|
New Virus name is: "W32/SirCam@MM"
You'll get an email saying: Subject: The subject of the email will be random, and will be the same as the file name of the attachment in the email. Message: The message body will be semi-random, but will always contain one of the following two lines (either English or Spanish) as the first and last sentences of the message. Spanish Version: First line: Hola como estas ? Last line: Nos vemos pronto, gracias. English Version: First line: Hi! How are you? Last line: See you later. Thanks Between these two sentences, some of the following text may appear: Spanish Version: Te mando este archivo para que me des tu punto de vista Espero me puedas ayudar con el archivo que te mando Espero te guste este archivo que te mando Este es el archivo con la informaci=n que me pediste English Version: I send you this file in order to have your advice I hope you can help me with this file that I send I hope you like the file that I sendo you This is the file with the information that you ask for With Attachments -- DO NOT EVER RUN ATTACHMENTS before you scan them. Even if it LOOKS like it came from your MOM even. Mem got infected.. I just got 2 emails from him.. I let him know, and all the virus sites say that this is spreading BIGTIME. Be safe guys! BUT..... If you RAN this attachment, go here and get rid of it before October 16th. http://www.symantec.com/avcenter/ven...m.worm@mm.html ------------------ Ziroc Ironworks Webmaster www.tgeweb.com/ironworks |
Thanx, Ziroc, I saw the message at the top of the page, but am glad you put a warning here, it's much more noticeable. http://www.tgeweb.com/cgi-bin/ubb/no...iles/smile.gif
Good Luck with yours Memmy! ------------------ http://members.aol.com/lasttrueprinc...s/lioness1.jpg Official teaser and ranger of the HADB Clan "I am great...start bowin'" heeheeheeheehee :D |
Ziroc!! thanks!
I got one and I smelled something fishy too http://www.tgeweb.com/cgi-bin/ubb/no...iles/frown.gifhttp://www.tgeweb.com/cgi-bin/ubb/no...miles/wink.gif So I replied to let Memny know as well.... stupid viruses http://www.tgeweb.com/cgi-bin/ubb/no.../angryfire.gif ------------------ Melusine, High Queen of Fluffies, Archbabe of the OHF, the LH, the HADB and the SPAE(Society for the Prevention of Acronym Extinction) & Official Entertainer Elf of the BG2 Bar http://www.angelfire.com/anime2/memnoch/mel1.gif Your voice is ambrosia Amy Brown Fantasy Art |
Thank you, Ziroc! Info much appreciated.
------------------ http://www.ranchoweb.com/images/bg2guy/bitchingcopy.gif http://www.ranchoweb.com/images/bg2guy/fljotsdale.gif http://www.tgeweb.com/cgi-bin/ubb/no...s/EEhearts.gif |
<font color="white">Thanks...our MIS Help Desk people warned us this morning about that very same virus, so I guess I can help you to confirm to everyone else to be on guard. </font>
------------------ http://members.aol.com/lasttrueprinc...ges/larry2.gif Devoted member of the Ironworks Loyal guardian of the OHF Member of the Ancients' club Witness of the 4,000th post by Cloudposter Currently engaged in the Throne of Bhaal expansion set |
2 days ago i got 4 of these in spanish, i think it was weird so i didnt open it. Today i got one in english from memnoch, the file name was SexDiary.doc.bat so i thought it was something funny that he wanted to send me, and as i had seen the virus only in spanish i didnt realize that the words were the same as in the old messages so ive opened it http://www.tgeweb.com/cgi-bin/ubb/no...iles/frown.gif. Im gonna install my antivirus now to see what can i do.
