Warning

 

Close

Confirm Action

Are you sure you wish to do this?

Confirm Cancel
Member Login
Site Notices
Arrow Left Previous Page
Page / 2
Posted: 11/24/2001 8:44:02 PM EDT
I received this f-ing Virus about 20 minutes ago and it started sending emails to everyone on my list. The title of the email was: re:colt lower Now this is bad because I thought someone was sending me some info I wanted about a Colt LE/Gov only Lower. The Norton web page for the virus that explains is: [url]http://www.sarc.com/avcenter/cgi-bin/virauto.cgi?vid=26784[/url] If I sent you this Virus I am very, very sorry! However, I could not stop it until my Norton updated! medcop
Link Posted: 11/24/2001 8:50:48 PM EDT
I knew something wasn't kosher with this email I got from polarbear@aristotle.net (C.Jones). I'm always leery of downloadable files with double extentions. This one was Docs.doc.pif I got this one at 10:20 eastern time. I didn't open it. C. Jones, whoever you are, check yer machine.
Link Posted: 11/24/2001 8:57:50 PM EDT
I got 2 mails recently that had virus's attached here is one: Subj: September 9 Date: 11/23/01 8:07:25 PM US Mountain Standard Time From: compdocjoe@earthlink.net (Joseph Hoffman) To: beagles747@aol.com File: September9.doc.lnk (171008 bytes) DL Time (28800 bps): < 2 minutes Hi! How are you? I send you this file in order to have your advice See you later. Thanks ===================================== Here's the other: Subj: September 9,2 Date: 11/23/01 4:53:07 PM US Mountain Standard Time From: compdocjoe@earthlink.net (Joseph Hoffman) To: beagles747@aol.com File: September9,2.doc.pif (171520 bytes) DL Time (28800 bps): < 2 minutes Hi! How are you? I send you this file in order to have your advice See you later. Thanks
Link Posted: 11/24/2001 8:58:58 PM EDT
If you guys get file attachments like those don't download them! Later, John
Link Posted: 11/24/2001 8:59:48 PM EDT
[Last Edit: 11/24/2001 8:52:41 PM EDT by medcop]
Originally Posted By Vinnie: I knew something wasn't kosher with this email I got from polarbear@aristotle.net (C.Jones). I'm always leery of downloadable files with double extentions. This one was Docs.doc.pif I got this one at 10:20 eastern time. I didn't open it. C. Jones, whoever you are, check yer machine.
View Quote
That is who mine was from...I delted it before I could copy the actual name, but that was it! edited to add: Well, I was stupid enough and just opened it up! medcop
Link Posted: 11/25/2001 12:52:00 AM EDT
Originally Posted By Beagles747: I got 2 mails recently that had virus's attached here is one: Subj: September 9 Date: 11/23/01 8:07:25 PM US Mountain Standard Time From: compdocjoe@earthlink.net (Joseph Hoffman) To: beagles747@aol.com File: September9.doc.lnk (171008 bytes) DL Time (28800 bps): < 2 minutes Hi! How are you? I send you this file in order to have your advice See you later. Thanks ===================================== Here's the other: Subj: September 9,2 Date: 11/23/01 4:53:07 PM US Mountain Standard Time From: compdocjoe@earthlink.net (Joseph Hoffman) To: beagles747@aol.com File: September9,2.doc.pif (171520 bytes) DL Time (28800 bps): < 2 minutes Hi! How are you? I send you this file in order to have your advice See you later. Thanks
View Quote
That damm Sircam virus again.
Link Posted: 11/25/2001 12:57:01 AM EDT
Link Posted: 11/25/2001 1:05:05 AM EDT
Originally Posted By WhomItMayConcern: I don't keep an address book. It is difficult to get nailed by such a virus when there is nothing for the virus to do.
View Quote
I've got [b]way[/b] too many address to remember to not keep an address book. What I did was make a address of "mail.virus" and the name "!000". If my understanding of how the virus works is correct, this will keep the virus on my machine until the virus scanner picks it up.
Link Posted: 11/25/2001 5:10:36 AM EDT
Originally Posted By WhomItMayConcern: I don't keep an address book. It is difficult to get nailed by such a virus when there is nothing for the virus to do.
View Quote
Go ahead and think thats all they do! You will probably be enlightened soon!
