Posted: 7/25/2001 9:12:56 PM EDT
|
I've received 2 identical e-mails from different people with attachments. Is there another e-mail virus going around? Here's the message I got: Hi! How are you? I send you this file in order to have your advice See you later. Thanks -------------------------------------------------------------------------------- Anyone else received this message? I know better than to just open an attachment someone sends me unless it's something I'm expecting. USPC40 ------------------------------------------------- [b][blue]NRA Life Member[/blue][/b] - [url]www.nra.org[/url] [b][blue]GOA Life Member[/blue][/b] - [url]www.gunowners.org[/url] [b][blue]SAF Member[/blue][/b] - [url]www.saf.org[/url] [b][blue]SAS Supporter[/blue][/b] - [url]www.sas-aim.org[/url] [img]www.ar15.com/members/albums/USPC40/alabamaflag.gif[/img] |
|
Thanks for the quick response. USPC40 ------------------------------------------------- [b][blue]NRA Life Member[/blue][/b] - [url]www.nra.org[/url] [b][blue]GOA Life Member[/blue][/b] - [url]www.gunowners.org[/url] [b][blue]SAF Member[/blue][/b] - [url]www.saf.org[/url] [b][blue]SAS Supporter[/blue][/b] - [url]www.sas-aim.org[/url] [img]www.ar15.com/members/albums/USPC40/alabamaflag.gif[/img] |
|
Go and read this ASAP ! [url]www.ar15.com/forums/topic.html?id=39718[/url] If you have not signed up for membership here, DO IT NOW ! It is worth the $$ just for the anti-virus protection. (and cool e-mail address and the ability to check your mail from any computer) The AR15.com mail system saved my butt a few times in the past few days. Goatboy is my new guardian angel! |
|
Quoted: Go and read this ASAP ! [url]www.ar15.com/forums/topic.html?id=39718[/url] If you have not signed up for membership here, DO IT NOW ! It is worth the $$ just for the anti-virus protection. (and cool e-mail address and the ability to check your mail from any computer) The AR15.com mail system saved my butt a few times in the past few days. Goatboy is my new guardian angel! Is there something special you have to do for it to scan your e-mail? Both e-mails I got came to my AR15.com account. Apparently, it wasn't able to catch that virus. What I want to know is how did they get my e-mail address in the first place? USPC40 ------------------------------------------------- [b][blue]NRA Life Member[/blue][/b] - [url]www.nra.org[/url] [b][blue]GOA Life Member[/blue][/b] - [url]www.gunowners.org[/url] [b][blue]SAF Member[/blue][/b] - [url]www.saf.org[/url] [b][blue]SAS Supporter[/blue][/b] - [url]www.sas-aim.org[/url] [img]www.ar15.com/members/albums/USPC40/alabamaflag.gif[/img] |
|
Quoted: Is there something you have to do to set up the virus scanning or did it just miss those? I think I can answer your questions: 1. There is nothing that you have to do on your end to configure this feature. There is a Anti-Virus Gateway that intercepts offending transmissions and quarantines them before they get to the mail server. 2. We were a bit slow in updating the anti-virus signature code on the gateway. I believe it was 1/2 day before we got the latest revision up after it was released. (this release contained the anti-virus signatures for the SirCam worm/virus) It has been fully functional for the past several days however.. 3. The way that this insidious virus gets transmitted is quite unique. It appears to scour content on your computer (INCLUDING CACHED WEB PAGES THAT YOU HAVE VIEWED!) for e-mail addresses to use to send itself to others! [red]" 10. The worm contains its own SMTP engine which is used for the email routine. It obtains email addresses through two different methods: It searches the folders that are referred to by the registry keys HKEY_CURRENT_USER\Software\MicrosoftWindows\CurrentVersion\ExplorerShell Folders\Cache and HKEY_CURRENT_USER\Software\MicrosoftWindows\CurrentVersion\ExplorerShell Folders\Personal for sho*., get*., hot*., *.htm files, and copies email addresses from there into the file %system%\sc?1.dll" [/red] For more info on this : [url]www.sarc.com/avcenter/venc/data/[email protected][/url] Please let us (goatboy or myself) know if you receive any virus/worm that was NOT trapped and removed by the AR15.com mail system. Thanks, RBAD |
|