NOTE: when hotmail checked the file for viruses he didnt find any, Bill Gates TM http://www.tgeweb.com/cgi-bin/ubb/noncgi/smiles/mad.gif ------------------ http://www.angelfire.com/anime2/memnoch/ertai2.gif "I´ve been captured... and I don´t care" -Ertai, Captive of the Blinding Angel |
Quote:
------------------ Ziroc Ironworks Webmaster www.tgeweb.com/ironworks |
Ive deleted the file and scanned all of my hard drives and memory and mails and everything in my mail, i think its ok now. viruses suck
could i sue hotmail for not detecting it ?? it would be fun http://www.tgeweb.com/cgi-bin/ubb/no...es/biggrin.gif ------------------ http://www.angelfire.com/anime2/memnoch/ertai2.gif "I wish my Angel was here... I fear nothing with her" -Ertai, Captive of the Blinding Angel |
Info, detecting and fixing in this link
http://www.symantec.com/avcenter/ven...ered.worm.html ------------------ http://www.angelfire.com/anime2/memnoch/ertai2.gif "I wish my Angel was here... I fear nothing with her" -Ertai, Captive of the Blinding Angel |
Dan! I was just about to post this and warn people... it can also be called W95/Sircam...etc and I had the distinct displeasure of opening my hotmail from him and infecting my office pc! (Sorry Memsy, not your fault!http://www.tgeweb.com/cgi-bin/ubb/no...iles/smile.gif )
My tech support removed the payload but the damage was done, somehow my windows won't boot up and they may have to wipe my hd. Sigh....oh and fyi the file was pure porn and I knew at once that Memsy hadn't sent it to me, but it was too late. File name was file4.doc. (souns harmless, doesn't it? http://www.tgeweb.com/cgi-bin/ubb/no...les/tongue.gif) These are random so yours may be different. Everyone, please note that it came to my HOTMAIL acct and you should NOT open any attachments in mail from Mario (or me, now!)in your hotmail accounts. (or any html attachments period!) What a way to start my vacation...sigh Cloudy, holding a sick kitty who just sneezzed on her leg http://www.tgeweb.com/cgi-bin/ubb/no...iles/frown.gif ------------------ http://www.wizardrealm.com/images/bestow1.jpg Raindancer of the Laughing Hyenas Clan Storm-Queen StormCloud of the Black Knight: Heart Mind Soul Forever "To sleep, perchance to dream..." [This message has been edited by Cloudbringer (edited 07-20-2001).] |
Dont open any attachments from me neither.
in fact,dont open any attachments unless you were expecting the file (its the general rule, dunno why i opened that http://www.tgeweb.com/cgi-bin/ubb/no...iles/frown.gif) ------------------ http://www.angelfire.com/anime2/memnoch/ertai2.gif "I wish my Angel was here... I fear nothing with her" -Ertai, Captive of the Blinding Angel |
Also, if you have not updated your virus programs definitions since YESTERDAY, your program will NOT recognize this virus!!!! I can tell you that it does some nasty things to the Windows registry and it spreads from there, leaving a bit in an untouchable archive so the virus protection software can't delete it. Go to the website, Z posted for details.
Cloudy ------------------ http://www.wizardrealm.com/images/bestow1.jpg Raindancer of the Laughing Hyenas Clan Storm-Queen StormCloud of the Black Knight: Heart Mind Soul Forever "To sleep, perchance to dream..." |
If I don't know who you are, I will not read your e-mail. I deleted this right away and will not tolerate this in any way shape or form. We all have security settings and bad things happen to those who do this kind of thing.
