I received this f-ing Virus about 20 minutes ago and it started sending emails to everyone on my list.

The title of the email was:

re:colt lower

Now this is bad because I thought someone was sending me some info I wanted about a Colt LE/Gov only Lower.

The Norton web page for the virus that explains is:

[url]http://www.sarc.com/avcenter/cgi-bin/virauto.cgi?vid=26784[/url]

If I sent you this Virus I am very, very sorry!  However, I could not stop it until my Norton updated!

medcop

I knew something wasn't kosher with this email I got from [email protected] (C.Jones).  I'm always leery of downloadable files with double extentions.  This one was Docs.doc.pif

I got this one at 10:20 eastern time.  I didn't open it. C. Jones, whoever you are, check yer machine.

I got 2 mails recently that had virus's attached here is one:

Subj: September 9
Date: 11/23/01 8:07:25 PM US Mountain Standard Time
From: [email protected] (Joseph Hoffman)
To: [email protected]

File:  September9.doc.lnk (171008 bytes)
DL Time (28800 bps): < 2 minutes

Hi! How are you?

I send you this file in order to have your advice

See you later. Thanks

=====================================
Here's the other:

Subj: September 9,2
Date: 11/23/01 4:53:07 PM US Mountain Standard Time
From: [email protected] (Joseph Hoffman)
To: [email protected]

File:  September9,2.doc.pif (171520 bytes)
DL Time (28800 bps): < 2 minutes

Hi! How are you?

I send you this file in order to have your advice

See you later. Thanks

If you guys get file attachments like those don't download them!

Later,
John

That is who mine was from...I delted it before I could copy the actual name, but that was it!

edited to add:  Well, I was stupid enough and just opened it up!

medcop

That damm Sircam virus again.

I've got [b]way[/b] too many address to remember to not keep an address book. What I did was make a address of "mail.virus" and the name "!000". If my understanding of how the virus works is correct, this will keep the virus on my machine until the virus scanner picks it up.

Go ahead and think thats all they do! You will probably be enlightened soon!

Well I also Host for AOL, so I'm always leery of attached files.

Here's a copy of the Email I received:

I got my first one on Friday. I was quite pi@@#d.  OE automatically saved and ran the attachment as soo as I high lighted the header and the msg body showed up on the preview screen i seen the save file or run screen flash then I seen I was uploading something so I killed my connection and looked for the files that were just recently updated on my system and deleted them ( Warning don't try this unless you know what files not to remove, because there will be some files that constantly update on your system ) then removed my address book and was good to go just what I wanted to do at 0500 friday morning[pissed]

I got an e-mail with an attachment from pete-in-nh last night, and it had the same virus in it.

Pete, No problem.

I received it 4 seperate times but didn't download it of course.  I think whoever is using this virus is targeting Subguns.com users, here are the e-mail addresses I've received it from -

[email protected] (James Deaton)
[email protected] (Jennifer Janos)
[email protected] (jbar)
[email protected] (C. Jones)

Note the underscore mark, you have to delete it to e-mail the sender that it came from.  All the files had a .pif extension I think, never download anything you don't know what is!!

Gotta new one.  Maybe the mods should tack this thread.

You dont have to have addresses in you book for the some viruses to affect you. Some worm viruses send mail to everyone in your inbox, all of the other people they sent the same mail to, and everyone in your sent folder. Trust me, they do some serious stuff and some of them send without showing up in Outlook at all using your name and address. Be careful.

I really wish you people would stop calling it a virus, because it's not.  It's a worm, and a Trojan Horse.  But it is [b]not a virus![/b]  Every malicious executable is not a virus.

When someone calls your AR-15 a "semi-automatic machine gun" I bet you correct them and insist they use the proper terminology.

Virus, Trojan, Worm....It still sucks!

Yes, it is a worm.

I have received it four more times tonight in various emails.  However, Norton has stopped it each time.

medcop

I got the same worm tonight but it had a different subject. VShield caught it as soon as I clicked on it.

I got my mail from "Sammy", but did not download..........

It tried to get me but GoatBoy's know-how saved my ass!!

"The Anti-Virus software on ar15.com has reported that you were
sent a virus from [email protected], with the subject "Re:".

The E-mail containing the virus has been quarantined
to prevent further damage.

******************************************************************

Virus Name: : W32/Badtrans.B@mm
Attachment: info.DOC.scr"

ColtShorty

GOA KABA COA JPFO SAF NRA

"I won't be wronged,  I won't be insulted
and I won't be laid a hand on. I don't do
these things to other people and I require
the same from them."

Hey, I don't know any Sammy Lowe but tell him he sent me an email with no body.

Same message from Cliff Br***.

So what's the message?

I got 4 of those blank re: and empty body emails within the past week too. What the hell are they?

I got it too.
So if any of you get an email from me with it, I'm sorry.

I've got a question for those of you who understand this stuff; I opened the email to my hotmil account, found no message and an attachment.  As soon as I realized it, i deleted it.  I didn't download it (or at least I didn't think I did).  All I did was open the message to see there was an attachment.  Am I fucked or what?

Just looking at the message shouldn't be enough to execute the attached file.  Unless they're smarter now.  Just never open an app if you are unsure of it.  I don't run a virus scanner on my computer so I'm treading on thin ice.  I just rely on the Yahoo scanner if I receive suspect email.  However, I still won't open it if I don't know the sender.  Remember, curiousity killed the cat.

