. I have just employed it to e-mail.

          In firewalling, you only allow in want youwant. If there is a new exploit that uses tftp and you don’t allow tftp in, then you will not be affected. Same principal.

          Take a look at the following url for all of the extensions that I block:
 basically have gone thru my system directories and selected every known file extension that can be used by the system and blocked it. With some exeptions of course that my users need to accomplosh their day to day jobs.

          And yes, I do sit back and wait. And since my network has not been taken down in over 2 years, I beleive my method works. It is just one layer of defense that I employ. But it is a big part of it when it comes to e-mail borne attacks.

        • #3547413

          That’s an interesting POV

          by jon p ·

          In reply to You need to define exploit vs virus

          Since you’ve taken it upon yourself to burn everyone who has tried to help you, I’m not going to bother, ignorant Admins who think that their solution is “the” solution are the cause of the proliferation of viri such as Code Red.

          I don’t doubt that by blocking “every known extention” you are able to keep the wolf from the door as far as blocking VBS goes, but you’re a virus writers dream come true, Visual Basic Script is just one way of hacking your system, but just by sending your users a spam mail saying “come and look at my site” and then exploiting an explorer “hole”.

          Read any security book (I’d suggest “Hacking Exposed”) and you’ll see how poor your defenses are, I wouldn’t keep my money in a bank where the only security is to check the bags that are attached to the people coming in through the front door, which is what you’re suggesting people do, I’d want safes, glass walls between the people and the cashiers, panic buttons, alarms and everything else that goes with Secure Banks today, because otherwise, the moment someone gets round your defence, you’re stuffed! (For example by sending your user a virus in a zipped file, or are you giong to block .zip extentions as well?)

          I’d really hate to be a user on your network, they’re so tied up with pointless security. They probably have a hard time doing anything on your network because you’re too focussed one kind of defence to look at the alternatives that may make your users lives easier.

        • #3547315

          Jon…. Before you blast…

          by lordinfidel ·

          In reply to You need to define exploit vs virus

          First, you owe me an apology.

          Second, I have read hacking exposed, several times.

          I never claimed that this is a “fix all”.

          But since, as I have said before, that my network has not been infected in 2 YEARS, since I have employed blocking.That has to count for something.

          Granted, I do employ various other measures.
          ACL’s at my routers, DMZ’s, patched machines, Bastion hosts, sniffers, nat for production machines, the list goes on.

          But at the mail gateway what defense do you have? And since every e-mail bourne virus that I have seen has an attachment to it. Now whether or not the attachment is autoexecuting or not is not the issue.

          The issue is if you never let the end user have the infected attachment they can not cause harm.

          Let’s refer to nimbda. If you installed IIS without install index server, and if you follow the rules of securing IIS. You made sure that the mappings for ida and idq were gone. So when nimbda came out, you were automatically immune from the exploit.

          And yes, if I find that zip files are carrying viruses I will block them too. The same way I block pdf’s, since it is now possible to nest a virus inside a pdf.

          Maybe I am paranoid. Paranoia is the default emotion of a good admin. As long as you are always thinking that someone is tracking to bring down your network, then you will always be prepared.

          I am /.

        • #3549406

          Lordinfidel – has got it right

          by c0mputer6uy ·

          In reply to You need to define exploit vs virus

          Infidel –

          Last year when the Love bug came out, I got nailed by it a second time, the same day I finished cleaning up after the intial attack. I swore never again. I agree with you, I use Antigen, and basically disallow attachments with system implications, I also do not allow MS office files as attachments either, because there is still a bit too much vulnerability in the template/macro battle front, tho most are recognized and documented. I rely on the Quarentine area to hold files, in case anyone really needs them. This allows me to scan them with the lates definitions and distribute them as warrented.

        • #3545499

          Microtrend is the best thing ,,,

          by mcarzola ·

          In reply to Update… You will be glad you did

          Since sliced bread. I used to use Nortona and Mcfee. Micro had an update for gone in a couple of hours. Ultimately the best thing is block out ext like vbs, exe .scr .bat. Pretty soon we wont allow any attachments and have users use VPN to send them.

        • #3548286

          Block Extensions

          by lluke ·

          In reply to Hey rad… not for nothing but

          As noted in some of the other responses, this is a great idea. For some reason we did not have “scr” blocked, but as soon as we heard about the virus we got it done. Though this approach does end up blocking “valid” attachments, this ensures all infected attachments don’t make into your network. The way to get around the block is to rename the file to something that is not blocked.

        • #3545690

          The way I tell my users….

          by lordinfidel ·

          In reply to Block Extensions

          Renaming is good, but I don’t want them getting into the habit of renaming stuff. Then they will get used to seeing the infamous windows unkownn file type icon and just click on it.

          Instead, I tell my users to zip things up that they need to send.

          Most AV programs will scan the archive, but they will not pull out files that are blocked.

          If if finds a actual virus it will block the entire archive.

        • #3545645

          How do you block Extensions?

          by josephed ·

          In reply to Block Extensions

          It sounds like a great idea, how is it done?

        • #3549466

          Use Outlook 98 Security Patch

          by tdennis ·

          In reply to How do you block Extensions?

          Microsoft has had a Security Patch available for a while as “o98secu.exe”. This blocks all attachments in an executable format automatically. I received in the number of 100+ e-mails, and not a single “Gone” virus affected me.

        • #3549394

          How to block…

          by sbokleman ·

          In reply to How do you block Extensions?

          You need a gateway or message blocking based on content. Norton has both. You need a 3 prong approach, on the workstation/server active scanning, at the firewall/gateway and on the mail server itself. IF you can’t prevent your users from opening attchments from browser based personal mail, you better put all three in place. It is not a matter of how you get hit.. it is a matter of when.


        • #3549396

          Block em’ all…

          by sbokleman ·

          In reply to Block Extensions

          If you are not blocking all “executabe” files types you are taking a high risk with your mail system. We get hit on a daily basis, once burned, twice smart. There is nothing worse than sending an appology to all your customers for sending them infected mail messages.