------------------ http://www.tgeweb.com/cgi-bin/ubb/no...les/portal.jpg Conan ~*~ |
Wow guys, that's rough. I have never recieved any viruses or trash mail ever with verizon.net. it's really good about that. feel bad for you hotmail guys though. http://www.tgeweb.com/cgi-bin/ubb/no...iles/frown.gif
------------------ http://members.aol.com/lasttrueprinc...s/lioness1.jpg Official teaser and ranger of the HADB Clan "I am great...start bowin'" heeheeheeheehee :D |
in www.pandasoftware.com there is some info about it too, like this:
W32/Sircam is a worm that propagates through e-mail by sending itself out to all the addresses found in the infected user's Outlook Address Book. Once installed on the system, the worm modifies the Windows Registry in order to ensure its execution every time an EXE file is executed. Finally, one of every ten times the worm will delete some data from the computer's hard disk. Not nice ------------------ http://www.angelfire.com/anime2/memnoch/ertai2.gif "I wish my Angel was here... I fear nothing with her" -Ertai, Captive of the Blinding Angel |
This info is even more interesting, take a look, its worth:
After infecting the computer, W32/Sircam mails itself out to all the entries found in the infected user's Address Book. The message sent has the following characteristics: Message body: It is a combination of several texts. First line: Hola como estás? Text in the middle: Te mando este archivo para que me des tu punto de vista Espero me puedas ayudar con el archivo que te mando Espero te guste este archivo que te mando Este es el archivo con la informacion que me pediste Last line: Nos vemos pronto, gracias Attachment: A file with double extension, as the worm infects the system by copying itself at the beginning of targeted files, and adds another extensionto the original one. Symptoms of Infection The first symptom of infection is the reception of an e-mail message with the characteristics described above. When the user executes an infected file, W32/Sircam creates two hidden copies of itself in the C:\Recycled directory. The first one is named after the attachment included in the e-mail message (without the extension added by the virus), whereas the second one is called SIRC32.EXE. Next, W32/Sircam will create a third copy of itself in the Windows system folder under the name SCAM32.EXE. Furthermore, the worm generates a file called SYRCAM.SYS and writes text to it until all the available free space in the hard disk is completely used up. Means of Infection When the user executes an infected file, W32/Sircam creates two hidden copies of itself in the C:\Recycled directory. Next, it modifies the following entry in the Window Registry: HKEY_CLASSES_ROOT\exefile\shell\open\command\Defau lt, by assigning to it the "C:\recycled\SirC32.exe" "%1" %* value. From this moment on, every time the user attempts to run an EXE file it will be the worm that is executed. In addition, W32/Sircam will insert the following Registry entry in order to be executed later on: HKEY_LOCAL_MACHINE\Software\Mocrosoft\Windows\Curr entVersion \RunServices\Drivers32= c:\windows\system\Scam32.exe Note:The destination directory is the Windows Installation folder (by default, c:\windows.) Furthermore, W32/Sircam enters the following entry in order to store data: HKEY_LOCAL_MACHINE\Software\Sircam The worm sends itself out in a system file chosen at random. To do this, W32/Sircam copies itself at the begining of this file, and then adds another extension to the original one. Thus, the file containing the worm will be different on each infection. Apart from this, W32/Sircam creates two hidden files in the system folder: SCD.DLL and SCW1.DLL. SCD.DLL contains a list with a number of files belonging to the C:\My Documents directory. However, SCW1.DLL contains the mailing list to which the worm sends itself. Finally, it is worth mentioning that the worm code contains the followintg copyright text: SirCam_2rP_Eim_NoC_Rma_CniTzeO_MicH_MeX] [SirCam Version 1.0 Copyright. 2001 2rP Made in / Hecho en - Cuitzeo, Michoacan Mexico] How to repair the effects caused by W32/Sircam. Follow the steps below to fix the effects caused by W32/Sircam: Download PQREMOVE.COM and copy it to a directory of your choice. (you can download this file by clicking on the image below). Run PQREMOVE.COM by double-clicking on it. Once these steps have been carried out, your computer will be completely disinfected. ------------------ http://www.angelfire.com/anime2/memnoch/ertai2.gif "I wish my Angel was here... I fear nothing with her" -Ertai, Captive of the Blinding Angel |
OK i downloaded the file mentioned in the post above and now im clean, what a relief.
so if you get it you can try with that file, its very effective ------------------ http://www.angelfire.com/anime2/memnoch/ertai2.gif "I wish my Angel was here... I fear nothing with her" -Ertai, Captive of the Blinding Angel |
Quote:
People that make these should be hung. http://www.tgeweb.com/cgi-bin/ubb/no...iles/frown.gif ------------------ Ziroc Ironworks Webmaster www.tgeweb.com/ironworks |
CNN Tech site reports this now.. MUST be bigtime..
http://www.cnn.com/TECH/ Damn!! ------------------ Ziroc Ironworks Webmaster www.tgeweb.com/ironworks |
Some of you probably know this, but some of you won't so here's a tip.
