User Panel
Posted: 11/24/2001 8:44:02 PM EDT
I received this f-ing Virus about 20 minutes ago and it started sending emails to everyone on my list.
The title of the email was: re:colt lower Now this is bad because I thought someone was sending me some info I wanted about a Colt LE/Gov only Lower. The Norton web page for the virus that explains is: [url]http://www.sarc.com/avcenter/cgi-bin/virauto.cgi?vid=26784[/url] If I sent you this Virus I am very, very sorry! However, I could not stop it until my Norton updated! medcop |
|
I knew something wasn't kosher with this email I got from [email protected] (C.Jones). I'm always leery of downloadable files with double extentions. This one was Docs.doc.pif
I got this one at 10:20 eastern time. I didn't open it. C. Jones, whoever you are, check yer machine. |
|
I got 2 mails recently that had virus's attached here is one:
Subj: September 9 Date: 11/23/01 8:07:25 PM US Mountain Standard Time From: [email protected] (Joseph Hoffman) To: [email protected] File: September9.doc.lnk (171008 bytes) DL Time (28800 bps): < 2 minutes Hi! How are you? I send you this file in order to have your advice See you later. Thanks ===================================== Here's the other: Subj: September 9,2 Date: 11/23/01 4:53:07 PM US Mountain Standard Time From: [email protected] (Joseph Hoffman) To: [email protected] File: September9,2.doc.pif (171520 bytes) DL Time (28800 bps): < 2 minutes Hi! How are you? I send you this file in order to have your advice See you later. Thanks |
|
If you guys get file attachments like those don't download them!
Later, John |
|
Quoted: I knew something wasn't kosher with this email I got from [email protected] (C.Jones). I'm always leery of downloadable files with double extentions. This one was Docs.doc.pif I got this one at 10:20 eastern time. I didn't open it. C. Jones, whoever you are, check yer machine. View Quote That is who mine was from...I delted it before I could copy the actual name, but that was it! edited to add: Well, I was stupid enough and just opened it up! medcop |
|
Quoted: I got 2 mails recently that had virus's attached here is one: Subj: September 9 Date: 11/23/01 8:07:25 PM US Mountain Standard Time From: [email protected] (Joseph Hoffman) To: [email protected] File: September9.doc.lnk (171008 bytes) DL Time (28800 bps): < 2 minutes Hi! How are you? I send you this file in order to have your advice See you later. Thanks ===================================== Here's the other: Subj: September 9,2 Date: 11/23/01 4:53:07 PM US Mountain Standard Time From: [email protected] (Joseph Hoffman) To: [email protected] File: September9,2.doc.pif (171520 bytes) DL Time (28800 bps): < 2 minutes Hi! How are you? I send you this file in order to have your advice See you later. Thanks View Quote That damm Sircam virus again. |
|
I don't keep an address book. It is difficult to get nailed by such a virus when there is nothing for the virus to do.
|
|
Quoted: I don't keep an address book. It is difficult to get nailed by such a virus when there is nothing for the virus to do. View Quote I've got [b]way[/b] too many address to remember to not keep an address book. What I did was make a address of "mail.virus" and the name "!000". If my understanding of how the virus works is correct, this will keep the virus on my machine until the virus scanner picks it up. |
|
Quoted: I don't keep an address book. It is difficult to get nailed by such a virus when there is nothing for the virus to do. View Quote Go ahead and think thats all they do! You will probably be enlightened soon! |
|
Quoted: That is who mine was from...I delted it before I could copy the actual name, but that was it! edited to add: Well, I was stupid enough and just opened it up! medcop View Quote Well I also Host for AOL, so I'm always leery of attached files. |
|
Here's a copy of the Email I received:
