NEW VIRUS -- Don't Open any PIF, EXE, VBS or COM files ever!

[Xanthul]

Dont open any attachments from me neither.

in fact,dont open any attachments unless you were expecting the file (its the general rule, dunno why i opened that )

------------------
"I wish my Angel was here... I fear nothing with her" -Ertai, Captive of the Blinding Angel

[Cloudbringer]

Also, if you have not updated your virus programs definitions since YESTERDAY, your program will NOT recognize this virus!!!! I can tell you that it does some nasty things to the Windows registry and it spreads from there, leaving a bit in an untouchable archive so the virus protection software can't delete it. Go to the website, Z posted for details.

Cloudy

------------------


Raindancer of the Laughing Hyenas Clan
Storm-Queen
StormCloud of the Black Knight: Heart Mind Soul Forever
"To sleep, perchance to dream..."

If I don't know who you are, I will not read your e-mail. I deleted this right away and will not tolerate this in any way shape or form. We all have security settings and bad things happen to those who do this kind of thing.

------------------
Conan ~*~

[Lioness]

Wow guys, that's rough. I have never recieved any viruses or trash mail ever with verizon.net. it's really good about that. feel bad for you hotmail guys though.

------------------

Official teaser and ranger of the HADB Clan
"I am great...start bowin'"
heeheeheeheehee

[Xanthul]

in www.pandasoftware.com there is some info about it too, like this:

W32/Sircam is a worm that propagates through e-mail by sending itself out to all the addresses found in the infected user's Outlook Address Book. Once installed on the system, the worm modifies the Windows Registry in order to ensure its execution every time an EXE file is executed.



Finally, one of every ten times the worm will delete some data from the computer's hard disk.

Not nice

------------------
"I wish my Angel was here... I fear nothing with her" -Ertai, Captive of the Blinding Angel

[Xanthul]

This info is even more interesting, take a look, its worth:

After infecting the computer, W32/Sircam mails itself out to all the entries found in the infected user's Address Book. The message sent has the following characteristics:

Message body: It is a combination of several texts.
First line: Hola como estás?
Text in the middle:
Te mando este archivo para que me des tu punto de vista
Espero me puedas ayudar con el archivo que te mando
Espero te guste este archivo que te mando
Este es el archivo con la informacion que me pediste
Last line: Nos vemos pronto, gracias
Attachment: A file with double extension, as the worm infects the system by copying itself at the beginning of targeted files, and adds another extensionto the original one.

Symptoms of Infection The first symptom of infection is the reception of an e-mail message with the characteristics described above.

When the user executes an infected file, W32/Sircam creates two hidden copies of itself in the C:\Recycled directory. The first one is named after the attachment included in the e-mail message (without the extension added by the virus), whereas the second one is called SIRC32.EXE.

Next, W32/Sircam will create a third copy of itself in the Windows system folder under the name SCAM32.EXE.

Furthermore, the worm generates a file called SYRCAM.SYS and writes text to it until all the available free space in the hard disk is completely used up.

Means of Infection When the user executes an infected file, W32/Sircam creates two hidden copies of itself in the C:\Recycled directory. Next, it modifies the following entry in the Window Registry:

HKEY_CLASSES_ROOT\exefile\shell\open\command\Defau lt, by assigning to it the "C:\recycled\SirC32.exe" "%1" %* value. From this moment on, every time the user attempts to run an EXE file it will be the worm that is executed.

In addition, W32/Sircam will insert the following Registry entry in order to be executed later on:

HKEY_LOCAL_MACHINE\Software\Mocrosoft\Windows\Curr entVersion

\RunServices\Drivers32= c:\windows\system\Scam32.exe

Note:The destination directory is the Windows Installation folder (by default, c:\windows.)

Furthermore, W32/Sircam enters the following entry in order to store data:

HKEY_LOCAL_MACHINE\Software\Sircam

The worm sends itself out in a system file chosen at random. To do this, W32/Sircam copies itself at the begining of this file, and then adds another extension to the original one. Thus, the file containing the worm will be different on each infection.