Most of us know better than to run executable files (.exe) without ascertaining the source, especially if it comes via email. But how many of us open text files or MS documents without a second thought? Many viruses that are spread by email masquerade as an innocent file, like .doc or .txt so as to fool the user into thinking that he/she is opening a text file or whatever. They are able to do this because the file extensions have been hidden. This is an option setting under 'Folder Options' of the My Computer window. What this does (when selected) is that it suppresses the three-letter extension that is part of every file. So for instance a file called "Readme.txt" will be displayed as "Readme" with a text file icon. WIth this 'feature' activated, a malicious person could simply disguise the virus payload by adding an extra three letter extension before the actual extension. For example, suppose I have a virus file called "virus.exe" that I want to spread. If I attach it to my email to you, would you open it? But if I renamed it to "BG2Rocks.doc.exe" and if you have opted to hide files extensions, when you receive my email the file will be seen as "BG2Rocks.doc", and what's more will have the icon of a MS Word document. How do you protect yourself? Simple - go to the folder "My DOcuments" on your desktop and open it. From the menu bar on top, choose "View", then go to the bottom and choose "Folder Options". This will bring up a small window with three tabs. Select the centre tab labelled "View". Look for an option called "Hide file extensions of known file types" and make sure that the checkbox is unchecked. Then on top, where it says "You can make all folders look the same" click the button "Like Current Folder". Finally click "OK". Now all files will show their true extension, including Visual Basic Files (.vbs), executables and so on. So if you receive a suspicious email even from someone you know, check the attachment first before opening it. It will help also if you install an anti-virus program that scans email as you download from you POP server. I use Norton, and it has caught MANY malicious emails from friends who were unknowingly infected, or even from total strangers! (How they got my email address I don't know). This has been a public service announcement brought to you courtesy of Clan HADB. http://www.tgeweb.com/cgi-bin/ubb/no...es/biggrin.gif ------------------ "Butt-kicking for goodness!" - Minsc "Cities always teem with evil and decay. Let's give it a good shake and SEE WHAT FALLS OUT!!" - Minsc http://www.dabros.net/images/tcampbell/hadb6copy.jpg |
(Message deleted - double post. Sorry!) http://www.tgeweb.com/cgi-bin/ubb/no...es/redface.gif
[This message has been edited by Hayashi (edited 07-20-2001).] |
Quote:
Cloudy ------------------ http://www.wizardrealm.com/images/bestow1.jpg Raindancer of the Laughing Hyenas Clan Storm-Queen StormCloud of the Black Knight: Heart Mind Soul Forever "To sleep, perchance to dream..." |
Quote:
Cloudy ------------------ http://www.wizardrealm.com/images/bestow1.jpg Raindancer of the Laughing Hyenas Clan Storm-Queen StormCloud of the Black Knight: Heart Mind Soul Forever "To sleep, perchance to dream..." |
<font color='greenyellow'>Bumping</font>
------------------ http://www.angelfire.com/anime2/memnoch/ertai2.gif "I wish my Angel was here... I fear nothing with her" -Ertai, Captive of the Blinding Angel |
D*mn.....that's bad http://www.tgeweb.com/cgi-bin/ubb/no...iles/frown.gif Anyone who caught the stupid thing, I deeply sympathise... Ziroc is right, people who make these things should be....well maybe not hanged but given a good spanking at the least http://www.tgeweb.com/cgi-bin/ubb/no...es/biggrin.gif Why do people do these things?? http://www.tgeweb.com/cgi-bin/ubb/no.../angryfire.gif
------------------ Melusine, High Queen of Fluffies, Archbabe of the OHF, the LH, the HADB and the SPAE(Society for the Prevention of Acronym Extinction) & Official Entertainer Elf of the BG2 Bar http://www.angelfire.com/anime2/memnoch/mel1.gif Your voice is ambrosia Amy Brown Fantasy Art |
Possibly it gives them the feeling of power that they lack in their personal life. They can't affect what happens to them day to day so they look for ways to inflict what power they do have onto others. A cheap thrill for cheap, base personalities. Just my opinion though. I caught the CIH virus on my first machine...I scan every e-mail and update the virus definitions constantly. Nothing like losing everything to make you cautious.