Thanks RBAD. That's explains everything. I appreciate the work you and Goatboy are doing for us. USPC40 ------------------------------------------------- [b][blue]NRA Life Member[/blue][/b] - [url]www.nra.org[/url] [b][blue]GOA Life Member[/blue][/b] - [url]www.gunowners.org[/url] [b][blue]SAF Member[/blue][/b] - [url]www.saf.org[/url] [b][blue]SAS Supporter[/blue][/b] - [url]www.sas-aim.org[/url] [img]www.ar15.com/members/albums/USPC40/alabamaflag.gif[/img] |
|
I have received this virus over a dozen seperate times just today alone, and another 6 or 7 times the couple days prior. I use Eudora Email exclusively, and have setup filters to catch it upon arrival. Since this email appears different every time you receive it, I have had to filter the body of the message sine it is the only constant that exists. Also, I am using "eSAFE" virus protection, and it works like a dream. "eSAFE" is also availabe as a FREE download! [url]www.esafe.com[/url] |
|
Here's mine: From: "Nick Amodei" To: [email protected] Subject: mech Date: Fri, 3 Aug 2001 12:06:45 -0500 Hi! How are you? I send you this file in order to have your advice See you later. Thanks -------------------------------------------------------------------------------- Attachment mech.zip.pif Type .pif : Scanning recommended |
|
Quoted: I've had this damn thing sent to me three different times. What exactly will it do if you open it? It will infect your computer with the SirCam virus. Then your computer will start sending out that same e-mail to any e-mail address it can find on your computer. USPC40 ------------------------------------------------- [b][blue]NRA Life Member[/blue][/b] - [url]www.nra.org[/url] [b][blue]GOA Life Member[/blue][/b] - [url]www.gunowners.org[/url] [b][blue]SAF Member[/blue][/b] - [url]www.saf.org[/url] [b][blue]SAS Supporter[/blue][/b] - [url]www.sas-aim.org[/url] [img]www.ar15.com/members/albums/USPC40/alabamaflag.gif[/img] |
|
Just so you know I got the virus even though no one opened it if you think you might have it I can send you a file that will take it out of your computer. I used the Norton Anti-virus and it told me I had the virus but could not get it out of my system and when I scanned the computer with the Norton it said all virus where gone but they where not. I was given this file and it took care of everything. It's a small download and its made to take care of this worm virus e-mail me and I'll send it to you. |
|
Geez Tayous !! YOU were one of the biggest offenders of generating the replication of this worm to AR15.com members ! (according to the mail server logs) [>:/] Are you SURE that this "file" that you received is legit? Norton Anti-Virus (w/ signatures dated > 07.19.2001) should have taken care of it w/o a problem! Lemme know if you are still experiencing any problems and/or need any assistance. [:)] |
|
Got the same e-mail from tayous about 3 times now. Never downloaded them, just hit delete. I was wondering if it was the same tayous as here on Ar15.com. I've never had contact with tayous via email or otherwise(except maybe a post) and don't know anybody else who uses that handle, so those e-mails got trashed. I've been lucky so far, I usually know what e-mails and from who to expect them from. Hey tayous, are you a girl? I got the impression from your e-mail address/description you are female. Or do you use your wifes/girlfriends e-mail account? |
|
In order to be infected, you would have to actually execute (double-click/run/open) the attachment. With many mail systems, you WILL have already *downloaded* the file, but as long as you delete it and don't run it, you're fine. Some mail programs have "auto-preview" or "auto-run" features that *should be turned OFF*, as they could execute the attachment for you. Most/all current versions that have this feature will install with it disabled, though some older versions enabled it by default (bad, BAD!). The whole trick is that the people writing these email viruses count on folks being curious/lazy/bored enough to double-click on any attachment regardless of who sent it. It's the whole Trojan Horse idea... -Troy |
|
Getting rid of spyware is easy and free. D/L Ad-Aware program from this site: [url]www.lavasoftusa.com[/url]. I set mine to run on startup. Goodbye spyware. IMHO, must-haves for internet surfing: Cable/DSL, Anti-virus software, firewall [url]www.zonealarm.com[/url], and ad-aware. P.S., Zonealarm is free, too. |