Link Posted: 11/25/2001 12:20:09 PM EDT
Originally Posted By medcop: That is who mine was from...I delted it before I could copy the actual name, but that was it! edited to add: Well, I was stupid enough and just opened it up! medcop
View Quote
Well I also Host for AOL, so I'm always leery of attached files.
Link Posted: 11/25/2001 12:33:36 PM EDT
Here's a copy of the Email I received:
Subj: Re: Your ad at AR15.com Date: 11/24/2001 10:20:52 PM Eastern Standard Time From: _polarbear@aristotle.net (C. Jones) To: VOzaeta@aol.com File: DOCS.DOC.pif (29020 bytes) DL Time (906624 bps): < 1 minute ----------------------- Headers -------------------------------- Return-Path: Received: from rly-yh05.mx.aol.com (rly-yh05.mail.aol.com [172.18.147.37]) by air-yh04.mail.aol.com (v82.22) with ESMTP id MAILINYH43-1124222052; Sat, 24 Nov 2001 22:20:52 -0500 Received: from aristotle.net (aristotle.net [204.233.139.1]) by rly-yh05.mx.aol.com (v82.22) with ESMTP id MAILRELAYINYH52-1124222031; Sat, 24 Nov 2001 22:20:31 -0500 Received: from aol.com (pm15ppp6.aristotle.net [207.150.45.6]) by aristotle.net (8.9.3/8.9.0) with SMTP id VAA05511 for ; Sat, 24 Nov 2001 21:20:17 -0600 (CST) Date: Sat, 24 Nov 2001 21:20:17 -0600 (CST) Message-Id: <200111250320.VAA05511@aristotle.net> From: "C. Jones" <_polarbear@aristotle.net> To: VOzaeta@aol.com Subject: Re: Your ad at AR15.com MIME-Version: 1.0 Content-Type: multipart/related; type="multipart/alternative"; boundary="====_ABC1234567890DEF_====" X-Priority: 3 X-MSMail-Priority: Normal X-Unsent: 1
View Quote
Link Posted: 11/25/2001 12:33:47 PM EDT
I got my first one on Friday. I was quite pi@@#d. OE automatically saved and ran the attachment as soo as I high lighted the header and the msg body showed up on the preview screen i seen the save file or run screen flash then I seen I was uploading something so I killed my connection and looked for the files that were just recently updated on my system and deleted them ( Warning don't try this unless you know what files not to remove, because there will be some files that constantly update on your system ) then removed my address book and was good to go just what I wanted to do at 0500 friday morning[pissed]
Link Posted: 11/25/2001 1:37:18 PM EDT
I got an e-mail with an attachment from pete-in-nh last night, and it had the same virus in it.
Link Posted: 11/25/2001 1:38:28 PM EDT
[Last Edit: 11/25/2001 1:37:07 PM EDT by Pete-in-NH]
Link Posted: 11/25/2001 2:44:05 PM EDT
Pete, No problem.
Link Posted: 11/25/2001 2:52:54 PM EDT
I received it 4 seperate times but didn't download it of course. I think whoever is using this virus is targeting Subguns.com users, here are the e-mail addresses I've received it from - _thornbog@worldnet.att.net (James Deaton) _kjjsam@nh.adelphia.net (Jennifer Janos) _jbar@onemain.com (jbar) _polarbear@aristotle.net (C. Jones) Note the underscore mark, you have to delete it to e-mail the sender that it came from. All the files had a .pif extension I think, never download anything you don't know what is!!
Link Posted: 11/25/2001 3:33:27 PM EDT
Link Posted: 11/25/2001 6:06:17 PM EDT
Gotta new one. Maybe the mods should tack this thread.