Subj: Re: Your ad at AR15.com Date: 11/24/2001 10:20:52 PM Eastern Standard Time From: [email protected] (C. Jones) To: [email protected] File: DOCS.DOC.pif (29020 bytes) DL Time (906624 bps): < 1 minute ----------------------- Headers -------------------------------- Return-Path: Received: from rly-yh05.mx.aol.com (rly-yh05.mail.aol.com [172.18.147.37]) by air-yh04.mail.aol.com (v82.22) with ESMTP id MAILINYH43-1124222052; Sat, 24 Nov 2001 22:20:52 -0500 Received: from aristotle.net (aristotle.net [204.233.139.1]) by rly-yh05.mx.aol.com (v82.22) with ESMTP id MAILRELAYINYH52-1124222031; Sat, 24 Nov 2001 22:20:31 -0500 Received: from aol.com (pm15ppp6.aristotle.net [207.150.45.6]) by aristotle.net (8.9.3/8.9.0) with SMTP id VAA05511 for Date: Sat, 24 Nov 2001 21:20:17 -0600 (CST) Message-Id: <[email protected]> From: "C. Jones" <[email protected]> To: [email protected] Subject: Re: Your ad at AR15.com MIME-Version: 1.0 Content-Type: multipart/related; type="multipart/alternative"; boundary="====_ABC1234567890DEF_====" X-Priority: 3 X-MSMail-Priority: Normal X-Unsent: 1 View Quote |
|
I got my first one on Friday. I was quite pi@@#d. OE automatically saved and ran the attachment as soo as I high lighted the header and the msg body showed up on the preview screen i seen the save file or run screen flash then I seen I was uploading something so I killed my connection and looked for the files that were just recently updated on my system and deleted them ( Warning don't try this unless you know what files not to remove, because there will be some files that constantly update on your system ) then removed my address book and was good to go just what I wanted to do at 0500 friday morning[pissed]
|
|
I got an e-mail with an attachment from pete-in-nh last night, and it had the same virus in it.
|
|
Sorry Muddog
I was hit like a lot of others and I did not catch it for a few minutes and some infected e-mails were sent The latest update from Nortons was able to fix me up. The hacker that started the thing ought to be hung by his Ba((s Pete in NH |
|
I received it 4 seperate times but didn't download it of course. I think whoever is using this virus is targeting Subguns.com users, here are the e-mail addresses I've received it from -
[email protected] (James Deaton) [email protected] (Jennifer Janos) [email protected] (jbar) [email protected] (C. Jones) Note the underscore mark, you have to delete it to e-mail the sender that it came from. All the files had a .pif extension I think, never download anything you don't know what is!! |
|
Is there a Sammy Lowe here? If so, you are infected! Norton stopped it in time though.
|
|
Gotta new one. Maybe the mods should tack this thread.
Subj: Re: Date: 11/25/2001 6:34:11 PM Eastern Standard Time From: [email protected] (sammy lowe) To: [email protected] File: fun.MP3.pif (29020 bytes) DL Time (906624 bps): < 1 minute ----------------------- Headers -------------------------------- Return-Path: Received: from rly-yh05.mx.aol.com (rly-yh05.mail.aol.com [172.18.147.37]) by air-yh03.mail.aol.com (v82.22) with ESMTP id MAILINYH39-1125183411; Sun, 25 Nov 2001 18:34:11 -0500 Received: from imf24bis.bellsouth.net (mail124.mail.bellsouth.net [205.152.58.84]) by rly-yh05.mx.aol.com (v82.22) with ESMTP id MAILRELAYINYH53-1125183351; Sun, 25 Nov 2001 18:33:51 -0500 Received: from aol.com ([66.20.83.201]) by imf24bis.bellsouth.net (InterMail vM.5.01.01.01 201-252-104) with SMTP id <[email protected]> for From: "sammy lowe" <[email protected]> To: [email protected] Subject: Re: MIME-Version: 1.0 Content-Type: multipart/related; type="multipart/alternative"; boundary="====_ABC1234567890DEF_====" X-Priority: 3 X-MSMail-Priority: Normal X-Unsent: 1 Message-Id: <[email protected]> Date: Sun, 25 Nov 2001 18:44:03 -0500 View Quote |
|
You dont have to have addresses in you book for the some viruses to affect you. Some worm viruses send mail to everyone in your inbox, all of the other people they sent the same mail to, and everyone in your sent folder. Trust me, they do some serious stuff and some of them send without showing up in Outlook at all using your name and address. Be careful.
|
|
Quoted: I received this f-ing Virus about 20 minutes ago and it started sending emails to everyone on my list. View Quote I really wish you people would stop calling it a virus, because it's not. It's a worm, and a Trojan Horse. But it is [b]not a virus![/b] Every malicious executable is not a virus. When someone calls your AR-15 a "semi-automatic machine gun" I bet you correct them and insist they use the proper terminology. |
|
Virus, Trojan, Worm....It still sucks!