http://www.tgeweb.com/cgi-bin/ubb/no...iles/hippy.gif ------------------ http://members.hometown.aol.com/wulf...ages/crest.gif The line between good and evil is razor sharp. Be careful of misteps, lest you find yourself spitted upon your own blade. [This message has been edited by Wulfere (edited 07-21-2001).] |
You guys want to know what's really scary? This virus sent itself to a whole bunch of people who were NOT in my address book, most of them were from TeamBG for some reason. How can it send itself to people who I don't have in my address book? It must be searching through temporary net files or something. Someone who I don't know sent it to me and I thought she was a forum member either here and had a question so I humored it. I'll be more careful next time.
It basically runs each time you try and run an execute file, no matter what, it runs itself instead, so you can't execute anything. I couldn't get ANYTHING to work, not even Norton Antivirus. I had to boot to a DOS prompt and copy my registry to a .com file and then delete and change some registry entries till I got my computer working again. So ■■■■■■■ irritating. Sorry guys... http://www.tgeweb.com/cgi-bin/ubb/no...iles/frown.gif ------------------ http://www.angelfire.com/anime2/memnoch/memnochsig.gif |
Quote:
Luckily I deleted it, it sounds horrible http://www.tgeweb.com/cgi-bin/ubb/no...iles/frown.gif ------------------ Melusine, High Queen of Fluffies, Archbabe of the OHF, the LH, the HADB and the SPAE(Society for the Prevention of Acronym Extinction) & Official Entertainer Elf of the BG2 Bar http://www.angelfire.com/anime2/memnoch/mel1.gif Your voice is ambrosia Amy Brown Fantasy Art |
Yeah Mario, it happened the same to me, ive got some mails of people complaining and i dont even know them !!! im sure its like you say, it searchs in the temporary files or something coz otherwise i dunno what it can be.
that virus was a s*cker one ------------------ http://www.angelfire.com/anime2/memnoch/ertai2.gif "I wish my Angel was here... I fear nothing with her" -Ertai, Captive of the Blinding Angel |
I'm still getting people complaining about it. I had to post this message at TeamBG as well. I was lucky I still had my laptop, I used it to access Symantec's website and find the instructions to manually remove it.
I actually got two from you today, Ertai! I would go to www.symantec.com and print out the removal instructions in case it infects your PC and you can't run your antivirus software. ------------------ http://www.angelfire.com/anime2/memnoch/memnochsig.gif [This message has been edited by Memnoch (edited 07-21-2001).] |
I got 7 of the damned things, 5 of them were in English and sent by someone called M Estacio (mestacio@bigpond.net.au) http://www.tgeweb.com/cgi-bin/ubb/noncgi/smiles/321.gif
I have no idea who this person is! I also got 2 sent in Spanish. Strange thing is, this has only affected one of my hotmail accounts, the one I use to sign up to Baldurs Gate related stuff. None of my other email accounts have got this annoying virus. http://www.tgeweb.com/cgi-bin/ubb/no...miles/conf.gif Then I show my dad it, cos he got one, so what does he do? Click on the damned attachment to see what it is! http://www.tgeweb.com/cgi-bin/ubb/no.../angryfire.gif http://www.tgeweb.com/cgi-bin/ubb/no...es/disgust.gif http://www.tgeweb.com/cgi-bin/ubb/no...les/mad111.gif [This message has been edited by Bonnie (edited 07-21-2001).] |
Quote:
Sorry about that...I don't like my PC being used as a host to spread viruses around. http://www.tgeweb.com/cgi-bin/ubb/noncgi/smiles/mad.gif ------------------ http://www.angelfire.com/anime2/memnoch/memnochsig.gif |
Oh. Erm... Hello Mr Estacio!
