Free Malware and Virus Solutions from APCS
VACM - Virus Alerts for the Common Man
   
VACM Home VACM - Stuff That Works 2012 APCS Home

Nasty Sex, Direct Sex

     
Stop spam with MailWasher
CyberPatrol Parental Controls
avast! New Version 6 Products Generic Banner

Protect your identity and your computer with VACM-approved "Stuff That Works"


Greetings from The VACM Team,


We've got an email virus of a rather twisted nature to discuss today.  This one is call "NastySex", "DirectSex" or "Direct-XXX".

I always try to make these VACM news flashes as short as I can because I know your time is valuable.  This edition, however, is a tad lengthy because I've included instructions for changing a couple of Windows settings that make most people vulnerable to viruses.  Change two settings, and be safer from now on...


The Bottom Line
-----------------------------------------
There is an email going around that looks like it contains an attached JPG picture.  It purports to be a funny picture having to do with office cubicles or some such.

If you open this attachment, you will indeed see a funny picture, but you will also invite "NastySex" into your computer and infect your system with a program called "DirectSex DirectXXX1.Exe".

How It Works
-----------------------------------------
Depending on your Windows settings, the attachment will appear to be a ".JPG" file (a harmless picture) in your email program.  However, it IS NOT a picture- it is REALLY a VBscript program (a ".VBS" file) that will run if you double-click on it.

My preliminary research on "NastySex" shows the following:

1. "NastySex" is not really a virus.  It is a program that dials a phone number in South America and downloads XXX pictures to your computer.  The "payload", if you want to call it that, is the long distance phone bill you'll end up getting.  And if your modem is set so that its speaker is off, you might not even be aware that a long distance phone call is being placed.  You will think that because you refused NastySex's offer and the program appeared to shut down, that all's well.

2. "NastySex" places a file on your desktop called "DirectSexDirectXXX1.exe".

3. The email attachment, if run, appears to NOT permanently put anything in your autoexec.bat, config.sys, the registry's "run" keys, win.ini, or system.ini (windows startup files).  It will, however, run itself the next time you boot your computer and dial a South American phone number, no matter which buttons you click on.



What You Should Do
-----------------------------------------
There are several things you need to do to fix the "NastySex" mess.  These steps will clean up the immediate problem.  But wait, there's more... :)

As a bonus, I've included instructions on how to set Windows so that you will never be tricked into double-clicking on a picture that's really not a picture, ever again (see step #4).

1. If you get infected by "NastySex", the next time you reboot, NastySex will ask you if you want to partake of the XXX pictures.  Even if you refuse, the program will proceed to dial a South American phone number.  So... before you click on the button to refuse to participate, unplug the phone line from your modem.  Then click whatever buttons it gives you until the program is no longer running.

2. Next, delete the "DirectSexDirectXXX1.exe" from your desktop and REBOOT your system.  After you reboot, you should no longer have any messages or modem dialing from "NastySex".  If you do, please send me a message and let me know so that we can update everyone.  Based on my experience with this thing, it's a one-shot deal, but one never knows...

3. After the reboot, log on to the internet, upgrade your antivirus software, log off the net, close all programs and do a COMPLETE system scan with your antivirus software.

(EVEN IF YOU DON"T GET INFECTED - PLEASE CONSIDER
DOING THIS FOLLOWING STEP FOR YOUR OWN CONTINUED SAFETY...)

4. This step is MOST IMPORTANT!  Please, for your own protection, change your Windows settings so that you can see what the real names of all files are (email attachments or otherwise).  Here's how you do this:

-Right-click on "My Computer" and click on "Explore"

-When the Windows Explorer comes up, click on the "View" menu, then click on "Folder Options" (depending on which version of Windows you have, "Folder Options" may be under the "Tools" menu.  This is always the case in Windows 2000.)

-In the window that comes up, click on the "View" tab at the top of the window.