Yes, it is a worm. I have received it four more times tonight in various emails. However, Norton has stopped it each time. medcop |
|
Kevin: [email protected] (James Deaton) [email protected] (Jennifer Janos) [email protected] (jbar) [email protected] (C. Jones) View Quote [b] How's just [i]Re:[/i] for a subject... [/b] PC inc headers; _____________________________________ Subj: Re: Date: 11/25/01 6:02:28 PM Central Standard Time From:[email protected] (sl) To: [email protected] File: SETUP.DOC.scr (29020 bytes) DL Time (28800 bps): < 1 minute ----------------------- Headers -------------------------------- Return-Path: Received: from rly-za04.mx.aol.com (rly-za04.mail.aol.com [172.31.36.100]) by air-za02.mail.aol.com (v82.22) with ESMTP id MAILINZA26-1125190228; Sun, 25 Nov 2001 19:02:28 -0500 Received: from imf15bis.bellsouth.net (mail315.mail.bellsouth.net [205.152.58.175]) by rly-za04.mx.aol.com (v82.22) with ESMTP id MAILRELAYINZA48-1125190200; Sun, 25 Nov 2001 19:02:00 -0500 Received: from aol.com ([66.20.83.201]) by imf15bis.bellsouth.net (InterMail vM.5.01.01.01 201-252-104) with SMTP id <[email protected]> for From: "sl" <[email protected]> To: [email protected] Subject: Re: MIME-Version: 1.0 Content-Type: multipart/related; type="multipart/alternative"; boundary="====_ABC1234567890DEF_====" X-Priority: 3 X-MSMail-Priority: Normal X-Unsent: 1 Message-Id: <[email protected]> Date: Sun, 25 Nov 2001 19:03:08 -0500 |
|
I got the same worm tonight but it had a different subject. VShield caught it as soon as I clicked on it.
|
|
It tried to get me but GoatBoy's know-how saved my ass!!
"The Anti-Virus software on ar15.com has reported that you were sent a virus from [email protected], with the subject "Re:". The E-mail containing the virus has been quarantined to prevent further damage. ****************************************************************** Virus Name: : W32/Badtrans.B@mm Attachment: info.DOC.scr" ColtShorty GOA KABA COA JPFO SAF NRA "I won't be wronged, I won't be insulted and I won't be laid a hand on. I don't do these things to other people and I require the same from them." |
|
Quoted: Is there a Sammy Lowe here? If so, you are infected! Norton stopped it in time though. View Quote Hey, I don't know any Sammy Lowe but tell him he sent me an email with no body. Same message from Cliff Br***. So what's the message? |
|
I got 4 of those blank re: and empty body emails within the past week too. What the hell are they?
|
|
I got it too.
So if any of you get an email from me with it, I'm sorry. I've got a question for those of you who understand this stuff; I opened the email to my hotmil account, found no message and an attachment. As soon as I realized it, i deleted it. I didn't download it (or at least I didn't think I did). All I did was open the message to see there was an attachment. Am I fucked or what? |
|
Quoted: I got it too. So if any of you get an email from me with it, I'm sorry. I've got a question for those of you who understand this stuff; I opened the email to my hotmil account, found no message and an attachment. As soon as I realized it, i deleted it. I didn't download it (or at least I didn't think I did). All I did was open the message to see there was an attachment. Am I fucked or what? View Quote Just looking at the message shouldn't be enough to execute the attached file. Unless they're smarter now. Just never open an app if you are unsure of it. I don't run a virus scanner on my computer so I'm treading on thin ice. I just rely on the Yahoo scanner if I receive suspect email. However, I still won't open it if I don't know the sender. Remember, curiousity killed the cat. It should be ok as long as you didn't actually open the attached file. Never, ever open a double extension file. Such as open_me.doc.bat |
|
Quoted: I got it too. So if any of you get an email from me with it, I'm sorry. Am I fucked or what? View Quote Apology accepted if I can play with your American 180.[:P] Nah, just kidding. I didn't receive a virus from you. |
|
Hmmm....
