VIRUS WARNING - URGENT - PLEASE READ

lightlover

Flashlight Enthusiast
Joined
Feb 28, 2001
Messages
1,901
Location
London, UK (Parallel Universe)
PLEASE BE CAREFUL - CHECK OUT YOUR SYSTEM

Sorry people, I seem to have a virus in my e-mail system.
It has sent out undecipherable "random messages", defeating MY fairly recent copy of McAfee antivirus.

Details as follows, extracted from replies to e-mails I haven't sent, and have no records of -

--------------------------------------------------------------------------------

From: projects
> Sent: Tuesday, July 17, 2001 9:13 PM
> To: undisclosed-recipients
> Subject: !"#$
>
>File: *******.EXE
>File: WINWORD.DOC

--------------------------------------------------------------------------------

Norton AntiVirus found a virus in an attachment you (projects
<[email protected]>) sent to undisclosed-recipients:;.

To ensure the recipient(s) are able to use the files you sent, perform a
virus scan on your computer, clean any infected files, then resend this
attachment.

Attachment: CFGWIZ32.EXE

Virus name: W32.Magistr.24876@mm

Action taken: Clean succeeded :

File status: Clean
--------------------------------------------------------------------------------

SORRY !
JaHn
Lite-Lover
 

The_LED_Museum

*Retired*
Joined
Aug 12, 2000
Messages
19,414
Location
Federal Way WA. USA
I keep getting strange e-mail and keep deleting it.

Anybody recognise the e-mail or the attached file?


From: majid markazi <[email protected]>
Subject: Œ
Date: Mon, 16 Jul 2001 03:45:53 +0000


HTMLPRNT.EXE

-------------------------------------------
Name: HTMLPRNT.EXE
Type: unspecified type (application/octet-stream)
Encoding: base64
-------------------------------------------


The body of the message has no text in it.
I've received this message three times in the last two weeks. The first time I sent it off to Spamcop, the other two I've quietly and discreetly disposed of myself.

One of them came with a header so badly mangled I had to delete my INBOX then go to the AT&T Message Center and delete the message directly off AT&T's server before I could reinstall my INBOX and retrieve any more new mail.
 

lightlover

Flashlight Enthusiast
Joined
Feb 28, 2001
Messages
1,901
Location
London, UK (Parallel Universe)
Well, at least that doesn't come from me (I hope !)

As for the way you dealt with it, sadly, that's a little beyond my abilities.

It seems that my e-mail system may have been working strangely for some time.

Anyway, I forgot to add -
If anyone is expecting an e-mail from me /
hasn't recieved a reply from an e-mail they sent to me, etc. then please let me know - give me a few days to get it cleared up first.

(K Horn, would you please e-mail me ? )

(Tim F, Al, check your system out)

Sincerely Sorry,
Jahn
 

lightlover

Flashlight Enthusiast
Joined
Feb 28, 2001
Messages
1,901
Location
London, UK (Parallel Universe)
This virus I had has just hit the UK TV news.

This is the e-mail I've been sending out -

-----------------------------------------------
VIRUS WARNING PLEASE READ - URGENT

PLEASE BE CAREFUL - CHECK OUT YOUR SYSTEM
This e-mail is safe, I've scanned before sending.

Sorry everyone,
thank you for sending an acknowledgement of the "wrongly addressed message",
or "garbage/muddled" message.
I had a virus in my e-mail system.
It defeated MY "fairly recent" copy of McAfee AntiVirus.
A very recent (believe me ! ) Norton AntiVirus cleaned it out perfectly.

A more recent version of McAfee may work OK.

Details as follows, -

From: projects
> Sent:
> To: undisclosed-recipients
> Subject:


Norton AntiVirus found a virus in an attachment you (projects
<[email protected]>) sent to undisclosed-recipients:;.

Virus name: W32.Magistr.24876@mm

(BUT - I have read about a new virus called:SirCam,
which seems to resemble the actions of this one.)


SORRY !

It has sent out "random messages", to people, some who are not in my address book, and never were.
I'm getting replies to e-mails I haven't sent, and have no records of, nothing is shown in "Sent Items", and the "Send" process didn't seem to take suspiciously longer.

Apparently, SirCam raids your "My Documents" folder.

Some e-mails sent are undecipherable rubbish, and some are extracts from all types of random files.
If you can, please send me back the original e-mail, so I can see what's been sent out.

PLEASE LET ME KNOW WHEN THE MESSAGE WAS SENT.

I had no warning of the virus entering my system, I hadn't received many unsolicited e-mails, Spam or otherwise, and there wasn't any attachment which I didn't save to disk first.

It seems that this virus is just mischievous or malicious, not particularly destructive to your system, but believe me (again), you don't need it.

Sorry again,

projects.

PLEASE BE CAREFUL - CHECK OUT YOUR SYSTEM WITH A VIRUS CHECKER AS SOON AS POSSIBLE - DON'T SEND OUT ANY E-MAILS UNTIL YOU DO.
 

