dcsimg
A Flash Developer Resource Site

Page 2 of 2 FirstFirst 12
Results 21 to 27 of 27

Thread: VIRUS being sent out by Mesa, AZ FK user

  1. #21
    +thewham
    Guest
    I've just got that mail today....and was wonder'in how did I recieve it...i visited thier homeapge and found that it was some e-commerce site....anyways its all gone in the trash can.

  2. #22
    Senior Member
    Join Date
    Nov 2000
    Posts
    307
    don't forget to empty your trashcan!

  3. #23
    Senior Member
    Join Date
    Aug 2000
    Posts
    264
    To all,

    You could receive it from anyone that has your email address stored on a Windows machine and has executed the worm! It's NOT gonna come from just one address or a recognized common address, which seems to be the way some are thinking it works.

    If you or anyone has got this worm and it has executed then this is what it does:


    The worm contains its own SMTP server which is used for the email routine. It obtains email addresses through two different methods:
    It searches the folder that is referred to by the registry key

    HKEY_CURRENT_USER\Software\Microsoft\
    Windows\CurrentVersion\Explorer\
    Shell Folders\Startup\Cache

    for sho*., get*., hot*., *.htm files, and copies email addresses from there into the file %Windows%\sc??.dll (where ? is a random letter and number).

    It searches the entire drive for *.wab (all Windows Address Books) and copies addresses from there.

    11. It searches the folders referred to by the registry keys

    HKEY_CURRENT_USER\Software\Microsoft\
    Windows\CurrentVersion\Explorer\
    Shell Folders\Startup\Personal

    and

    HKEY_CURRENT_USER\Software\Microsoft\
    Windows\CurrentVersion\Explorer\
    Shell Folders\Startup\Desktop

    For files of type .doc, .xls, .zip, and .exe. If it finds a match, the corresponding file will be appended to the worm's original executable and this new file will be sent as the email attachment to the addresses it found in the address books.

    12. After 8000 executions, the worm will stop running.


    As well as the above it might do the following:


    There is a 1 in 20 chance that on October 16th of any year, the worm will recursively delete all files and folders on the C drive:

    This payload functions only on computers which use the date format D/M/Y (as opposed to M/D/Y or similar formats).


    Hope this clears it up for some people reading this thread!

    Saying you don't need anti-virus protection because everything is backed up, which i hear all the time, is like saying you don't use condoms coz you've already caught HIV! You gotta use it to protect others, not so much yourself! And unlike condoms, anti-virus protection is available free and you don't have to fumble with it in the dark for ages either LOL!

    Sam


  4. #24
    +thewham
    Guest
    Originally posted by Cozz
    don't forget to empty your trashcan!
    Dude..As soon as i delete the message it delete the message from the trash can as well

  5. #25

    Thumbs up

    Yup...I got it...McAfee did not catch it (Hotmail style), but Norton did.
    Below is the note from Norton:

    ************************************************** *****
    Scan type: Realtime Protection Scan
    Event: Virus Found!
    Virus name: W32.Sircam.Worm@mm
    File: C:\recycled\SirC32.exe
    Location: Quarantine
    Computer: FP-TC
    User: v-1tcm
    Action taken: Clean failed : Quarantine succeeded : Access denied
    Date found: Mon Jul 23 08

    ************************************************** *****


    And here is the e-mail sender: benny.1 benny.1@ntlworld.com

    The subject of the e-mail: Worlds_-Eric_E_D-3134

    I had planned on formatting today anyway, so I went ahead and let it infect…on reboot my W2K machine can’t find much in the way of resources, IEXPLORE, etc…


    the kid isn’t too savvy on his coding tho, it’s a punk of a virus, no biggie.

    Keep your ears and eyes open tho’…good luck!
    -chrome

  6. #26
    Member
    Join Date
    Jun 2001
    Posts
    46
    Originally posted by jaredigital
    hmmm... some of the dream.in.code guys live out in AZ...
    I live in Phoenix, AZ !

  7. #27
    Senior Member
    Join Date
    Nov 2000
    Posts
    307

    Dude..As soon as i delete the message it delete the message from the trash can as well
    good lad, and that would be dudette

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  




Click Here to Expand Forum to Full Width

HTML5 Development Center