          IT Manager for a DOT.COM

        • #3567626

          block all you want..

          by jeneac ·

          In reply to Block em’ all…

          We got stung by the goner virus. I work on a helpdesk at a hospital. All users must sign an agreement saying they will not load software on their computer. Our exchange servers are set to block certain types of mail coming in from the outside. But guess what. Someone in administration thought they were above any stinkin agreement, had loaded ICQ on his pc. Tah Dah! Within moments the message was bouncing back and forth, even after turning off mail services.

        • #3546575

          That’s confidence

          by it by short straw ·

          In reply to Hey rad… not for nothing but

          Just a caution – never, never, never, NEVER, NEVER, NnEeVvEeRr use absolutes when discussing systems!

          The only certainties beyond death and taxes are that the low-lifes will always have the time to find a way through; they don’t otherwise have alife, you see.

          Please forgive the callousness, but – as an illustration – I watched an A&E (I believe)Special on the design and construction of the WTC last spring. One “assurance” made in an interview on that program was by one of the center managers. His assurance was along this lines: “… these buildings will withstand the impact of a fully-loaded jetliner.” He is missing and presumed dead as a result of the tragedy of 9-11.

          I would certainly NOT recommend to ANYONE in this business that they apply less than FULL RESOURCES AFFORDABLE to protecting their systems and their jobs.

          Please consider what I’ve said.


        • #3549369

          This virus should not have spread at all

          by admin ·

          In reply to Hey rad… not for nothing but

          How many times do we have to tell people not to open attachements when they don’t expect them? I can recall at least one other virus in the past six months which had similary behavoir basically saying Hi?!? How are you can you look at this for me?!?!?

          The pure simple fact of the matter is that most people who are infected with viri of this nature don’t follow the simplest of saftey precautions. Personally I have Outlook XP and couldn’t open the attchment if I wanted to. Lets educate some end users people!

      • #3545664

        Lessons learned

        by johnm ·

        In reply to Nope

        Like radicalis, we use Trend Mailscan (and love it) but learned that Murphy holds trumps. We update virus defs every night, so Goner wasn’t in our update. Like Rad, our admin heard about the worm before it struck and hit the manual update,too, but something went wrong with the download (traffic load at Trend?) that left us with a corrupt file that stopped the service, wouldn’t allow restart, and that kept us from using a fallback of blocking extensions. At least two instances made it into a neighboring WAN and were triggered by users there who shared our global address book. None of our users triggered the messages that flooded in (this time)so cleanup wasn’t too bad.

        We downloaded a fresh copy of the defs on another machine, moved it on floppy to the server (they had to read the manual to learn how, but it is a simple copy into the folder) and have issued some new procedures. For one, keep a fairly recent copy of defs somewhere on the server (or even on floppy) as a fallback so that you can at least restart the service and start blocking extensions until you get a valid update.

        • #3545529

          Thanks for the Info

          by radiic ·

          In reply to Lessons learned

          I am going to make a copy of the virus defs right now.

          Thanks to Lordinfidel too for info on extension blocking, I am going to move updateing my store.exe to the top of the list.


        • #3549252

          Problems with AV updates from all

          by zadok0552 ·

          In reply to Lessons learned

          Good work on your recovery!! AV software not updating signature or dat files – That’s a real problem! I have had various AV software progs. (from different vendors, obviously) fail on the update the same way. And we’re talking about client machines,not fancy servers! By the time you get the problem resolved, some other teenage boy has written malicious code, and some machines get infected. These are stand-alone laptops with autoupdate enabled. When I get them back, and try a manual, about 30% of the time I also get lockups, and I don’t use Trend Micro, so it’s not just their problem. Yes, we can educate users… Thank gooness the kids who wrote Goner were caught. I hope several governments get involved to make sure that an example is madeof them!

      • #3545593


        by stuart ·

        In reply to Nope

        YES, WE have been hit. Ironically I am in the middle of switching to NAV corporate AntiVirus, which is so much better for us.
        it uodates automatically and pushes the updates to the workstations.

        • #3545526

          Yea But…

          by radiic ·

          In reply to GONER

          As of 4:00 yesterday afternoon Norton still had not released a pattern file that would catch this virus. Tren had theres out at 7:40 yesterday morning.


      • #3549743

        Reply To: Have you been hit by the “Goner” worm?

        by coverton ·

        In reply to Nope

        If you have Auto Preview or Preview Pane turned on, can you be infected by this virus?

        • #3567623

          depends on who you ask

          by jeneac ·

          In reply to Reply To: Have you been hit by the “Goner” worm?

          When we were hit and it was bouncing around on our servers. Many claim they had not opened the attachment. We found in some cases it showed an attachment and sometimes it did. It was our theory those that did not show an actual attachment and showedup in the preview pain were the ones sending out. But if you read a lot of the other postings they stress you have to open the document. The question then is are you really opening the file or not when in auto view.

    • #3548363


      by n37d3v1l ·

      In reply to Have you been hit by the “Goner” worm?

      i also have multipule layers of antivirus, using Trend’s suite. ScanMail was able to detect it, and Serverprotect isolated to prevent spreading to the clients, protected by Office Scan. One Exchange server that had PE_Magistr.A effects on it, with the GONER worm, caused the antivirus to stop, but did not effect the Server Protect.

      • #3545639

        Virus software:

        by rleeunc ·

        In reply to Trend

        We are looking for a virus software solution for our mail server (NT4.0,Exchange 5.5). We have demo’d Norton and Trend. I liked Norton better because of the screen that showed me all the info about who sent the infected e-mail, who received it, whatit was infected with, etc. I never found that info in the ScanMail demo. Was it there? Is Trend the way to go?? Thanks for the assist!!!!

        • #3545591

          ScanMail details

          by johnm ·

          In reply to Virus software:

          I’m not the Email Admin, so I don’t have the nitty-gritty, but our ScanMail is set to e-mail the Help Desk (to which all us Techs have access)with a report every time it catches a virus. The e-mail report includes the sender, intended recipient, what the detected virus was, and what the system did with it (cleaned attachment or stripped and stored). I have the Help Desk inbox on my Outlook shortcuts and it is showing 130 unread e-mails at the moment – pretty much guaranteed to be all virus messages. We are pretty happy with Trend and have a better track record than the other campuses in our system that don’t use it.