The_LED_Museum

*Retired*
Joined
Aug 12, 2000
Messages
19,414
Location
Federal Way WA. USA
There's another one out there, apparently one that either clones address books or just sends to millions of addresses at random.
I don't know if the virus causes actual hardware damage, but why take the chance?

The subject line is different almost every time.

Some recent mailings were:
"Lisas Resume 032901"
"LaDonnas Addresses"
"Book 1"

Every one has an empty body with two attachments:

PART 1.1 (This is always plain text, and when opened, displays the following in a new window
smile.gif


"Hi! How are you?

I send you this file in order to have your advice

See you later. Thanks"


The second attachment has been found under a few names, but this is the one I've been seeing most often:
Lisas Resume 032901.doc.bat

Notice the extension(s) - that's the key.
I think these have also come with .DOC.BIN extensions, but this seems to be less common.
I also got one (BOOK1.XLS.COM) that's probably just as nasty.

If you get one of these, sh*tcan it right away, and then go and dump your garbage can too, just to be sure it can't be accidentally opened later.

I'd received almost a dozen of these over the last week, and i've just been spamcopping them all - then I saw it on the news last night. I *never* open files from strange people, and I use Netscape as my mailer, so I've been lucky so far and haven't suffered any damage or spread any of these to other poeple. Every time I check my system, it comes up clean.

(EDIT): McAffee has this virus in its library, listed as having been "discovered" on the 17th of this month. http://vil.mcafee.com/dispVirus.asp?virus_k=99141&
 

Quickbeam

Flashlight Enthusiast
Joined
Jun 19, 2001
Messages
4,329
Location
FlashlightReviews.com
The virus mongers must be working full time - I just got a dozen e-mails with the same subject and missing attachments - our servers scrub all the virus infected messages.

DP
 

axolotls

Enlightened
Joined
Jan 31, 2001
Messages
354
Location
Zone III
The one Telephony described and Ted the Led pointed to:

I get about two of these a day! (Sircam) Some from the same people. The msg always starts like Telephony described. The attachments are around 200k and are usually *.doc.bat, *.doc.pif, *.doc.com. I heard these are hijacked files from the senders machine... Yahoo!Mail isn't catching these; but if you scan them within Yahoo! they come up as Sircam. Annoying as hell!
 

The_LED_Museum

*Retired*
Joined
Aug 12, 2000
Messages
19,414
Location
Federal Way WA. USA
<BLOCKQUOTE><font size="1" face="Verdana, Arial">quote:</font><HR>Originally posted by axolotls:
The one Telephony described and Ted the Led pointed to:

I get about two of these a day! (Sircam) Some from the same people. The msg always starts like Telephony described. The attachments are around 200k and are usually *.doc.bat, *.doc.pif, *.doc.com.
<HR></BLOCKQUOTE>

I just now got another Sircam mail, but the filter I programmed into Netscape Mail last night quite handily disposed of it without further intervention.
smile.gif


I'd imagine such a user programmable filter also exists in Euodora and Outlook, but since I do not use either one, I could be incorrect.
 

The_LED_Museum

*Retired*
Joined
Aug 12, 2000
Messages
19,414
Location
Federal Way WA. USA
<BLOCKQUOTE><font size="1" face="Verdana, Arial">quote:</font><HR>Originally posted by DebtFree:
Hey Craig,

I use Netscape, too. Would like to hear more about the filters you programmed into your Netscape Mail.

Thanks,
<HR></BLOCKQUOTE>

In Netscape, open your inbox, then select Edit, Mail Filters... and then you can program any number of filters for any number of different kinds of e-mail.
Using the filter, I can send all of my ICON (insulator collectors on the net) message to the ICON folder, and automatically trash spam.

For the particular variant of the SirCam bug I've been seeing, do the following:

Select New.
Name it SirCam.
Fill out the rest as follows:

If the BODY of the message CONTAINS "I send you this file in order to have your advice"

the click the "More" button, and fill out the second set of boxes:

And the the BODY of the message CONTAINS "See you later. Thanks"

Now, select "Delete" from the box next to "Then".

When you type text into the boxes, be sure to leave off the quotes I used in this message.

Now, save the filter, and watch what happens.
When you get an incoming message with SirCam in it, you'll see the message uploading from your mail server, but nothing appears in your inbox or anywhere else.
It doesn't even go to your Windows wastebasket - it goes directly to H E double hockey sticks.
smile.gif


By using the conditional "And the body of the message..." this should totally eliminate the chance that an innocent message will get trashed - only the SirCam ones do.

I also have a bunch of filters programmed to eliminate spam, with subject lines like "Free money" or "Mortgage loan" and that type of horse puckey.
Only a couple of spams make it past my filters every day... the rest are trapped and sent to you-know-where, automatically.
 
Top