Ok./..hyeres the scoop....when i start up my computer ... i get this crptic message like 'patch the leaks, or the ship will sink' . or somthing like ' im getting angry in side here all by my self, i suggest you tell some one about me, if they dont already know'


WTF!

Hate to tell you this, but it sounds like your infected

Gotta love viruses :D

Take a look at the Supova worm (http://securityresponse.symantec.com/avcenter/venc/data/w32.supova.c.worm.html). Google is yer friend! :D

but..nothing is wrong with any of my programs...maybe its just a teaser bug?

and its been on there for some time...i didnt take any action against it..because i was curiouse...its an old computer

I don't know but it could also be a joke virus..

I bet you:

1. Use Kazaa
2. Don't run updated virus software

Because as Ms. Mittens pointed out, you have the signature of a specific virus.

You owe her a sweety pop.

wrong and wrong

nice try tho miss cleo

What Antivirus program are you running? When was it last updated? Is it in fact running?
MsM seems to have the answer for you.


Cheers:

Originally posted here (http://www.AntiOnline.com/showthread.php?threadid=252441#post700680) by WAnKeR
wrong and wrong

nice try tho miss cleo

Read it for yourself kid
------------------------------------------------------------------------------------------------
Source GooGle 1-1000
Supova internet worm : Win32.Worm.Supova.A
... following texts in message boxes: "W32.SuperNova" / "0wned by the blasting star"
"w32.Supernova" / "Patch the leaks... Or the ship will sink...."And last ...
------------------------------------------------------------------------------------------------
Source GooGle 2-1000
Symantec Security Response - W32.Supova.C.Worm
... This file contains the following text: W32.Supernova -----Patch
the leaks or the ship will sink ...
-------------------------------------------------------------------------------------------------
Source GooGle 3-1000
WORM_SURNOVA.F - Technical details
... The text file contains the following strings: W32.Supernova -----Patch
the leaks or the ship will sink ...
-------------------------------------------------------------------------------------------------
Source GooGle 4-1000
F-Secure Computer Virus Information Pages: Supova
... 0wned by the blasting star Religion=war Patch the leaks... Or the ship will sink....
It copies itself to the Windows directory under the following names: ...
--------------------------------------------------------------------------------------------------
Source GooGle 5-1000
Sophos virus analysis: W32/Surnova-B
... digits. The text file contains the text. W32.Supernova - Ban religion
Patch the leaks or the ship will sink. Recovery. Please ...
---------------------------------------------------------------------------------------------------
Source GooGle 6-1000
Sophos virus analysis: W32/Surnova-A
... The text file contains the text "W32.Supernova Patch the leaks or the ship will
sink". Recovery. Please read the instructions for removing worms. ...
---------------------------------------------------------------------------------------------------
Source GooGle

Wanker, did you even go to the link MsM provided you with? It clearly states that the message "Patch the leaks or the ship will sink" is the sig of the Supova worm! Correct me if i am wrong, but just because a virus is most commonly recieved through Kazaa doesnt mean you couldnt have gotten it somewhere else. What about the following do you not understand?


Because as Ms. Mittens pointed out, you have the signature of a specific virus.


From Symantec's Web site...

The W32.Supova.C.Worm displays the following message:

Title: Just checkin' the walls...
Message: Patch the leaks or the ship will sink


When was the last virus scan you did? just to see, scan again. If nothing comes up, update your virus definitions and scan again. If that still comes clean, then i'm out of ideas.


slick

hey !mitaion rust, i guess we kinda crossed posts...curses!!! i would have been first if it werent for those nosey kids :p :D

what about the other onne?

abvout telling somone about it?

Wanker (funny, somehow that name seems so appropriate right now), I'd like to help more, but I have to go beat my head against a wall (it will be better than responding any further to this post).

<-------------------- Beating head against wall. Spilled coffee.

RoadClosed: ah.. that's what that mess is. I hope you didn't have sugar in that..

WAnKeR: why not take the 2 minutes to read the link I provided and see if that is in fact causing the problem? By doing that we eliminate one potential if it's not and then the rest of this thread can be spent on helping you find out what the cause is. If it is, Symantec provides, I believe, manual removal options that are fairly straightforward to follow.

nope, Splenda <---- registered trademark. :)

Hey Wanker...................make an old guy happy and follow the advice you have been given?

I notice that you do not believe it, so I will guess that you have a few suspicions of your own?...like someone has read the AV stuff and stolen the punch line? and that the real problem is something different?

In a way, that is rather neat social engineering? virus "B" fakes itself to look like virus "A" so you do all you can to get rid of virus "A", and waste your time, because you never had it in the first place. Naturally your AV will not find virus "A" either?

I think that you and Ali may have it..........a teaser or joke? who else has access to this machine, and where did you get it from? Is it on the net? Maybe someone thought "this guy thinks he knows about computers..........let's teach him a lesson"......

I would immediately suspect all members of family :)
and I think that you probably already do?

I have pulled some stunts in my time :) and I suspect you might be the victim of one right now?

Just do the tests and get back to us please?..............hey MsMittens is a University Professor...and she is on the "A" team (your side)......

Good luck and a merry Christmas

this is wanker...i got banned..as yo ucan see

but anyways..

no one else has access to my machine..
like i said...nothing seems to be rong...!
all of the programs work..
and i only get the message every 3rd time i reboot
but still.. its kinda creepy!


david

Dear Mr. David Wanker,

A bridge is missing your presence. Please comply.

Thank You.

no one else has access to my machine.. like i said...nothing seems to be rong...! all of the programs work.. and i only get the message every 3rd time i reboot but still.. its kinda creepy!

Regardless of anyone else having access to your machine, it can still get a virus. Viruses are not limited to emails or network activities. Sometimes they are found in boxed software (I found a nasty one -- Natas -- with a 3Com network diagnostic driver). So is it safe to assume you have checked for the virus above?

Have you checked your StartUp options? Done a search through the registry? You said it was an old computer. Windows 95? Non-Windows machine?

Hi David, we meet again :)

I know you are not stupid, so I presume that you have run updated AV, SpyBot S&D and so on in SAFE MODE.

You are not getting any hits right?.............you have tried Panda, McAfee and the others' online scans........nothing there?

I am inclined to agree with what you suspected in your "alter ego" when you thought it was a "tease"..........we call that a "wind up" over here, as in "he has a movement like a Swiss watch....he winds up beautifully" :)

I don't know how good they are so here is a big guess: maybe it does not load at every boot? that would be a nice feature for a "tease"???

Try "Hijack This" by Merijn..............run it when you have had the message and look for anything unusual. So you need an image of your system without the problem for comparison.

Ultimately there is fdisk and start again; but we don't really want to go there if we can help it?

Merry Christmas to yourself and family,

Johnno

yes to all of the above exept the mcfee one ...mcfee is sh1t

If you have tried Hijack This and found nothing when the message appears, that would suggest hat nothing is actually running. You did mention that everything else seemed OK?

So, let's say we just insert something into the boot cycle to produsce a message then vanish? you won't see a process running will you.

This seems to be a teaser?

Try http://www.winpatrol.com "WinPatrol" and:

http://www.webattack.com/get/hostadmin.html

Use the tools to look for weird stuff in your startup or the Windows "hosts" file?

It is the next logical step?

Cheers

If all else fails, reformat and reinstall it. I have many times.