        • #3545524

          TREND is the Way to go…

          by radiic ·

          In reply to Virus software:

          The info you are looking for is just like the JohnM said. You set it up to email you. I have a folder in my outlook that I send the Virus Alerts into I know immediately when one hits. Also another awesome thing about Trend is that it installs anddoesnt need to reboot. I could go on for hours about the features but I wont. You wont regret going with Trend. I have used it for over 3 years now, and have never had a machine down due to a virus. (knock on wood) 😉


        • #3546776

          Antigen is the way to go

          by tekcetera ·

          In reply to Virus software:

          Hi be sure to evaluate Antigen for Exchange from Sybari ( Switched to this after Anna Kournikova and haven’t had problems since. Mulitple scan engines and configurable file filters can be set up. I sleep easy now. Gui takes a little getting used to but there is a very good user guide.

      • #3545527

        Trend is great…sorta

        by marence ·

        In reply to Trend

        We have Trend on server & clients. We also had/have about 100 out of 300 users infected. Why? No new signature files yesterday morning. Didn’t get them til afternoon. By that time, one user (let’s call him Mr. X) received the file from his wife. He opened it (because it said HI!, and it was from his wife!) and boom!
        Why boom? Well, Mr. X works in IT. Our users all said “Well, it came from Mr. X, so I thought it was safe!”
        And yes, a number of them are still asking what the screensaver looked like.

        • #3549734

          What software was quickest

          by newslettersben ·

          In reply to Trend is great…sorta

          I support two networks. One running Network Associates Groupshield for Exchange the other running Symantec’s Exchange antivirus. I couldn’t get updates until @3 pm for either of them. The Groupshield was the first network got hit around 11am? Does anybody know what software was the quickest to get out their updates?

    • #3548352


      by schwit ·

      In reply to Have you been hit by the “Goner” worm?

      We are running the latest McAfee(4173) on the desktop and Sophos on MailMarshal. It got through. Mail is out for the day as we clean out PCs and servers.

      How bad does it have to get before the death penalty is warranted for the people that write this stuff. No I’m not joking.

    • #3548351

      Yes…Already up to about 40

      by lordinfidel ·

      In reply to Have you been hit by the “Goner” worm?

      Of course no sooner than I sent out my virus bulletin this morning about this virus.

      About 5 of my users contacted me asking me to retrieve the quarrantined scr file for them.

      In case your new to any TR discussions about viruses and have neverread any of my posts. I am a big advocate of blocking the majority of file extensions at the mail gateway.

      So in fact, even though a new virus comes out. Using my method, your users will never receive the actual virus attachment.

      It just goes to show that users are idiots and should never be trusted with policing themselves.

    • #3548350

      Managed virus protection way forward

      by rabs ·

      In reply to Have you been hit by the “Goner” worm?

      Everything is tiered these days and virus protection is one of them. Get yourself an internet based managed AV service and a good corporate level AV product on your network. Keep it up to date and you’ll beat most!

      • #3548205

        Got it….

        by jay_2871 ·

        In reply to Managed virus protection way forward

        We have Scanmail running on our Exchange server and InoculateIT on the desktops, all signatures files had updated in the morning successfully. Being stuck in meetings all day we were not aware of the outbreak and were not able to update signatures or block attachments in time, unfortunately this one got us.

        • #3545627

          Alerts came in little too late

          by siddman ·

          In reply to Got it….

          I’m signed up for security alerts from both McAfee and Trend Micro. Both of them came around mid day. One got it yesterday and second one today. Not too bad. Expecting more viruses as it’s the holiday season. More excuses for click happy folks!

        • #3545496


          by mcarzola ·

          In reply to Alerts came in little too late

          You cant sit back and wait you have to check logs to see if anyone has gotten a virus. We knew because we started receiving tons of emails from a person who opened the .scr up. After that we took them offline and clicked to update the Micro. After that it was done. The Exchange server reported catching 840 infected emails and moved to delete the attachment and we were good.

    • #3548321

      I got the virus

      by damaskk ·

      In reply to Have you been hit by the “Goner” worm?

      I got the virus in about 20 workstations. I am having Norton Antivirus corporate edition program and I am still waiting for a new definition file from Norton.
      On the mid-time I search and delete all files named gone.scr on inflected workstations and delete the registry Key. See the following link for more info:

      Take care now. Bye

      • #3548294

        AV Scanning @ Internet level

        by el roy ·

        In reply to I got the virus

        I was not hit with this virus nor were ANY of the customers of a company called MessageLabs. Apparently they are able to do this because they use 4 AV scanners and have their own scanner called skeptic. I spoke with one of their guys a few weeks agoand he said that they have never had ANY of their customers infected with a virus. I didn’t believe them so I checked them out and they are telling the truth.

        • #3567643

          I saw it with my own eyes

          by wingnut_92620 ·

          In reply to AV Scanning @ Internet level

          My company was conducting a test pilot with MessageLabs when a vendor attempted to send us the attachment. The email was sent to us by 9 AM on the 4th. MessageLabs caught it and stripped the attachment. Our internal servers were stripping .exe and .vbs attachments but not .scr. I’m the Help Desk manager and if we would have been infected, my life would have been hell. MessageLabs saved me A LOT of hassle and the company a fortune. (And, can you believe they decided the service was too expensive and they nixed the project?)

    • #3548314

      Hit this morning.

      by bill from catalina ·

      In reply to Have you been hit by the “Goner” worm?

      Yes — It was received with the classic “How are you? When I saw this screensaver…” message from a vendor. Fortunately I was suspicious enough not to open the “Gone.scr” attachment. I have since put out the word to our users.
      -Bill Peterson
      Catalina Express

    • #3548272


      by carlosirivera ·

      In reply to Have you been hit by the “Goner” worm?

      Got it this morning. Fortunately, Norton had been giving me problems with our end users, so last week I started rolling out McAfee VirusScan. Only 3 users were infected, the last three still running Norton.