It was sorta strange to get two spanish ones from two different people (who I don't know) then get another 5 of the damned things from you! I blocked your email address though, sorry. Good thing you replied so quickly! I was just about to sign you up to a load of junk mail http://www.tgeweb.com/cgi-bin/ubb/no...l_laughter.gif ! |
Quote:
I called tech support right away and ended up rebooting a dozen times and running dos too. Finally got my virus definition files updated and then had to reboot again as I couldn't execute my program. grrrr....then it found the @%$%$% thing but couldn't remove it and now my techs have cleared my machine, but something is still screwy and windows will no longer run. sigh...so glad I am on vacation now. Got two weeks before I have to face that computer again! And Mems, nobody thinks you are responsible! These things are self-perpetuating. A plague on the obnoxious creature that invented this thing! grrrrr Cloudy ------------------ http://www.wizardrealm.com/images/bestow1.jpg Raindancer of the Laughing Hyenas Clan Storm-Queen StormCloud of the Black Knight: Heart Mind Soul Forever "To sleep, perchance to dream..." |
Quote:
------------------ http://www.angelfire.com/anime2/memnoch/memnochsig.gif |
Quote:
I have emailed the NSA the header from the first one I ever got, I came from South America, the header THEY look for is something like this: [pre]B16A0F1E0A85D4119B0A0050BA856ADEEC4CE3@SRVMAIL-SF[/pre] It's a type of 'trace' code. BUT. If they deployed this at a library or some internet cafe, they will very hard to find. Grrrr. ------------------ Ziroc Ironworks Webmaster www.tgeweb.com/ironworks [This message has been edited by Ziroc (edited 07-22-2001).] [This message has been edited by Ziroc (edited 07-22-2001).] |
Thanks for the heads up with this everyone! Scan is the answer! Scan!
------------------ http://www.tgeweb.com/cgi-bin/ubb/no...les/portal.jpg Conan ~*~ |
I just got the virus E-mail a few minutes ago. I have never sent an E-mail before so how could it have targeted me? Anyway I deleted it so no harm done.
|
I found out that this virus searches through cached internet files for ANY email addresses and sends itself to them using Outlook Express. That's why so many people from Ironworks, TeamBG, Mithril Hall, Black Isle Studios, Elysium and PlanetBG Forums got this virus from me and others, because the webpages are all stored in my Temporary Internet Folder. It's spreading like wildfire.
------------------ http://www.angelfire.com/anime2/memnoch/memnochsig.gif |
Thanks Ziroc. Ill be very wary now... and with good reason.....
My wife just got a virus. We think it came from a file sent to her via email. Chinese Dancing Baby crap. Would remind you of the dancing baby on Ally McBeal. Anyway it removed the FAT or FAT32 partition and basicly wouldnt find anything but the Floppy drive. Luckily we got it back up and running after a format and partition. but she lost everything on her hard drive. Good thing we back-up eachothers computers. At least I had all copies of all her important files. We never did find out what the name of the virus was but it was most likely a trojan horse. When we finally got it to lacate the C drive... about a zillion smiley faces came up. hit C:\ and even more came up. My advice to everyone is if you get any email dont open it unless you know the author. Even then, Dont open any attachments. You dont know what youll be getting. ------------------ THERE CAN BE ONLY ONE!!!!!!!!!!! |
| All times are GMT -4. The time now is 09:26 AM. |
Powered by vBulletin® Version 3.8.3
Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.
©2024 Ironworks Gaming & ©2024 The Great Escape Studios TM - All Rights Reserved