-In the list of checkboxes, find the one that says "Hide file extensions for known file types" and REMOVE the checkmark.

-Next, find the one that says "Remember each folder's view settings" and make sure there IS A CHECKMARK on that one.

-Click the "Apply" button, then...

-Click the "Like Current Folder" button.

-Click "OK" on all screens until you are back to just the Windows Explorer window.

That's all there is to it.  


Now, when you see file attachments in your emails, you  will see the COMPLETE filename.  This is VERY important because what most of these viruses count on is that if they attach a file called "Funny.JPG.VBS", they know that because of Windows' default settings, most people will only see "Funny.JPG", think it's just a picture, and proceed to double-click on it.

Unfortunately for us, Microsoft ships Windows with the settings to hide the file extension of known file types by default.  The ".VBS" file extension is definitely a known file type-  it's a program that can run on your computer as soon as you double click on it.  If you're hiding file extensions, you'll never know that what you're about to double-click on is a program and not a picture.  The hidden ".VBS" trick is currently the most common virus attachment technique in the world.  Once you double-click a ".VBS" attachment, it runs, and whatever the programmer designed the program to do will be done (usually not something enjoyable for you)!


Well, that's all for this edition.  Be careful out there!  And remember- just because an email comes from someone you know, it doesn't mean it's not a virus.  Why? Because most viruses actually use your own personal address book in order to email themselves to all your friends without you even knowing!




Best Regards,
Marc Deschenes, VACM Editor
The VACM Project at
Automated PC Solutions

 

Stop spam with MailWasher

 

*** Be sure to check out the appendix at the end of this alert
if you are having trouble booting your computer into "Safe Mode".
The process is all spelled out for you there.

 

Why should you be very
concerned about Spyware?		 Learn how to avoid Identity Theft and Windows corruption in this
free VACM Video:
     VACM-tested #1 AntiSpyware Software

How did they steal my Identity?

Why do I get so much SPAM ?

Why is your computer
running so slow ?

Today, every PC needs just a few protection softwares. Find out what and why. Visit our Links Page to avoid Indentiry Theft and costly computer repairs.
   VACM Links to Protection Tools and Softwares
Keep your PC Safe and
Avoid a costly trip to the shop...
with these VACM approved tools.

You need 3 things to protect your PC(s) automatically. Use these links to go directly to the Download and Purchase pages:

     

 

 

Old Shotgun Shell Boxes
are collector's items and
worth good money!
 (yes... just the empty boxes)

get your
  ShotShell BlueBook
price guide
now.
 

 

To cancel your subscription to VACM, reply to this email with the word UNSUBSCRIBE in the subject.

If you click on the link below, the "unsubscribe" email will be created for you and you can simply hit "Send" in you email program:

Create My Unsubscribe Email

IMPORTANT: please include the email address at which you are currently receiving VACM Alerts in the body of the message.

 

 

******** APPENDIX - Handy How-To Tips **********


  * How To Boot into Safe Mode

Shut the computer down so that the power is off.

Turn the computer on, wait 1 second and begin pressing the F8 key
on the keyboard, once every second repeatedly. Do this until
the Windows Startup Menu appears. If you get a keyboard
error, press F1 to resume and then continue pressing the
F8 key once every second, or your PC may tell you to press another key for BIOS setup.

Select Safe Mode from the Windows Startup Menu, then press
the Enter key on the keyboard.

Windows will then boot into Safe Mode.
NOTE: This may take longer than a normal boot.

At the end of the boot process a dialog box will appear
informing you that Windows is in Safe Mode. Click OK on this dialog box.

Windows is now in Safe Mode.

If you miss hitting the F8 at the right time, Windows will boot
normally and you will not see the "Safe Mode" message.  In this
case, start from the top of these instructions until you get the
boot menu screen where you can choose "Safe Mode".  This can be
a little tricky the first time you do it.

 

 

 

 

Locations of visitors to this page