    • #3548252

      Hit this evening

      by beecee ·

      In reply to Have you been hit by the “Goner” worm?

      After 3 mail alerts about the virus to the employees.. sure enough, 5 minutes before quitting time. Only reason it hadn’t been caught by our mail server is because we were waiting until after hours to reboot the mail server for viri def updates (the guy doing these updates… does them… wrong…)
      But, was 5 out of 800 users infected… not bad.

      • #3549770

        Dim Wits

        by cdietz ·

        In reply to Hit this evening

        We had 5 dim wits out of 40 here push the button and start the virus. We are a Sub. of a large company and it got through the “Ac…” in out Global list before I stopped it. It never should have made it in here. We use World Secure and they did not have the 4174 virus pattern on there servers yet. I tried to stop the smtp relay service but it did not stop until I pulled the network cable off of the server. 18 minutes of mail got out from the time we were infected untill I had corrected the problem.

        • #3546609

          Do yourself a favour……..

          by itmail ·

          In reply to Dim Wits

          Get a copy of Sophos.

          Its the lightest virus engine i have ever come across. The updates are regular and can be updated via a logon script.

          The trouble shooting time saved alone would pay for twice over.

          Sorry to sound so smug but virus attacks dont get further than my inbox. It really works.

        • #3549149

          Want smug?

          by lordinfidel ·

          In reply to Do yourself a favour……..

          Viruses in my network never even make it to my users inbox.

          And it has nothing to do with my AV scanner picking up viruses.

          I can use a free crappy av scanner for exchange, as long as I can quarrantine extensions at the mail gateway.

          Screw updates and virus definitions. Remember someone has to get infected first before an update is released.

    • #3548213

      They only read the wrong ones

      by dad1964 ·

      In reply to Have you been hit by the “Goner” worm?

      Yeah, I got hit. I received a warning about the virus and promptly sent an email warning my 100+ users to avoid it. Delete it, that’s what I said….

      I even set the email server to screen out the .scr extension on attachments. Of course, it was too late to screen it, but I hoped my warning would be heeded.

      It’s 9:00 PM Eastern Time. I’d rather be home with my kids, but I have Users.

      Remind me to never, ever, trust a User again…….

      • #3545636

        Why Don’t they LEARN from past mistakes?

        by charles byrne ·

        In reply to They only read the wrong ones

        We’ve had about 5 of these viruses starting with bubbleboy. We didn’t implement the screen until it was too late. You would think that users would learn. I guess it isn’t all that bad. Only 5 out of 50 actually clicked the damn attachment(Of course that was because I did a group broadcast warning about the virus). Of course the exchange server was down most of the morning. And 2 of the users who clicked the virus actually had the nerve to ask me when it would be back up because they wantedto see what the screen saver did GEESH!!!!!

    • #3548212

      The wonders of Unix

      by jluster ·

      In reply to Have you been hit by the “Goner” worm?

      We replaced every system in our company with BSD machines (including admins and non-techs) a while ago. Not only did this greatly improve productivity (no more crashes, etc.) it also protects us from most malice we’d face otherwise. mutt as an emailclient is just not affected, so we’re safe.

      Did we get hit? Heck, yeah. According to our .procmailrc each employee got between 10 and 1300 of those nasty bastards. Neatly intercepted and stored away that stuff now awaits analysis and us contacting our less fortunate peers.

      • #3549637

        Norton is a little slow

        by james schroer ·

        In reply to The wonders of Unix

        Does anyone else run Norton on their systems? I love Norton to death, it seems to run so well on our Windows 2000 machines BUT they always seem a little slow about getting out the DATs. Same thing happen with Nimda. Needless to say I had to pull the plug to our internet and external mail to protect us from the worm untill I got the DATs at 4 cst (3 hours of down time). It worked and saved us a lot of problems but it didn’t make some people very happy.

        • #3548437

          Virus Scanners

          by jluster ·

          In reply to Norton is a little slow

          I’ve stopped deploying and using scanners completely. They’re rarelt up to date (even if synced twice a day one usually gets the first outbreak “live”) and deliver a false sense of security.

          What we’re doing is easy: We educate. From Admin to Sales, from IT-Engineer to CIO, from President down and Frontdesk up – everyone gets the same Spiel: DON’T.

          There’s steps one can take: Remove Outlook and install something more stable and less exploitable. Teach your staff NOT to open attachments. Tell them WHAT an attachment is and why it’s dangerous. Make this a policy. Fire people who violate the policy. Sounds harsh? I don’t think it is.

          If employees are allowed to take laptops home, they get a 45 minute training. It’s “online” via a RealVideo they must watch. When finished watching, they “sign” an aggreement online. Again, violating these policies results in dismissal. A VP had to go, and our Prez was quite clear on this one.

          Pulling the plug, disinfecting machines, etc. is justnot an option. It never is, this company don’t sleep 🙂

    • #3548183

      Yep, we got it

      by v.a.milewski ·

      In reply to Have you been hit by the “Goner” worm?

      We were hit first thing this morning at the law firm where I work in Tech Support. A number of our users thought it was an in-house e-mail and therefore “safe” to open; so lots of them did! Our mail servers were taken offline before 9:15 am Pacific time to clean off the messages.

    • #3548004

      Yes we have

      by insane0309 ·

      In reply to Have you been hit by the “Goner” worm?

      We have been hit by the Goner worm. We have a corporate e-mail system and it has gone through our global address book. It came with the subject line as “Hi” and inside the e-mail it said something like, “I saw this screen saver and thought of you” and has an attachment. We have sent out the latest virus definitions to the users. They have been informed of the threat and we have the removal tool and instructions to get rid of it.

      For more information check out


      • #3545756

        Wounded is more like it

        by dmoretti ·

        In reply to Yes we have

        My campus has been hit by the worm. Yet my network which is on a different segment/infrastructure has not been affected. I am currently running Norton AV Pro 2001 and Office XP Pro (Outlook 2002) with high security settings. The email arrived but Outlook deleted the attachment and Norton confirmed a clean machine. Our campus email system is a total wreck though.