There sure are alot of evil virus writing weenies out there. Of course this offers me the opportunity to give "Team AR15.com" membership a plug ! [:D] We maintain a dedicated Declude (tm) Anti-Virus Gateway System which scans ALL inbound and outbound mail for suspect content. (I update the F-Prot and Sophos virus signature files daily) So... AR15.com E-mail accounts should be protected. Regardless of the protection that we provide, it is still VERY important to have and use a good quality anti-virus application on your computer. (I have a personal affinity for Norton Anti-Virus for Win95/98/ME and Win2k Professional and WindowsXP -- Sophos is great for NT and Win2k Server) [b] AR15.com E-Mail Benefits: -------------------------------------------------------- - Cool [email protected] e-mail address! -------------------------------------------------------- - Full featured POP3/SMTP mail server with SMTP authentication for outbound mail. (allows you to use Outlook Express or any other pop3 mail client to receive AND send mail) -------------------------------------------------------- - WebMail access to your e-mail from ANY computer with a web browser ! (you can use Webmail as your sole method of accessing your e-mail or you can use it in conjunction with pop3 mail... ie: read mail when you are at work or on the road) Have you ever been on the road or traveling and needed access to your e-mail? Problem SOLVED ! -------------------------------------------------------- - Speed and reliability: Our mail servers sit on a high speed dedicated connection with redundancy. -------------------------------------------------------- - Secure and private ! : Tired of your boss reading your e-mail?? By utilizing the WebMail interface, you can access your mail account WITHOUT your employer monitoring your actions. (we are currently setting up an alternate domain just for this purpose: www.AR15Mail.com) In addition, all mail is encrypted on the server and you can choose to access WebMail via SSL. -------------------------------------------------------- - VIRUS SCANNING !! ALL inbound and outbound mail is checked for potential virus/worm content. If suspect content is found, the mail is quarantined on the server and warning messages are sent to both the sender and the recipient. -------------------------------------------------------- Another GREAT reason to cough up the $60 buck membership contribution to help cover some of the Avila's costs! [:D] [/b] |
|
Hey -- Am I a good salesman or what??
[img]web-comm.com/ar15/ar15virus.jpg[/img] |
|
I received the same virus again this morning, but since I use "eSAFE", it was immediately flagged and removed.
Fixing it was very simple for me, but required scouring your system registry for complete romoval... andt that's definately not something that most folks know how to do! This is a very nasty worm that has been around for a couple of months now, in various forms. As I recall, it is basically the same as the "Anthrax" virus that initially hit around the first of October... For great FREE protection, go to [url]www.esafe.com[/url] and download the home version. This antivirus also has a great firewall built into it! |
|
From :
"xxxxxxx&kkkkk" <[email protected]> To : [email protected] Subject : Re: Attachment : Pics.DOC.scr (38k), text5.txt (0b) MIME-Version: 1.0 Received: from [12.5.165.24] by hotmail.com (3.2) with ESMTP id MHotMailBDC9AB370061400432510C05A5180B230; Sat, 24 Nov 2001 19:06:32 -0800 Received: from aol.com ([63.239.102.50]) by ntws.net ; Sat, 24 Nov 2001 21:16:56 -500 cdt From [email protected] Sat, 24 Nov 2001 19:07:19 -0800 X-Priority: 3 X-MSMail-Priority: Normal X-Unsent: 1 X-Rcpt-To: Message-ID: <[email protected]> Got this e-mail from Don_R. Didn't open the attachment yet. Do you gents think this is another virus problem? BTW, Don_R, did you e-mail me? Edited to remove our info. |
|
Nope. We got it too. Our McAfee never caught a clue. We installed Norton 2002 and removed it. Sorry if anyone else gets it from us.
