Computer Viruses

[Victor von Steiner]

My computer just got hit with the W32?Hybris.plugin@MM virus. It infected or created the following files.

DCGDOCEA.CGD
BJDBPBCA.JDB
AMJIPIJA.MJI
AGEMHMEI.GEM
AD CGDOCE.DCG
ABJDBPBC.BJD

Please check your computer for this virus if you do not have the lastest update from your virus protection software.

------------------
Vampire Lord

I am your Lord.
I dine on the Best.
So come, give me your BLOOD!

[Victor von Steiner]

Here is am update concerning the virus in an e-mail I received.

+-------------------
| Please read this whole email as it contains information that can
| be used to protect your computer from a Virus that is spreading
| around the internet.
|
|NOTA BENE: This message is automatically generated; PLEASE DO NOT REPLY.
| Subsequent email with the same reply-to address should not
| induce additional responses from this service.
+---------

/....

[Translate, Traduisent, Ubersetzen, Traducono, Traduzem, Traducen]

(Translations were done by kind visitors to our site)

Portuguese: www.sexyfun.net/letters/auto/portuguese.html
Spanish: www.sexyfun.net/letters/auto/spanish.txt
French: www.sexyfun.net/letters/auto/french.html
Finnish: www.sexyfun.net/letters/auto/finnish.txt

..../


+-------------------
| Please read this e-mail in its entirety as it contains information
| that you can use to protect your computer from a Virus spreading
| around the Internet.
|
| NOTE: This message is automatically generated; PLEASE DO NOT REPLY.
| Subsequent e-mail with the same reply-to address should not
| induce additional responses from this service.
+-------------------

Hello,

You are receiving this message because an e-mail, which contained
your e-mail address as the return/reply-to address, was sent to
hahaha@sexyfun.net. Possible reasons you received this message are
as follows:

1) You sent an e-mail to hahaha@sexyfun.net to complain to or notify
this user about their SPAMMING, sending an e-mail with a virus,
sending an e-mail that has content that may not be appropriate for
minors and/or to remove yourself from a mailing list, etc.

2) Someone else sent an e-mail to hahaha@sexyfun.net and they are using
your e-mail address as their return/reply-to address. If this is the
case, we are sorry that this e-mail was sent to you. However, please
read it, as it contains information about the Virus we are trying to
stop from spreading across the Internet.

3) Your anti-virus software sent an e-mail back to hahaha@sexyfun.net to
inform them that the e-mail they sent contained a virus. Most
of the time, this e-mail is sent without your knowledge by the
anti-virus software itself.

4) Someone has subscribed the e-mail address hahaha@sexyfun.net to a mailing
list to which you are also subscribed. The program that sends this
message out tries to make sure that it is not responding to any e-mails
that it receives from a list server by checking the full e-mail headers
for list information. Some lists do not provide any keys in their full
e-mail headers that we can use to keep the our program from responding.
If you think this is the case, please contact your list admin and have
them remove hahaha@sexyfun.net from their member list.


This Spam, containing "Snowhite" in the Subject, is a Virus called
Hybris.gen. It sends out e-mail from your e-mail program with
attachments also infected with the virus, in an attempt to infect more
computers. This virus scans incoming and outgoing mail and http traffic
for e-mail addresses to send a copy of itself to. The e-mail the virus sends
out use a fake or spoofed "FROM:" address of hahaha@sexyfun.net to hide its tracks.

We registered the domain http://www.sexyfun.net to provide you,
the Internet user, with information about this Virus, tips on how to
detect, clean and trace it, and how to protect your computer from it in
the future.

Here are some other facts that may answer questions you may already have:

1) We do NOT maintain any mailing lists on our system.
2) This user (hahaha) does NOT exist on our system.
3) The e-mail you got with the From: field of hahaha@sexyfun.net did NOT
come from sexyfun.net or the web hosting company's network. This
e-mail address was FAKED or SPOOFED.
4) The e-mail you got is a way for the Hybris.gen Virus to spread
itself around the Internet just like the ILOVEYOU Virus that surfaced
a year ago.
5) The "Received:" line of the FULL e-mail header will tell you the IP or
Computer name of the person(s) that sent you the Virus. Most likely,
it came from someone you know who is unaware that his or her computer
is infected with the virus.
6) By visiting the domain http://www.sexyfun.net, you will find helpful
information about the Hybris.gen Virus and links to software you
can use to clean your computer if you are infected, as well as other
miscellaneous information.
7) We did NOT create the virus nor do we know the person(s) who created the
virus. We are NOT affiliated with this person or persons. The same
applies to our web hosting company.

NOTE: As long as you don't run/open/double click on the attachment
of the e-mail, this virus should not be able to infect you just by
reading the e-mail.

Here are links to well known companies of anti-virus products that
will show that what has been said above is true:

http://www.zdnet.com/enterprise/stor...716778,00.html
http://www.f-secure.com/v-descs/hybris.shtml
http://vil.mcafee.com/dispVirus.asp?virus_k=98873&
http://www.kaspersky.com/news.asp?tn...&id=134&page=0

This is the link to the website we have set up to provide additional
information about the Virus:

http://www.sexyfun.net/ (this is not an adult site of any type)

If have any questions about this, our contact information is located on
our web site (http://www.sexyfun.net/)

Thank you for your time.

-----
NOTE: Any replies sent to the e-mail address of our auto-responder are not
viewed by us. Please use the contact information located on our web site.
Thank you.


------------------
Vampire Lord

I am your Lord.
I dine on the Best.
So come, give me your BLOOD!

[Victor von Steiner]

Here is a latest update. The other name for the virus is Snowwhite and the Seven Dwarfs. I have scanned my computer several times now but I think it is finally over. I also downloaded a program to find Trojans but I never found any. Also anyone who has me in their MSN list to scan your computer to be on the safe side.


Update: I just scanned two more times and found 12 more files. 6 files each time and I can't find the actual virus that keeps spawning these files. So any other help I can use. Please post it.
------------------
Vampire Lord

I am your Lord.
I dine on the Best.
So come, give me your BLOOD!

[This message has been edited by Victor von Steiner (edited 07-04-2001).]

[This message has been edited by Victor von Steiner (edited 07-04-2001).]

[WOLFGIR]

Hmm, what antivirus tool do you use??

I use the Trend PC Cillin tool, and it is an online scan antivirus and it updates almost once a week. I can tell you that that program is real good, also, checkout for the Ad-Aware program , great to find and remove spyware and such programs..

Also, try to set your computer to make a full virus scan and remove from boot up since some viruses hides in the ram memory on startup..

Well don´t know that much about the virus but hopefully some of this might help you.. Otherwise you have a long and booring work to reformat before you!

Good luck buddy!

------------------

Yawning lazywolf dreaming about nice little fairies...zzzzz
Wolfgirs lair
once-upon-a-paper

[Victor von Steiner]

I use Mcafee. It was the one that came with my computer. I have done a scan today and I did not find anymore so I am crossing my fingers. If anyone knows of a good one that can be downloaded let me know.

------------------
Vampire Lord

I am your Lord.
I dine on the Best.
So come, give me your BLOOD!