    • #3545758

      McAfee, Symantec, or Trend Micro

      by lanwanman352 ·

      In reply to Have you been hit by the “Goner” worm?

      No, we haven’t been hit with “Goner” yet, but we’re still on the look out for Nimda varients. Network Associate’s (McAfee’s) Knowledge Center posts many known problems with their retail and enterprise VirusScan software.

      It’s become a full time job supporting McAfee updates, upgrades, and registry fixes. Did you know that McAfee tech support will send your users a detailed instruction on how to make complex registry changes – scary.

      Symantec products seem much more reliable and easier to maintain in a home and medium size LAN environment. The team at Trend Micro have some great solutions as well. Too bad my employer opted to renew a McAfee grant good until 2003 despite my recommendations! Keeps me in work though. . . . 🙂

      • #3567644

        Symantec Managed by far

        by jwcox3 ·

        In reply to McAfee, Symantec, or Trend Micro

        Used McAfee for the longest because people were used to using it, But after myself and other techs having to reghost machines due to security constrants, we went to norton corp.. Updates everyday and with one click.. Also it is protected from those special users.

    • #3545747

      Got it – but not spread

      by jimhm ·

      In reply to Have you been hit by the “Goner” worm?

      A number of our employees have received it – our folks have fixed it … but because we are using Notes – it hasn’t been spread to any others inside or outside our company.

    • #3545741

      Unfortunately, ues

      by dave butler ·

      In reply to Have you been hit by the “Goner” worm?

      We first got the file at 4:45 Tuesday (12/4) from a consultant who fell for the trap. He noticed the emails going out and called me to warn me.

      To make matters worse, the original message was sent to my home account and opened by my wife who, naturally, thought it was safe, since it was coming from me. So I somehow managed to infect myself.

      • #3545736

        It can sit on a Mac

        by evansed1 ·

        In reply to Unfortunately, ues

        We have about 180 systems. Macs, Suns, Linux, and Windows, but the only one that actually had the virus activated was a Mac. It placed the Virus file on the desktop, deleted it. If a PC had attached to the Mac would it have gone to the PC?

    • #3545733

      This is an MS virus

      by sdunne ·

      In reply to Have you been hit by the “Goner” worm?

      Everyone should be calling this virus what it is: a Microsoft virus. It’s not an Internet virus or a computer virus. Only computers running MS Outlook are infected by it.

    • #3545670

      Goner problem

      by techmanny ·

      In reply to Have you been hit by the “Goner” worm?

      We were hit by the goner virus yesterday & it has made my life hell since. While we had to reinstall antivirus on several machines in our network I discovered hybrus & lovebug hiding on many machines also. I’m still working on it.

    • #3545659

      Yes, but appears cleaned

      by hrights ·

      In reply to Have you been hit by the “Goner” worm?

      I had two of my fifty users open the attachment. This resulted in just over 1000 infected messages. Luckily it hit at the end of the day, and most folks had gone home. An update to McAfee Total Virus Defense on the Exchange servers was successfulin cleaning the infected messages. I had to do repairs on the two workstations, but am hoping all is back to normal. I checked for an update yesterday when I first heard about the virus, but none were available. Then due to meetings and such (andbeing the only I.T. person) I was not able to get the update in time to keep the virus from getting in.

      • #3546816

        Another wave – protected this time

        by hrights ·

        In reply to Yes, but appears cleaned

        Well, another wave hit, but Groupshield on my Exchange server stripped the virus from the offending e-mails. This new wave was a little strange though. My user who’s account originated the messages was not in outlook (I was with her when it started). 220 messages later, everything is calm again. I did all the manual removal instructions, ran a removal/detection tool from Panda and then reinstalled the virus protection. After all this, I ran McAfee virusscan on all files on the computer, and it found another instance of the virus after everything else said the machine was clean. It was titled gone[1].scr and was in c:\windows\temporary internet files\content.IE5\O1E34T6V\gone[1].scr

        I had not seen any mention of this file name or location before (also, doing a search on the pc using *.scr and gone*.* did not find this instance……

        • #3546579

          It seems to replicate almost randomly

          by marence ·

          In reply to Another wave – protected this time

          We found gone.scr in c:\windows\temp, c:\my documents, and c:\temp as well as in the temporary internet folders. gone[1].scr thru (in one case)gone[37].scr were also found on some PCs, although not evryone’s ans in different places.
          We found doinga “show all files” then search on “gone” found all instances, and it was able to be deleted without going to DOS to do it. Of course, remember to empty the Recycle Bin.

    • #3545651


      by garbski ·

      In reply to Have you been hit by the “Goner” worm?

      We got hit yesterday afternoon and shut down our mail server until we got the update. I was expecting it at home, but I’ve been educating all my friends about email viruses and it seems to have paid off. Too bad we can’t do the same at work, but we’re trying….

    • #3545643

      Couple of them got through

      by jellimonsta ·

      In reply to Have you been hit by the “Goner” worm?

      Unfortunately our scanmail was not blocking the SCR extension which I have now changed, so we had about 7 or 8 people get infected by the Goner virus yesterday afternoon. Being as Norton only came out with the definitions 2 hours later we tried to police the issue as much as possible. Unfortunately although we sent out an “urgent” email warning against opening the attachment we still had a number of people do so. Never underestimate the stupidity of anyone is what I say 🙂

      • #3545629

        Nothing so far

        by clearsmashdrop ·

        In reply to Couple of them got through

        Our Exchange server has been blocking the virus. No, infections on any of the clients. We got brutalized by Nimda and learned some hard lessons.

        However, we still fear someone opening the attachment via Hotmail or Yahoo. So making sure they virus definitions are updated is still important.

        As, to users, some are great. They immediately, informed us about a “new” virus from the news. We had already heard about it, but its still helpful.

        But, some are amazing. We send out an emaildo not open any attachments labled “THIS IS A VIRUS” and sure enough you will get 1 or 2 people that email you asking for there deleted attachment. 🙂

    • #3545638

      3 infections

      by curtisinterruptus ·

      In reply to Have you been hit by the “Goner” worm?