|
|
Quoted: Just looking at the message shouldn't be enough to execute the attached file. Unless they're smarter now. Just never open an app if you are unsure of it. I don't run a virus scanner on my computer so I'm treading on thin ice. I just rely on the Yahoo scanner if I receive suspect email. However, I still won't open it if I don't know the sender. Remember, curiousity killed the cat. It should be ok as long as you didn't actually open the attached file. Never, ever open a double extension file. Such as open_me.doc.bat View Quote I don't run a virus scanner either. I did for a while but when the free subscription ran out, I didn't bother to renew it. The only things I ever download from emails are .jpg's but I wanted to be sure just opening the mail couldn't do it either. And BTW - next time you're in or near eastern PA, you're more than welcome to some trigger time on the 180; just bring your own bucket of Federal .22 ammo. |
|
What has me puzzled is that we hooked up another computer Friday night, and it had no address book, or any mail in the Outlook Express. How did this bug get to you?
|
|
There is a documented MS security flaw that uses I.E. to execute e-mail virus attachments even if you don't open the attachment.
"The virus makes use of the ms01-020 exploit, which means that the virus can execute on reading or previewing the email from within OutLook - it is not necessary to double click on any attachment. A patch to fix this exploit is available from Microsoft." [url]http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS01-020.asp[/url] Some more info about this virus: [url]http://www.messagelabs.com/viruseye/report.asp?id=86[/url] |
|
I have no idea at all. I'm glad that I read this thread, before I check my e-mail.[:)] |
|
Got it from Pete too on Saturday. You guys might want to check out this link for info:
[url]http://securityresponse.symantec.com/avcenter/venc/data/[email protected][/url] Edited to make live link. |
|
Quoted: Quoted: Just looking at the message shouldn't be enough to execute the attached file. Unless they're smarter now. Just never open an app if you are unsure of it. I don't run a virus scanner on my computer so I'm treading on thin ice. I just rely on the Yahoo scanner if I receive suspect email. However, I still won't open it if I don't know the sender. Remember, curiousity killed the cat. It should be ok as long as you didn't actually open the attached file. Never, ever open a double extension file. Such as open_me.doc.bat View Quote I don't run a virus scanner either. I did for a while but when the free subscription ran out, I didn't bother to renew it. The only things I ever download from emails are .jpg's but I wanted to be sure just opening the mail couldn't do it either. And BTW - next time you're in or near eastern PA, you're more than welcome to some trigger time on the 180; just bring your own bucket of Federal .22 ammo. View Quote Hey thanks Shaggy! |
|
Oh hell, I got a message from sammy lowe yesterday and I've been trying to open it? What dI do now???!!! Please help!!!
|
|
Got it twice, but Norton saved my ass. Pop-up alerted me, and no prob thereafter. Whew!
|
|
Checked my Yahoo mail earlier today, for the first time in 4 days, and found 2 emails that were infected. Didn't recognize either sender, and both just had RE in the subject box.
|
|
I received one today Re: about your request for information on 9mm uppers from:EDME. I didn't click on the attachment and thought it was funny the attachment was ME_NudeMP3.scr or something like that. I deleted it.
As to the person above who doesn't use virus scan and only opens JPEG's. My Norton caught a virus from a JPEG on a webpage 2 days ago "JSException.Exploit |
|
[url]http://www.cnn.com/2001/TECH/internet/11/27/badtrans.update/index.html[/url]
RatBastards! |
|
Does anyone know if it will still open automatically if I disable the Outlook preview pane?
|
|
Sign up for the ARFCOM weekly newsletter and be entered to win a free ARFCOM membership. One new winner* is announced every week!
You will receive an email every Friday morning featuring the latest chatter from the hottest topics, breaking news surrounding legislation, as well as exclusive deals only available to ARFCOM email subscribers.
AR15.COM is the world's largest firearm community and is a gathering place for firearm enthusiasts of all types.
From hunters and military members, to competition shooters and general firearm enthusiasts, we welcome anyone who values and respects the way of the firearm.
Subscribe to our monthly Newsletter to receive firearm news, product discounts from your favorite Industry Partners, and more.
Copyright © 1996-2024 AR15.COM LLC. All Rights Reserved.
Any use of this content without express written consent is prohibited.
AR15.Com reserves the right to overwrite or replace any affiliate, commercial, or monetizable links, posted by users, with our own.