Subj: Re: Date: 11/25/2001 6:34:11 PM Eastern Standard Time From: _rebel415@bellsouth.net (sammy lowe) To: VOzaeta@aol.com File: fun.MP3.pif (29020 bytes) DL Time (906624 bps): < 1 minute ----------------------- Headers -------------------------------- Return-Path: Received: from rly-yh05.mx.aol.com (rly-yh05.mail.aol.com [172.18.147.37]) by air-yh03.mail.aol.com (v82.22) with ESMTP id MAILINYH39-1125183411; Sun, 25 Nov 2001 18:34:11 -0500 Received: from imf24bis.bellsouth.net (mail124.mail.bellsouth.net [205.152.58.84]) by rly-yh05.mx.aol.com (v82.22) with ESMTP id MAILRELAYINYH53-1125183351; Sun, 25 Nov 2001 18:33:51 -0500 Received: from aol.com ([66.20.83.201]) by imf24bis.bellsouth.net (InterMail vM.5.01.01.01 201-252-104) with SMTP id <20011125234402.MURM23983.imf24bis.bellsouth.net@aol.com> for ; Sun, 25 Nov 2001 18:44:02 -0500 From: "sammy lowe" <_rebel415@bellsouth.net> To: VOzaeta@aol.com Subject: Re: MIME-Version: 1.0 Content-Type: multipart/related; type="multipart/alternative"; boundary="====_ABC1234567890DEF_====" X-Priority: 3 X-MSMail-Priority: Normal X-Unsent: 1 Message-Id: <20011125234402.MURM23983.imf24bis.bellsouth.net@aol.com> Date: Sun, 25 Nov 2001 18:44:03 -0500
View Quote
Link Posted: 11/25/2001 6:55:31 PM EDT
You dont have to have addresses in you book for the some viruses to affect you. Some worm viruses send mail to everyone in your inbox, all of the other people they sent the same mail to, and everyone in your sent folder. Trust me, they do some serious stuff and some of them send without showing up in Outlook at all using your name and address. Be careful.
Link Posted: 11/25/2001 7:18:06 PM EDT
Originally Posted By medcop: I received this f-ing Virus about 20 minutes ago and it started sending emails to everyone on my list.
View Quote
I really wish you people would stop calling it a virus, because it's not. It's a worm, and a Trojan Horse. But it is [b]not a virus![/b] Every malicious executable is not a virus. When someone calls your AR-15 a "semi-automatic machine gun" I bet you correct them and insist they use the proper terminology.
Link Posted: 11/25/2001 8:14:57 PM EDT
Virus, Trojan, Worm....It still sucks! Yes, it is a worm. I have received it four more times tonight in various emails. However, Norton has stopped it each time. medcop
Link Posted: 11/25/2001 8:23:00 PM EDT
Link Posted: 11/25/2001 8:26:45 PM EDT
I got the same worm tonight but it had a different subject. VShield caught it as soon as I clicked on it.
Link Posted: 11/25/2001 8:59:33 PM EDT
I got my mail from "Sammy", but did not download..........
Link Posted: 11/25/2001 9:40:05 PM EDT
It tried to get me but GoatBoy's know-how saved my ass!! "The Anti-Virus software on ar15.com has reported that you were sent a virus from rebel415@bellsouth.net, with the subject "Re:". The E-mail containing the virus has been quarantined to prevent further damage. *********************************************­********************* Virus Name: : W32/Badtrans.B@mm Attachment: info.DOC.scr" ColtShorty GOA KABA COA JPFO SAF NRA "I won't be wronged, I won't be insulted and I won't be laid a hand on. I don't do these things to other people and I require the same from them."
Link Posted: 11/26/2001 12:58:45 AM EDT
Originally Posted By brouhaha: Is there a Sammy Lowe here? If so, you are infected! Norton stopped it in time though.
View Quote
Hey, I don't know any Sammy Lowe but tell him he sent me an email with no body. Same message from Cliff Br***. So what's the message?
Link Posted: 11/26/2001 1:15:01 AM EDT
I got 4 of those blank re: and empty body emails within the past week too. What the hell are they?
Link Posted: 11/26/2001 2:09:01 AM EDT
I got it too. So if any of you get an email from me with it, I'm sorry. I've got a question for those of you who understand this stuff; I opened the email to my hotmil account, found no message and an attachment. As soon as I realized it, i deleted it. I didn't download it (or at least I didn't think I did). All I did was open the message to see there was an attachment. Am I fucked or what?
Link Posted: 11/26/2001 2:34:52 AM EDT
Originally Posted By shaggy: I got it too. So if any of you get an email from me with it, I'm sorry. I've got a question for those of you who understand this stuff; I opened the email to my hotmil account, found no message and an attachment. As soon as I realized it, i deleted it. I didn't download it (or at least I didn't think I did). All I did was open the message to see there was an attachment. Am I fucked or what?
