NEW VIRUS -- Don't Open any PIF, EXE, VBS or COM files ever!

[Bonnie]

I got 7 of the damned things, 5 of them were in English and sent by someone called M Estacio (mestacio@bigpond.net.au)

I have no idea who this person is! I also got 2 sent in Spanish. Strange thing is, this has only affected one of my hotmail accounts, the one I use to sign up to Baldurs Gate related stuff. None of my other email accounts have got this annoying virus.

Then I show my dad it, cos he got one, so what does he do? Click on the damned attachment to see what it is!


[This message has been edited by Bonnie (edited 07-21-2001).]

[Memnoch]

Quote:

Originally posted by Bonnie: I got 7 of the damned things, 5 of them were in English and sent by someone called M Estacio (mestacio@bigpond.net.au)

Bonnie, M Estacio's me by the way. Damned if I know how it got your email address from, I haven't got yours. The only connection between people I've sent it to and me is Ironworks, Mithril Hall, and TeamBG.

Sorry about that...I don't like my PC being used as a host to spread viruses around.

------------------

[Bonnie]

Oh. Erm... Hello Mr Estacio!

It was sorta strange to get two spanish ones from two different people (who I don't know) then get another 5 of the damned things from you! I blocked your email address though, sorry. Good thing you replied so quickly! I was just about to sign you up to a load of junk mail !

[Cloudbringer]

Quote:

Originally posted by Memnoch: You guys want to know what's really scary? This virus sent itself to a whole bunch of people who were NOT in my address book, most of them were from TeamBG for some reason. How can it send itself to people who I don't have in my address book? It must be searching through temporary net files or something. Someone who I don't know sent it to me and I thought she was a forum member either here and had a question so I humored it. I'll be more careful next time. It basically runs each time you try and run an execute file, no matter what, it runs itself instead, so you can't execute anything. I couldn't get ANYTHING to work, not even Norton Antivirus. I had to boot to a DOS prompt and copy my registry to a .com file and then delete and change some registry entries till I got my computer working again. So ■■■■■■■ irritating. Sorry guys...

Exactly! That's how I figured it out. The nature of the attachment..whoo, (Memsy, had me seriously wondering about your literary taste for a hundredth of a second ), and the fact that almost immediately I found I couldn't open my screensaver program or do a scandisk on my system made it suspect.

I called tech support right away and ended up rebooting a dozen times and running dos too. Finally got my virus definition files updated and then had to reboot again as I couldn't execute my program. grrrr....then it found the @%$%$% thing but couldn't remove it and now my techs have cleared my machine, but something is still screwy and windows will no longer run. sigh...so glad I am on vacation now. Got two weeks before I have to face that computer again!

And Mems, nobody thinks you are responsible! These things are self-perpetuating.
A plague on the obnoxious creature that invented this thing! grrrrr

Cloudy

------------------


Raindancer of the Laughing Hyenas Clan
Storm-Queen
StormCloud of the Black Knight: Heart Mind Soul Forever
"To sleep, perchance to dream..."

[Memnoch]

Quote:

Originally posted by Bonnie: Oh. Erm... Hello Mr Estacio! It was sorta strange to get two spanish ones from two different people (who I don't know) then get another 5 of the damned things from you! I blocked your email address though, sorry. Good thing you replied so quickly! I was just about to sign you up to a load of junk mail !

No worries, I'm just puzzled as to how it did this. It sent itself to a bunch of people at TeamBG and Mithril Hall as well. My having a DSL connection doesn't help, obviously.

------------------

Quote:

Originally posted by Memnoch: You guys want to know what's really scary? This virus sent itself to a whole bunch of people who were NOT in my address book, most of them were from TeamBG for some reason. How can it send itself to people who I don't have in my address book? It must be searching through temporary net files or something. Someone who I don't know sent it to me and I thought she was a forum member either here and had a question so I humored it. I'll be more careful next time. It basically runs each time you try and run an execute file, no matter what, it runs itself instead, so you can't execute anything. I couldn't get ANYTHING to work, not even Norton Antivirus. I had to boot to a DOS prompt and copy my registry to a .com file and then delete and change some registry entries till I got my computer working again. So ■■■■■■■ irritating. Sorry guys...

I can tell you this: The CIA, NSA and FBI are already DEEP into this. Looking for the person already, and I bet they find them/him/her/IT.

I have emailed the NSA the header from the first one I ever got, I came from South America, the header THEY look for is something like this:

[pre]B16A0F1E0A85D4119B0A0050BA856ADEEC4CE3@SRVMAIL-SF[/pre] It's a type of 'trace' code. BUT. If they deployed this at a library or some internet cafe, they will very hard to find. Grrrr.

------------------
Ziroc
Ironworks Webmaster
www.tgeweb.com/ironworks

[This message has been edited by Ziroc (edited 07-22-2001).]

[This message has been edited by Ziroc (edited 07-22-2001).]

Thanks for the heads up with this everyone! Scan is the answer! Scan!

------------------
Conan ~*~

[machinehead]

I just got the virus E-mail a few minutes ago. I have never sent an E-mail before so how could it have targeted me? Anyway I deleted it so no harm done.

[Memnoch]

I found out that this virus searches through cached internet files for ANY email addresses and sends itself to them using Outlook Express. That's why so many people from Ironworks, TeamBG, Mithril Hall, Black Isle Studios, Elysium and PlanetBG Forums got this virus from me and others, because the webpages are all stored in my Temporary Internet Folder. It's spreading like wildfire.

------------------

[Earthdog]

Thanks Ziroc. Ill be very wary now... and with good reason.....

My wife just got a virus. We think it came from a file sent to her via email. Chinese Dancing Baby crap. Would remind you of the dancing baby on Ally McBeal.

Anyway it removed the FAT or FAT32 partition and basicly wouldnt find anything but the Floppy drive. Luckily we got it back up and running after a format and partition. but she lost everything on her hard drive. Good thing we back-up eachothers computers. At least I had all copies of all her important files.

We never did find out what the name of the virus was but it was most likely a trojan horse. When we finally got it to lacate the C drive... about a zillion smiley faces came up. hit C:\ and even more came up.

My advice to everyone is if you get any email dont open it unless you know the author. Even then, Dont open any attachments. You dont know what youll be getting.

------------------
THERE CAN BE ONLY ONE!!!!!!!!!!!