Announcement

Collapse
No announcement yet.

Virus? Help!

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Virus? Help!

    History.

    1. Have been sending (each unique) emails to customers.

    2. Each contains a brief message and an attached text
    file.

    3. Approximately 75 are sent on a daily basis.

    4. Today customers have called indicating their virus
    checkers have detected a virus in the attached file.

    Since is the first time this has ever happened, has anyone
    had any experience with anything similar?

    It would seem that the chance of a text file containing a
    bit pattern that would match whatever bit pattern the
    virus checker is using is small. When more than one unique
    attachment matches it would seem almost impossible.

    Any help or advice would be appreciated.

    Thanks


    ------------------
    Larry Coleman
    [email protected]

    [This message has been edited by Larry Coleman (edited August 03, 2001).]
    Larry Coleman
    Savannah, Ga USA

  • #2
    It sounds like the "W32/[email protected]" virus (although there are quite a few that work this way)... it is most likely to be chosing files that already exist on your PC, creating an infected executable wrapper around them and sending them to folks in your address book.

    The Magistr virus hooks itself into the RUN= line in SYSTEM.INI, The AutoRun and Run entries in the registry, and places items in the Startup group. It also infects EXE files on the local PC, and also on mapped drives and even Shares on networked PC's.

    The solution? Get an anti-virus scanner, such as VirusScan from www.mcafee.com or one of the other anti-virus vendors.

    Boot from a clean diskette scan/clean your system.

    PS: If this is the virus you have, and you have confidential documents on your system, then the people in your address book have your files too.

    Don't forget, anyone that received your email and opened the attachments (without anti-virus protection), will likely be infected and sending out files too...

    ------------------
    Lance
    PowerBASIC Support
    mailto:[email protected][email protected]</A>
    Lance
    mailto:[email protected]

    Comment


    • #3
      Last week I received some letters, infected by relatevely new virus Worm Sircam.
      In message - something like "I need to know your opinion about attached document".
      Attached a file, which looks in Outlook Express (for example) as a.txt, but actually is a.txt.pif

      I'd recommend to send E-Mail to yourself and to test extention.

      ------------------
      E-MAIL: [email protected]

      Comment


      • #4
        There are a few things to look at here. have someone forward one of the infected email to you so you can look at it. The attachment that is infected might not be the one that your system attachs - perhaps a different one is being attached by a worm or virus. Also, see if the email was indeed generated by your system. The worm that Semen mentioned will send out messages that might look similar to the ones your program creates. There are a few viruses out there that actually replace winsock with their own version. That special winsock behaves the same as the regular one except it appends attachments to some outgoing emails (was it Happy99 that did this? I can't remember).
        Best Regards,
        Don

        ------------------
        dickinson.basicguru.com
        Don Dickinson
        www.greatwebdivide.com

        Comment


        • #5
          I've gotten eight or nine of those "I want your opinion..." messages, too. (the "W/[email protected]" virus or variations).

          About five of those ago just for kicks, I (no, I didn't do that! Whaddya think, I just fell of the turnip truck?), I did a "save attachment as" and looked at it with a hex viewer. First two characters were "MZ" so off to the shredder it went.

          MCM


          Michael Mattias
          Tal Systems (retired)
          Port Washington WI USA
          [email protected]
          http://www.talsystems.com

          Comment


          • #6
            Sircam is the latest attachment trojan around, 160k of Delphi junk,
            an intro text asking someone to look at the file and an attached
            EXE file that has multiple extensions on different names.

            I run Netscape for my mail and I have it set to text only so you
            see the name of the file attached without running it but anything
            multiple extensions is up to no good so the simple rule is to delete
            anything that you are not sure about.

            Anti virus vendors appear to have released updated profiles that
            work with it now but I am very untrusting of antivirus software
            in terms of security, nothing beats being careful and running nothing
            that is even slightly risky.

            Regards,

            [email protected]

            ------------------
            hutch at movsd dot com
            The MASM Forum

            www.masm32.com

            Comment


            • #7
              JFYI, Mcafee's product has had the ability to detect SirCam for some time now... they were very responsive to the first reports, and by the time the virus was in full swing, my copy of McAfee VirusScan On-line detected the very first infected file that was sent to me. Over the past 3 weeks, I've had hundreds of infected files sent to me (most from just two people - I ended up getting my ISP to black-list their domains to halt the annoying email flow).

              There is a comprehensive description of SirCam and (manual) removal procedures at http://www.mcafee.com/anti-virus/vir...t.asp?cid=2360 (you may need to be a registered McAfee user to gain access to this page?)

              ------------------
              Lance
              PowerBASIC Support
              mailto:[email protected][email protected]</A>
              Lance
              mailto:[email protected]

              Comment


              • #8
                Speaking of Email Viruses. I know 3rd party utilitys are out
                that you can plug into Exchange Server 5.5 to block certian emails

                How would I make a program myself to do that with Exchange 5.5?

                I would like to block .scr, .exe, .com, .vbs any ideas?

                ------------------
                -Greg
                -Greg
                [email protected]
                MCP,MCSA,MCSE,MCSD

                Comment


                • #9
                  My understanding is that they hook into MAPI, which means that you can't intercept mail from client-based email software (such as Outlook Express, etc).

                  ------------------
                  Lance
                  PowerBASIC Support
                  mailto:[email protected][email protected]</A>
                  Lance
                  mailto:[email protected]

                  Comment

                  Working...
                  X