View Quote
Just looking at the message shouldn't be enough to execute the attached file. Unless they're smarter now. Just never open an app if you are unsure of it. I don't run a virus scanner on my computer so I'm treading on thin ice. I just rely on the Yahoo scanner if I receive suspect email. However, I still won't open it if I don't know the sender. Remember, curiousity killed the cat. It should be ok as long as you didn't actually open the attached file. Never, ever open a double extension file. Such as open_me.doc.bat
Link Posted: 11/26/2001 2:37:41 AM EDT
Originally Posted By shaggy: I got it too. So if any of you get an email from me with it, I'm sorry. Am I fucked or what?
View Quote
Apology accepted if I can play with your American 180.[:P] Nah, just kidding. I didn't receive a virus from you.
Link Posted: 11/26/2001 5:15:51 AM EDT
[Last Edit: 11/26/2001 5:09:40 AM EDT by RBAD]
Hmmm.... There sure are alot of evil virus writing weenies out there. Of course this offers me the opportunity to give "Team AR15.com" membership a plug ! [:D] We maintain a dedicated Declude (tm) Anti-Virus Gateway System which scans ALL inbound and outbound mail for suspect content. (I update the F-Prot and Sophos virus signature files daily) So... AR15.com E-mail accounts should be protected. Regardless of the protection that we provide, it is still VERY important to have and use a good quality anti-virus application on your computer. (I have a personal affinity for Norton Anti-Virus for Win95/98/ME and Win2k Professional and WindowsXP -- Sophos is great for NT and Win2k Server) [b] AR15.com E-Mail Benefits: -------------------------------------------------------- - Cool YourName@AR15.com e-mail address! -------------------------------------------------------- - Full featured POP3/SMTP mail server with SMTP authentication for outbound mail. (allows you to use Outlook Express or any other pop3 mail client to receive AND send mail) -------------------------------------------------------- - WebMail access to your e-mail from ANY computer with a web browser ! (you can use Webmail as your sole method of accessing your e-mail or you can use it in conjunction with pop3 mail... ie: read mail when you are at work or on the road) Have you ever been on the road or traveling and needed access to your e-mail? Problem SOLVED ! -------------------------------------------------------- - Speed and reliability: Our mail servers sit on a high speed dedicated connection with redundancy. -------------------------------------------------------- - Secure and private ! : Tired of your boss reading your e-mail?? By utilizing the WebMail interface, you can access your mail account WITHOUT your employer monitoring your actions. (we are currently setting up an alternate domain just for this purpose: www.AR15Mail.com) In addition, all mail is encrypted on the server and you can choose to access WebMail via SSL. -------------------------------------------------------- - VIRUS SCANNING !! ALL inbound and outbound mail is checked for potential virus/worm content. If suspect content is found, the mail is quarantined on the server and warning messages are sent to both the sender and the recipient. -------------------------------------------------------- Another GREAT reason to cough up the $60 buck membership contribution to help cover some of the Avila's costs! [:D] [/b]
Link Posted: 11/26/2001 6:01:10 AM EDT
[Last Edit: 11/26/2001 5:53:21 AM EDT by RBAD]
Hey -- Am I a good salesman or what?? [img]web-comm.com/ar15/ar15virus.jpg[/img]
Link Posted: 11/26/2001 6:34:45 AM EDT
I received the same virus again this morning, but since I use "eSAFE", it was immediately flagged and removed. Fixing it was very simple for me, but required scouring your system registry for complete romoval... andt that's definately not something that most folks know how to do! This is a very nasty worm that has been around for a couple of months now, in various forms. As I recall, it is basically the same as the "Anthrax" virus that initially hit around the first of October... For great FREE protection, go to [url]www.esafe.com[/url] and download the home version. This antivirus also has a great firewall built into it!
Link Posted: 11/26/2001 6:55:12 AM EDT
[Last Edit: 11/26/2001 7:04:49 AM EDT by DonR]
Link Posted: 11/26/2001 6:58:08 AM EDT
[Last Edit: 11/26/2001 7:07:46 AM EDT by DonR]
Nope. We got it too. Our McAfee never caught a clue. We installed Norton 2002 and removed it. Sorry if anyone else gets it from us.