      We had three clients get hit, but only because they had changed their Outlook security to allow scripts/attachments. Norton’s Corporate 7.5 missed them and our Mdaemon DKAV missed it also. I removed us from the WAN to prevent our customers/vendorsfrom taking hits and then immediately disabled our email system. I quickly reconfigured DKAV to catch and delete the attachments and this slowed down the onslaught. I removed all infected emails from the email server. By this time, Norton and DKAV had finally updated their software. I “corrected” the 3 infected clients and then brought up email and WAN services. We are still getting infected emails but our two AV packages are catching them.

    • #3545539

      HELP!! Can’t get gone.scr off Exch Servr

      by tericm ·

      In reply to Have you been hit by the “Goner” worm?

      I have the gone.scr virus on my Exch 5.5 box and I have run the Symantec removal tool 3 times and after the second time it says it is not found. As soon as I reboot it is back again, any ideas of where it is hiding. I can’t find it running anywhere, i.e. Task man or in the registry. Norton AV keeps quarantining all the instances it finds but I can’t get rid of it. Thanks for any help.

      • #3545470

        Norton sucks.. Follow these directions

        by lordinfidel ·

        In reply to HELP!! Can’t get gone.scr off Exch Servr

        Never ever ever, let your AV product do the work for you. Don’t care if it’s norton, mcafee or trend. Always remove the virus yourself.

        1. Unhide known file extensions and system files.

        2. search for gone.scr (i prefer *.scr) and delete that file.

        3. Open regedit (start/run/type regedit ,press enter)

        4. go to HKey local machine/Software/Microsoft/Windows/CurrentVersion/Run Look for the key on the right that says C:\winnt\system\gone.scr


        Once it comes back up look at the reg key again. If it is not there then the virus is gone.

        The 2 big locations that viruses add keys to are that location and the run once location.

        This insures that loading at boot up.

        • #3575092

          What else is eating up outlook espress ?

          by honeyyear ·

          In reply to Norton sucks.. Follow these directions

          I thought it was Goner, buthaving followed all your advice thoroughly, I can’t locate it. Every few days, my outlook express 6 is having all the emails and folders wiped back to its orginal start mode; NAV email protection gets disbled and needs tobe reinstalled; and now it no longer syncs with my hotmail. I’m boggledl; what other culprits have been out there, this started about 2 weeks ago.

          I usually get my email synced via hotmail and once I have deleted all the schlock from bulkmail and spam I drag stuff to my inbox. How vulnerable is that really? Thanks

      • #3547383

        Re: HELP!! Can’t get gone.scr off

        by jydejohnson ·

        In reply to HELP!! Can’t get gone.scr off Exch Servr


        Go to the the task bar, there should be gone running as a process. End the process and then go to the folder options to show all files and uncheck the hide file extensions and hide protected OS boxes.

        Go to system32 folder and delete gone.scr file. Go to the registry HKEY LOCAL MACHINE, software, Microsoft, windows, current version, run and delete the key associated with gone.

        Reboot and you should be all set.


      • #3549234

        Manualy fix it

        by fstradley ·

        In reply to HELP!! Can’t get gone.scr off Exch Servr

        1. unhide your files and extensions
        2. do a search for gone.scr or *.scr and delete that file.
        3. go to run and type regedit, go to HKey local machine/software/microsoft/windows/currentVersion/run and look for the key
        4. Reboot your machine.
        Hope this works it’s a copy from another fix.
        If not you are probably looking at a clean install and upgrading your virus checkers.
        GOOD LUCK my friend

    • #3545471

      Still Haven’t Seen It Here

      by netyoda ·

      In reply to Have you been hit by the “Goner” worm?

      We haven’t seen it here yet at all. We had our mail gateway down overnight on the 4th/5th until we were sure we had the NAV updates from Symantec and have been checking all day but nothing so far. We don’t run Outlook internally for mail so it wouldn’t spread if it did get in but I’m surprised we haven’t picked up something by now.

    • #3549801


      by doctorjohn ·

      In reply to Have you been hit by the “Goner” worm?

      I feel somewhat left out by all this. Code Red, Yucky Outlook, Goner… I feel so lonely that I am thinking about switching one of our servers from Linux to MS just so I can get in on the fray.

    • #3549685


      by debbie.minerva@lakelandgv ·

      In reply to Have you been hit by the “Goner” worm?

      Our email servers have been down since Tuesday afternoon. The workstations were easy to clean up but our Exchange servers would not restart the Information Store. We will probably be down until sometime tomorrow.

      Only about 15% of our users have Office XP (and therefore the attachment was blocked), so the other 85% were vulnerable with Outlook 98. The problem lies with our end users, who refuses to be subjective when opening email. They click before they can think. This will definitely result in a strong push to load Office XP on the remaining workstations out there.

    • #3546588


      by htos1 ·

      In reply to Have you been hit by the “Goner” worm?

      I’ve been doing the digital thing since ’77.I have yet to even SEE a virun on our nodes.I kinda would like to get a copy and recode it to something useful.

    • #3548678


      by aasif73 ·

      In reply to Have you been hit by the “Goner” worm?

      yes we were hit but no demage was done due to teh timely action and detection. Thanks to Norton for the early fix which maily saved. Main reason for the safty was not using the Outlook express.

    • #3548677


      by aasif73 ·

      In reply to Have you been hit by the “Goner” worm?

      yes we were hit but no demage was done due to the timely action and detection. Thanks to Norton for the early fix which maily saved. Main reason for the safty was not using the Outlook express.

    • #3548393

      Civil Suite(class act.)against creators!

      by carlese ·

      In reply to Have you been hit by the “Goner” worm?

      We lost a day of productivity, 400 computer users, and IT spent lots overtime fighting it.
      Why cant all the businesses affected, file a class action suite against those that create these viruses, that cost us thousands & thousands of dollars. We need to set an example of these people!!!!