Apart from this, W32/Sircam creates two hidden files in the system folder: SCD.DLL and SCW1.DLL. SCD.DLL contains a list with a number of files belonging to the C:\My Documents directory. However, SCW1.DLL contains the mailing list to which the worm sends itself.

Finally, it is worth mentioning that the worm code contains the followintg copyright text:

SirCam_2rP_Eim_NoC_Rma_CniTzeO_MicH_MeX]
[SirCam Version 1.0 Copyright. 2001 2rP Made in / Hecho en - Cuitzeo, Michoacan Mexico]

How to repair the effects caused by W32/Sircam.

Follow the steps below to fix the effects caused by W32/Sircam:

Download PQREMOVE.COM and copy it to a directory of your choice. (you can download this file by clicking on the image below).

Run PQREMOVE.COM by double-clicking on it.

Once these steps have been carried out, your computer will be completely disinfected.

------------------
"I wish my Angel was here... I fear nothing with her" -Ertai, Captive of the Blinding Angel

[Xanthul]

OK i downloaded the file mentioned in the post above and now im clean, what a relief.

so if you get it you can try with that file, its very effective

------------------
"I wish my Angel was here... I fear nothing with her" -Ertai, Captive of the Blinding Angel

Quote:

Originally posted by Conan: If I don't know who you are, I will not read your e-mail. I deleted this right away and will not tolerate this in any way shape or form. We all have security settings and bad things happen to those who do this kind of thing.

Even if its FROM someone you KNOW, don't open it. See, these worms send out the payload (Virus) to EVERYONE in the address book, so if you get an email from your MOM even, be careful. ALWAYS scan. even if it came from god himself, SCAN IT!

People that make these should be hung.




------------------
Ziroc
Ironworks Webmaster
www.tgeweb.com/ironworks

CNN Tech site reports this now.. MUST be bigtime..
http://www.cnn.com/TECH/

Damn!!

------------------
Ziroc
Ironworks Webmaster
www.tgeweb.com/ironworks

[Hayashi]

Some of you probably know this, but some of you won't so here's a tip.

Most of us know better than to run executable files (.exe) without ascertaining the source, especially if it comes via email. But how many of us open text files or MS documents without a second thought? Many viruses that are spread by email masquerade as an innocent file, like .doc or .txt so as to fool the user into thinking that he/she is opening a text file or whatever. They are able to do this because the file extensions have been hidden. This is an option setting under 'Folder Options' of the My Computer window. What this does (when selected) is that it suppresses the three-letter extension that is part of every file. So for instance a file called "Readme.txt" will be displayed as "Readme" with a text file icon.

WIth this 'feature' activated, a malicious person could simply disguise the virus payload by adding an extra three letter extension before the actual extension. For example, suppose I have a virus file called "virus.exe" that I want to spread. If I attach it to my email to you, would you open it? But if I renamed it to "BG2Rocks.doc.exe" and if you have opted to hide files extensions, when you receive my email the file will be seen as "BG2Rocks.doc", and what's more will have the icon of a MS Word document.

How do you protect yourself? Simple - go to the folder "My DOcuments" on your desktop and open it. From the menu bar on top, choose "View", then go to the bottom and choose "Folder Options". This will bring up a small window with three tabs.

Select the centre tab labelled "View". Look for an option called "Hide file extensions of known file types" and make sure that the checkbox is unchecked. Then on top, where it says "You can make all folders look the same" click the button "Like Current Folder". Finally click "OK".

Now all files will show their true extension, including Visual Basic Files (.vbs), executables and so on. So if you receive a suspicious email even from someone you know, check the attachment first before opening it.

It will help also if you install an anti-virus program that scans email as you download from you POP server. I use Norton, and it has caught MANY malicious emails from friends who were unknowingly infected, or even from total strangers! (How they got my email address I don't know).

This has been a public service announcement brought to you courtesy of Clan HADB.

------------------
"Butt-kicking for goodness!" - Minsc
"Cities always teem with evil and decay. Let's give it a good shake and SEE WHAT FALLS OUT!!" - Minsc