Link Posted: 11/26/2001 7:16:12 AM EDT
Yeah.. Don only sends porn ! [:D]
Link Posted: 11/26/2001 7:17:23 AM EDT
Originally Posted By Ulysse_Nardin_1846: Just looking at the message shouldn't be enough to execute the attached file. Unless they're smarter now. Just never open an app if you are unsure of it. I don't run a virus scanner on my computer so I'm treading on thin ice. I just rely on the Yahoo scanner if I receive suspect email. However, I still won't open it if I don't know the sender. Remember, curiousity killed the cat. It should be ok as long as you didn't actually open the attached file. Never, ever open a double extension file. Such as open_me.doc.bat
View Quote
I don't run a virus scanner either. I did for a while but when the free subscription ran out, I didn't bother to renew it. The only things I ever download from emails are .jpg's but I wanted to be sure just opening the mail couldn't do it either. And BTW - next time you're in or near eastern PA, you're more than welcome to some trigger time on the 180; just bring your own bucket of Federal .22 ammo.
Link Posted: 11/26/2001 7:17:43 AM EDT
Only to you special folks RBAD! [:D]
Link Posted: 11/26/2001 7:30:48 AM EDT
Link Posted: 11/26/2001 7:33:54 AM EDT
What has me puzzled is that we hooked up another computer Friday night, and it had no address book, or any mail in the Outlook Express. How did this bug get to you?
Link Posted: 11/26/2001 7:40:59 AM EDT
[Last Edit: 11/26/2001 7:34:58 AM EDT by rkbar15]
There is a documented MS security flaw that uses I.E. to execute e-mail virus attachments even if you don't open the attachment. "The virus makes use of the ms01-020 exploit, which means that the virus can execute on reading or previewing the email from within OutLook - it is not necessary to double click on any attachment. A patch to fix this exploit is available from Microsoft." [url]http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS01-020.asp[/url] Some more info about this virus: [url]http://www.messagelabs.com/viruseye/report.asp?id=86[/url]
Link Posted: 11/26/2001 7:41:24 AM EDT
Link Posted: 11/26/2001 7:42:59 AM EDT
[Last Edit: 11/26/2001 8:01:55 AM EDT by DonR]
Got it from Pete too on Saturday. You guys might want to check out this link for info: [url]http://securityresponse.symantec.com/avcenter/venc/data/w32.badtrans.b@mm.html[/url] Edited to make live link.
Link Posted: 11/27/2001 2:39:21 AM EDT
Originally Posted By shaggy:
Originally Posted By Ulysse_Nardin_1846: Just looking at the message shouldn't be enough to execute the attached file. Unless they're smarter now. Just never open an app if you are unsure of it. I don't run a virus scanner on my computer so I'm treading on thin ice. I just rely on the Yahoo scanner if I receive suspect email. However, I still won't open it if I don't know the sender. Remember, curiousity killed the cat. It should be ok as long as you didn't actually open the attached file. Never, ever open a double extension file. Such as open_me.doc.bat
View Quote
I don't run a virus scanner either. I did for a while but when the free subscription ran out, I didn't bother to renew it. The only things I ever download from emails are .jpg's but I wanted to be sure just opening the mail couldn't do it either. And BTW - next time you're in or near eastern PA, you're more than welcome to some trigger time on the 180; just bring your own bucket of Federal .22 ammo.
View Quote
Hey thanks Shaggy!
Link Posted: 11/27/2001 5:37:25 PM EDT
Oh hell, I got a message from sammy lowe yesterday and I've been trying to open it? What dI do now???!!! Please help!!!
Link Posted: 11/27/2001 5:41:10 PM EDT
Link Posted: 11/27/2001 5:58:25 PM EDT
Link Posted: 11/27/2001 6:54:35 PM EDT
Checked my Yahoo mail earlier today, for the first time in 4 days, and found 2 emails that were infected. Didn't recognize either sender, and both just had RE in the subject box.
Link Posted: 11/27/2001 11:19:39 PM EDT
I received one today Re: about your request for information on 9mm uppers from:EDME. I didn't click on the attachment and thought it was funny the attachment was ME_NudeMP3.scr or something like that. I deleted it. As to the person above who doesn't use virus scan and only opens JPEG's. My Norton caught a virus from a JPEG on a webpage 2 days ago "JSException.Exploit
Link Posted: 11/28/2001 5:38:41 AM EDT
[url]http://www.cnn.com/2001/TECH/internet/11/27/badtrans.update/index.html[/url] RatBastards!
Link Posted: 11/28/2001 5:55:06 AM EDT
Does anyone know if it will still open automatically if I disable the Outlook preview pane?
Arrow Left Previous Page
Page / 2
Top Top