      Calvert County Maryland

      • #3548379

        W32.Nimda.enc (Goner)

        by thee133 ·

        In reply to Civil Suite(class act.)against creators!

        running 2000 Pro with Norton software, this entered system and was trying to exit some mail a got caught, used Symantec Goneer software patch and executed it. Seems to be a goner now for sure

      • #3549480

        Good Defence System

        by webman000 ·

        In reply to Civil Suite(class act.)against creators!

        I use ETrust EZAntivirus suite of protection from Computer Associates. It consiste of an antivurus program, a firewall program and another DeskShield program. The combination of all three offers maximum protection. I have not been hit with Goner.

        Ross K

      • #3549238

        class action??

        by typicaltechy ·

        In reply to Civil Suite(class act.)against creators!

        you’d have to include Microsoft in the lawsuit and they seem to be armor plated when it comes to being sued.b

    • #3548388

      Another Microsoft hit!

      by wware ·

      In reply to Have you been hit by the “Goner” worm?

      Fortunately, I use Netscape for E-mail. Recognized the possibility of a virus, which came from a theological seminary. When I attempted to access the seminary web site, it was down! Clue, clue, clue, and I still tried to open it. But, with netscape E-mail, it did nothing.


      • #3549462

        Newbie Admin

        by mdby22 ·

        In reply to Another Microsoft hit!

        I am a Newbie Admin. I had the goner Virus and had to shut down for four hours and then decided instead of losing productivity would just shut down the exchange link to the outside world. We got hit at 7AM Tuesday and InnoculateIT didnt release the update until much later, then to realize the administrator had put off installing the Innoculate program on ALL computers and the ones that had it were getting thier updates via FTP which we don’t allow on our network. What a learning experience and thank you for the list of blocked extension now I won’t have to research for them. I am was going to do extension blocking. And I have had all my users setup so their outlook is on Autopreview instead of having to double click to see the message they can preview it and delete it if it is suspicous. And I have had them turn on the “Would you like to read your new message feature.” So they don’t open a message before they know what it is or who it is from. I also do a helpdesk Website which teaches them how to use programs what to do and not do, policies and procedures.

        Have a nice day..
        Timothy Rhoads

    • #3549420

      “Goner” Virus

      by mtm ·

      In reply to Have you been hit by the “Goner” worm?

      Two of our computers were hit last week. Even though I did not actually open the file but had Outlook set to preview mode, it did leave a piece of Goner on the one system. I ran Norton Antivirus and it appears to have cleaned it up.

      On another computer, I set the preview mode off and it did not end up having any traces left on it by the virus.

      Even though it did not appear that any of the other computers were hit, just to be on the safe side, I updated and ran Norton on all of our systems.

      Again, on the one system that it said it infected, the message was not clicked open and the attachment was not executed but it still left traces. So for anyone out there who received the HI message, I recommend updating and running yourvirus scan to make sure it didn’t really affect your system.


    • #3549397

      Yes – only as safe as your dumbest user

      by tcold ·

      In reply to Have you been hit by the “Goner” worm?

      You can do all you want, and spend all you want, but if any individual still opens unexpected e-mails and/or attached files, none of the rest matters.

      • #3549366

        …exactly right!

        by irwintyler ·

        In reply to Yes – only as safe as your dumbest user

        One user initially was infected and ended up sending out 300 copies, mostly within our network. NO ONE here opened this message and we were able to clean out all traces from our systems with no harm done.

    • #3549382


      by c0mputer6uy ·

      In reply to Have you been hit by the “Goner” worm?

      This attack is meant to loosen up security by blowing away firewalls and other security devices. I have a sneaking suspicion that another attack is eminate. Make sure you get things patched up ASAP. This two prong attack is going to be the next big thing in Viral attack plans, Code Red used the same principle. The first attack pops a bunch of holes in your security, then next wave exploits all of them, hoping you missed one. The timing of this makes it seem like a possible Dos Attack meantto eat up valuable Holiday shopping bandwidth. So get your Online shopping done now, before the pipes get clogged.


      PS your not paranoid if their really after you.

      • #3549250

        How do you figure? Have not heard..

        by lordinfidel ·

        In reply to GONER FIRST OF 2 PRONG ATTACK?!?!?!

        From my understanding of this one, once run (after the replication) it then nicely adds itself as a backdoor trojan used for DoS on IRC. Besides deleting key common AV files.

        However, the IRC channels were not pre determined. There are several mitigating factors. First of which, the user must have IRC software installed. And second they have to initiate a mIRC session. Once the session is initiated then the trojan will begin it’s attack on that channel.

        I was not under the impression that this had the ability to exploit firewalls or IIS servers. Even if the infected user had drives mapped to those systems. Those systems generally do not have e-mail clients and or mIRC client software on them.

        I may be wrong on the above points. I would be curious to see any other findings related to this trojan.

        If you have new information regarding this please let us know.

    • #3549364

      Gone, Gone, Goner

      by ghosbtuster ·

      In reply to Have you been hit by the “Goner” worm?

      SSA intranet was nailed by the Goner virus. And it DID cause DoS. LANs and WANs across the country were having to take their Exchange Servers down for the afternoon until it could run its course. In addition, we put a blocker on the Exchange Server to intercept the virus at the ES, before it was passed to the clients. The only problem was that the clients still saw the little envelope on their Outlook, showing that they had mail, even though, we had intercepted the virus. But, we seem to be clean now.

      • #3549328

        Hit Hard by Goner

        by libresiempre ·

        In reply to Gone, Gone, Goner

        got the pentagon file, opened it, and in seconds I saw it send it self out to my database of names. I ususally keep my pc on at home. this night I shut it down, then rebotted in the morning and it re-sent to everyone in outlook again.

    • #3549315

      Yes and ouch

      by dustin_writes ·

      In reply to Have you been hit by the “Goner” worm?

      It was all my own fault, I admit it. A business contact I haven’t spoken with in more than a year sent me repeated messages that I suspected were dangerous.

      After deleting, I don’t know, a dozen of them I should have called her but didn’t. Then one evening without thinking I just went down my list of new email and opened it.

      Damn it! Stupidity really can hurt. It disabled my Nortons, my firewall and began taxing my machine. Then it jumped over my network.

