I've received 2 identical e-mails from different people with attachments.  Is there another e-mail virus going around?  Here's the message I got:


Anyone else received this message?  I know better than to just open an attachment someone sends me unless it's something I'm expecting.

USPC40

-------------------------------------------------
[b][blue]NRA Life Member[/blue][/b] - [url]www.nra.org[/url]
[b][blue]GOA Life Member[/blue][/b] - [url]www.gunowners.org[/url]
[b][blue]SAF Member[/blue][/b] - [url]www.saf.org[/url]
[b][blue]SAS Supporter[/blue][/b] - [url]www.sas-aim.org[/url]

[img]www.ar15.com/members/albums/USPC40/alabamaflag.gif[/img]

Its the new SirCam virus, DO NOT OPEN IT.

[url]http://www.zdnet.com/zdfeeds/msncobrand/news/0%2C13622%2C2798011%2C-hud00025nshm3%2C00.html[/url]

Read this, its a bad one, but it did get the FBI today.

Thanks for the quick response.

USPC40

-------------------------------------------------
[b][blue]NRA Life Member[/blue][/b] - [url]www.nra.org[/url]
[b][blue]GOA Life Member[/blue][/b] - [url]www.gunowners.org[/url]
[b][blue]SAF Member[/blue][/b] - [url]www.saf.org[/url]
[b][blue]SAS Supporter[/blue][/b] - [url]www.sas-aim.org[/url]

[img]www.ar15.com/members/albums/USPC40/alabamaflag.gif[/img]

Go and read this ASAP !

[url]www.ar15.com/forums/topic.html?id=39718[/url]

If you have not signed up for membership here, DO IT NOW !  It is worth the $$ just for the anti-virus protection. (and cool e-mail address and the ability to check your mail from any computer)

The AR15.com mail system saved my butt a few times in the past few days.   Goatboy is my new guardian angel!

Is there something special you have to do for it to scan your e-mail?  Both e-mails I got came to my AR15.com account.  Apparently, it wasn't able to catch that virus.

What I want to know is how did they get my e-mail address in the first place?

USPC40

-------------------------------------------------
[b][blue]NRA Life Member[/blue][/b] - [url]www.nra.org[/url]
[b][blue]GOA Life Member[/blue][/b] - [url]www.gunowners.org[/url]
[b][blue]SAF Member[/blue][/b] - [url]www.saf.org[/url]
[b][blue]SAS Supporter[/blue][/b] - [url]www.sas-aim.org[/url]

[img]www.ar15.com/members/albums/USPC40/alabamaflag.gif[/img]

I think I can answer your questions:

1. There is nothing that you have to do on your end to configure this feature.  There is a Anti-Virus Gateway that intercepts offending transmissions and quarantines them before they get to the mail server.

2. We were a bit slow in updating the anti-virus signature code on the gateway.  I believe it was 1/2 day before we got the latest revision up after it was released.  (this release contained the anti-virus signatures for the SirCam worm/virus)  It has been fully functional for the past several days however..

3. The way that this insidious virus gets transmitted is quite unique.  It appears to scour content on your computer (INCLUDING CACHED WEB PAGES THAT YOU HAVE VIEWED!) for e-mail addresses to use to send itself to others!

[red]" 10. The worm contains its own SMTP engine which is used for the email routine. It obtains email addresses through two different methods:

It searches the folders that are referred to by the registry keys

HKEY_CURRENT_USER\Software\MicrosoftWindows\CurrentVersion\ExplorerShell Folders\Cache

and

HKEY_CURRENT_USER\Software\MicrosoftWindows\CurrentVersion\ExplorerShell Folders\Personal

for sho*., get*., hot*., *.htm files, and copies email addresses from there into the file %system%\sc?1.dll" [/red]





For more info on this :

[url]www.sarc.com/avcenter/venc/data/[email protected][/url]

Please let us (goatboy or myself) know if you receive any virus/worm that was NOT trapped and removed by the AR15.com mail system.

Thanks,
RBAD

Thanks RBAD.  That's explains everything.

I appreciate the work you and Goatboy are doing for us.

USPC40

-------------------------------------------------
[b][blue]NRA Life Member[/blue][/b] - [url]www.nra.org[/url]
[b][blue]GOA Life Member[/blue][/b] - [url]www.gunowners.org[/url]
[b][blue]SAF Member[/blue][/b] - [url]www.saf.org[/url]
[b][blue]SAS Supporter[/blue][/b] - [url]www.sas-aim.org[/url]

[img]www.ar15.com/members/albums/USPC40/alabamaflag.gif[/img]

I have received this virus over a dozen seperate times just today alone, and another 6 or 7 times the couple days prior.

I use Eudora Email exclusively, and have setup filters to catch it upon arrival.  Since this email appears different every time you receive it, I have had to filter the body of the message sine it is the only constant that exists.

Also, I am using "eSAFE" virus protection, and it works like a dream.  "eSAFE" is also availabe as a FREE download! [url]www.esafe.com[/url]

Here's mine:

just got the virus sent to me, luckily i knew what to look for a nuked it.

I've had this damn thing sent to me three different times.  What exactly will it do if you open it?

It will infect your computer with the SirCam virus.  Then your computer will start sending out that same e-mail to any e-mail address it can find on your computer.

USPC40

-------------------------------------------------
[b][blue]NRA Life Member[/blue][/b] - [url]www.nra.org[/url]
[b][blue]GOA Life Member[/blue][/b] - [url]www.gunowners.org[/url]
[b][blue]SAF Member[/blue][/b] - [url]www.saf.org[/url]
[b][blue]SAS Supporter[/blue][/b] - [url]www.sas-aim.org[/url]

[img]www.ar15.com/members/albums/USPC40/alabamaflag.gif[/img]

[img]216.105.37.221./images/gif022.gif[/img]

Just so you know I got the virus even though no one opened it if you think you might have it I can send you a file that will take it out of your computer.

I used the Norton Anti-virus and it told me I had the virus but could not get it out of my system and when I scanned the computer with the Norton it said all virus where gone but they where not. I was given this file and it took care of everything.

It's a small download and its made to take care of this worm virus e-mail me and I'll send it to you.

Geez Tayous !!

YOU were one of the biggest offenders of generating the replication of this worm to AR15.com members !  
(according to the mail server logs)    [>:/]

Are you SURE that this "file" that you received is legit?
Norton Anti-Virus (w/ signatures dated > 07.19.2001) should have taken care of it w/o a problem!

Lemme know if you are still experiencing any problems and/or need any assistance.   [:)]

Got the same e-mail from tayous about 3 times now. Never downloaded them, just hit delete. I was wondering if it was the same tayous as here on Ar15.com. I've never had contact with tayous via email or otherwise(except maybe a post) and don't know anybody else who uses that handle, so those e-mails got trashed. I've been lucky so far, I usually know what e-mails and from who to expect them from.
Hey tayous, are you a girl? I got the impression from your e-mail address/description you are female. Or do you use your wifes/girlfriends e-mail account?

This may be a stupid question, but here goes...
If you get one of those emails and open the email but do not download the attached file, can you still get the virus?
John

O.K. I admit it, I opened the third one.  What popped up was the ballistics for the .25ACP and the ballistics for the .45 ACP. When it asked if I wanted to "open" it or "save it to disk", I selected open.  Am I alright or do I need some kind of "fix".

Yup, got the same thing twice too.  I ditched it right away.  Glad I did.