It should be ok as long as you didn't actually open the attached file.  Never, ever open a double extension file.  Such as open_me.doc.bat

Apology accepted if I can play with your American 180.[:P]

Nah, just kidding.  I didn't receive a virus from you.

Hmmm....  

There sure are alot of evil virus writing weenies out there.

Of course this offers me the opportunity to give "Team AR15.com" membership a plug ! [:D]


We maintain a dedicated Declude (tm) Anti-Virus Gateway System which scans ALL inbound and outbound mail for suspect content.
(I update the F-Prot and Sophos virus signature files daily)

So...   AR15.com E-mail accounts should be protected.  Regardless of the protection that we provide, it is still VERY important to have and use a good quality anti-virus application on your computer.  

(I have a personal affinity for Norton Anti-Virus for Win95/98/ME and Win2k Professional and WindowsXP --  Sophos is great for NT and Win2k Server)



[b]
AR15.com E-Mail Benefits:

--------------------------------------------------------
- Cool [email protected] e-mail address!
--------------------------------------------------------
- Full featured POP3/SMTP mail server with SMTP authentication for outbound mail.
(allows you to use Outlook Express or any other pop3 mail client to receive AND send mail)
--------------------------------------------------------
- WebMail access to your e-mail from ANY computer with a web browser !
(you can use Webmail as your sole method of accessing your e-mail or you can use it in conjunction with pop3 mail...  ie:  read mail when you are at work or on the road)

Have you ever been on the road or traveling and needed access to your e-mail?
Problem SOLVED !
--------------------------------------------------------
- Speed and reliability:  Our mail servers sit on a high speed dedicated connection with redundancy.
--------------------------------------------------------
- Secure and private ! :  Tired of your boss reading your e-mail??

By utilizing the WebMail interface, you can access your mail account WITHOUT your employer monitoring your actions.

(we are currently setting up an alternate domain just for this purpose:  www.AR15Mail.com)

In addition, all mail is encrypted on the server and you can choose to access WebMail via SSL.
--------------------------------------------------------
- VIRUS SCANNING !!   ALL inbound and outbound mail is checked for potential virus/worm content.
If suspect content is found, the mail is quarantined on the server and warning messages are sent to both the sender and the recipient.
--------------------------------------------------------
Another GREAT reason to cough up the $60 buck membership contribution to help cover some of the Avila's costs!  [:D]



[/b]

Hey -- Am I a good salesman or what??

[img]web-comm.com/ar15/ar15virus.jpg[/img]

I received the same virus again this morning, but since I use "eSAFE", it was immediately flagged and removed.

Fixing it was very simple for me, but required scouring your system registry for complete romoval... andt that's definately not something that most folks know how to do!

This is a very nasty worm that has been around for a couple of months now, in various forms.  As I recall, it is basically the same as the "Anthrax" virus that initially hit around the first of October...

For great FREE protection, go to [url]www.esafe.com[/url] and download the home version.  This antivirus also has a great firewall built into it!

Nope.  We got it too. Our McAfee never caught a clue. We installed Norton 2002 and removed it. Sorry if anyone else gets it from us.

Yeah..  Don only sends porn !  [:D]

I don't run a virus scanner either.  I did for a while but when the free subscription ran out, I didn't bother to renew it. The only things I ever download from emails are .jpg's but I wanted to be sure just opening the mail couldn't do it either.  

And BTW - next time you're in or near eastern PA, you're more than welcome to some trigger time on the 180; just bring your own bucket of Federal .22 ammo.

Only to you special folks RBAD! [:D]

What has me puzzled is that we hooked up another computer Friday night, and it had no address book, or any mail in the Outlook Express. How did this bug get to you?

There is a documented MS security flaw that uses I.E. to execute e-mail virus attachments even if you don't open the attachment.

"The virus makes use of the ms01-020 exploit, which means that the virus can execute on reading or previewing the email from within OutLook - it is not necessary to double click on any attachment.  A patch to fix this exploit is available from Microsoft."

[url]http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS01-020.asp[/url]

Some more info about this virus:

[url]http://www.messagelabs.com/viruseye/report.asp?id=86[/url]

Got it from Pete too on Saturday. You guys might want to check out this link for info:

[url]http://securityresponse.symantec.com/avcenter/venc/data/[email protected][/url]


Edited to make live link.

Hey thanks Shaggy!

Oh hell, I got a message from sammy lowe yesterday and I've been trying to open it?  What dI do now???!!!   Please help!!!

Checked my Yahoo mail earlier today, for the first time in 4 days, and found 2 emails that were infected. Didn't recognize either sender, and both just had RE in the subject box.

 

I received one today Re: about your request for information on 9mm uppers from:EDME.  I didn't click on the attachment and thought it was funny the attachment was ME_NudeMP3.scr or something like that.  I deleted it.

As to the person above who doesn't use virus scan and only opens JPEG's.  My Norton caught a virus from a JPEG on a webpage 2 days ago "JSException.Exploit

[url]http://www.cnn.com/2001/TECH/internet/11/27/badtrans.update/index.html[/url]

RatBastards!

Does anyone know if it will still open automatically if I disable the Outlook preview pane?