      On the upside, we don’t useOutlook – we opt for outlook Express and a series of third party scheduling tools.

      As I reinstalled and reinstalled Norton, I couldn’t help but think of the analogy of one germ in a field of cloned livestock taking down the whole population. And although I’m glad I didn’t help spread this thing with Outlook I couldn’t help but think how little this would have impacted me using RedHat or Mandrake.

      I’ve since downloaded the ISO images for new versions of both OS but I still haven’t got my system clean, i.e. my cr-rw isn’t running properly. But soon I intend to at least investigate the practical desktop application of the open source OS.


    • #3549237

      Goner Worm

      by billmoss ·

      In reply to Have you been hit by the “Goner” worm?

      I’ve received at least 10 of these due to people being infected and not cleaning their machine. All have been detected by my Linux proxy and its AV software. For curiosity, I allowed the worm on a clean install of W98SE on a spare drive. Norton AV did not detect it until I updated to the latest (at the time) definitions (4 Dec. 2001). An older version of Fix-It utilities (mid november definitions) did find the worm but could not fix the file and simply deleted it.

      The same test on a WinNT 4.0 server/SP6 clean install, yielded an immediate error from the OS, compaining about an incorrectly running program (Pentagon) and illegal access to a dll.

      Again, Linux using f-prot and a full firewall found the attachment and confined it to a protected area; the tripwire monitor then sent me email on my Win32 machine.

    • #3549129

      I Was A Goner Too

      by stefano2 ·

      In reply to Have you been hit by the “Goner” worm?

      I received the Goner message from my father-in-law, whom I like, so I naturally opened the message. The text in the message sounded something like he would write. I opened the message, read it, then left the house to run errands. Next thing I know, I’ve got messages from friends who said I’ve got a virus.

      It affected my OS, in addition to my virus protection software, so I reformatted my hard drive and reloaded my OS…and all my applications. It’s been 4 days and I’m still dealing with the ramifications.

      P.S. This virus is really bad for those of us who are not exceptionally PC savy. Bummer.

    • #3567722


      by troxler ·

      In reply to Have you been hit by the “Goner” worm?

      Warned through a article received from techrepublic, we was able to update Internet security from Symantec before this worm was hiting other systems in Switzerland.

      Thanks for the quick warning

      R. Troxler

    • #3567618

      Yes.Can U suggest a remedy?

      by niveditasun ·

      In reply to Have you been hit by the “Goner” worm?

      Can anyone suggest a remedy

      • #3569505

        Switch to Mac

        by edbishop ·

        In reply to Yes.Can U suggest a remedy?

        Microsoft IS a virus.

        • #3569425


          by marzipan ·

          In reply to Switch to Mac

          I’ve got it! …

          Buy a PC from a company that has a track record of keeping it’s technology completely proprietary, suing the ass off anyone who tries to compete, keeping retail prices for components at 2-3 times what they cost and avoiding financial ruin only because an “inferior” company needs it to continue to exist as part of a legal defense in Federal anti-trust actions.

          Make sure you get “special versions” of the office software that your customers and business partners use, the software that is owned by that same competitor. But make sure that these “special versions” are developed by a different software team and released with different features on a different schedule than the “original” versions that everyone else uses.
          The best part of a purchase like this is that, because your PC will have an inconsequential market share, you can blame every problem everyone else has on the fact that they did not have the same foresight as you in selecting their PC company.

    • #3569502

      Simple Inexpensive Solution!

      by jkar ·

      In reply to Have you been hit by the “Goner” worm?

      Simple Inexpensive Solution!
      Besides having updated Antivirus software running on both the Client and Server. I have been using Antigen for Exchange that allows me to Filter attachments before they even get into the system. Since I Filter for: .vbs, .scr, .exe, .bat, .js, .pif, and .wsh files I have not had any problems with users opening something they should not have, because they don’t receive them! Also, on my home network I have Norton 2002, and ZoneAlarm Pro (not the free one!$49) that are both configured to filter the same types of extensions as listed above. These 3 programs I have mentioned are inexpensive (compared to the cost of ill effects of not having them!) and have protected my corporate and home networks for over a year now without ANY viruses, trojans, hacks, and so forth.

      FYI 😉

    • #3569310


      by feet23 ·

      In reply to Have you been hit by the “Goner” worm?

      This for the Ass Hole who designed, and transmitted the virus ‘ goner’.
      Do you think your hot stuff, as your reading this?

      I’ll tell you point blank that designing virus’ is childs play, and you are a CHILD.

      IF you and your kind ever grow up,maybe we can start using the web for what it was designed for, instead of wasting time installing more and more software that protects us (The Grown-Ups) against Children (The Assholes) who start these virus’.

    • #3568279

      No, but here’s a question

      by majorjo ·

      In reply to Have you been hit by the “Goner” worm?

      According to your description, you have to open an attachment to get “Gonered”. But I understand that some other worms will strike if you simply read the message. So here’s my problem:

      On my Outlook inbox display there are now quite a few lines with garbage titles. Since one of the recent killer worms had garbage titles, I don’t even want to read these messages. But in Outlook, to delete the message I have to highlight the title, which displays the message text.

      How can I get rid of thesesuspect messages? I’d appreciate your expert information.


      — majorjo
      Major Johnson

    • #3568670

      Zone Alarm Update Snag

      by pinskieltd ·

      In reply to Have you been hit by the “Goner” worm?

      Zone alarm alerted me as to my address book being opened on a download one day. Now I’ve blocked my address book thru Zone Alarm and the problems stopped. Don’t know if I had the Worm, but randum dial outs also stopped.

    • #3548831

      My Experience

      by diana.butcher ·

      In reply to Have you been hit by the “Goner” worm?

      The only reason I opened this one was it came on a trusted listserv that I use. Big Mistake! I hear it was traced to two teenagers in Israel. They are now pleading for leniency because “they didn’t hurt anyone.” I think that these and all malicious acts such as this should be severely punished to dissuade others from trying this sort of thing.

Viewing 45 reply threads