Searching \ for '[OT]:NMX a virus?' in subject line. ()
Make payments with PayPal - it's fast, free and secure! Help us get a faster server
FAQ page: www.piclist.com/techref/index.htm?key=nmx+virus
Search entire site for: 'NMX a virus?'.

Exact match. Not showing close matches.
PICList Thread
'[OT]:NMX a virus?'
2001\08\13@200457 by robertf

flavicon
face
Hello,

Im wondering if anyone has
recvd an e-mail with a subject
line NMX attached. Sender want
me to look at this file.
Just got one from someone I
dont know.

rgds,

Robert Francisco

--
http://www.piclist.com#nomail Going offline? Don't AutoReply us!
email spam_OUTlistservTakeThisOuTspammitvma.mit.edu with SET PICList DIGEST in the body


2001\08\13@215025 by Jinx

face picon face
> Hello,
>
> Im wondering if anyone has recvd an e-mail with a subject
> line NMX attached. Sender want me to look at this file.
> Just got one from someone I dont know
>
> rgds,
>
> Robert Francisco

Anything like that from anyone I don't know goes straight in
the bin. Are they chatty, did they ask nicely, is there a reason
why they think you should look at it ? If not, screw them, bin it.
Just because "the world's a smaller place" because of email
doesn't mean people can take liberties

--
http://www.piclist.com#nomail Going offline? Don't AutoReply us!
email .....listservKILLspamspam@spam@mitvma.mit.edu with SET PICList DIGEST in the body


2001\08\13@215751 by David VanHorn

flavicon
face
At 01:44 PM 8/14/01 +1200, Jinx wrote:
> > Hello,
> >
> > Im wondering if anyone has recvd an e-mail with a subject
> > line NMX attached. Sender want me to look at this file.
> > Just got one from someone I dont know

Email them back, and ask them to send it as a zip.
few (no?) viruses/worms use zipfiles.

--
Dave's Engineering Page: http://www.dvanhorn.org

I would have a link to http://www.findu.com/cgi-bin/find.cgi?KC6ETE-9 here
in my signature line, but due to the inability of sysadmins at TELOCITY to
differentiate a signature line from the text of an email, I am forbidden to
have it.

--
http://www.piclist.com#nomail Going offline? Don't AutoReply us!
email listservspamKILLspammitvma.mit.edu with SET PICList DIGEST in the body


2001\08\14@073443 by Russell McMahon

picon face
At the risk of proliferating the dread virus discussions -

This is very very likely the Sir_Cam virus.
Its standard message is along the lines -

           Hi! How are you?

           I send you this file in order to have your advice

           See you later. Thanks

If you get a message with this message text the attachment will be a
randomly chosen file from their PC with the virus embedded in it.
Delete without opening !!!



   Russell McMahon



> Hello,
>
> Im wondering if anyone has
> recvd an e-mail with a subject
> line NMX attached. Sender want
> me to look at this file.
> Just got one from someone I
> dont know.

--
http://www.piclist.com hint: To leave the PICList
.....piclist-unsubscribe-requestKILLspamspam.....mitvma.mit.edu


2001\08\14@094049 by Roman Black

flavicon
face
> > > Im wondering if anyone has recvd an e-mail with a subject
> > > line NMX attached. Sender want me to look at this file.
> > > Just got one from someone I dont know

I just look at them with a hex viewer, they always
start with MZ, which marks the file as an .exe and
yes its a virus. The hex viewer also lets you see
other data in the file.

You can save it as a .txt file and look at it in
notepad or other text editor. Just be careful that
windows doesn't try to run it, normally if it is
tagged .txt windows will just load the data into
the text viewer and it's pretty safe.
-Roman

--
http://www.piclist.com hint: To leave the PICList
EraseMEpiclist-unsubscribe-requestspam_OUTspamTakeThisOuTmitvma.mit.edu


2001\08\14@103324 by wzab

flavicon
picon face
On Tue, Aug 14, 2001 at 11:38:55PM +1000, Roman Black wrote:
>
> You can save it as a .txt file and look at it in
> notepad or other text editor. Just be careful that
> windows doesn't try to run it, normally if it is
> tagged .txt windows will just load the data into
> the text viewer and it's pretty safe.

However be REALLY sure, that it is .txt, and not .txt.exe or .txt.pif
or something like this. Many worms/viruses send themselves in attachments
with such extensions. When window$ displays filenames with hidden extensions
(the default setting), the user may think that she/he is opening the
safe "txt" file, while in fact she/he is running the infected EXE or script
:-(.
BTW. Has someone estimated the losses in global economy caused by crappy
design of M$ OS'es?
--
                             Wojciech M. Zabolotny
       http://www.ise.pw.edu.pl/~wzab  <--> wzabspamspam_OUTise.pw.edu.pl

http://www.debian.org  Use Linux - save your data and time

--
http://www.piclist.com hint: To leave the PICList
@spam@piclist-unsubscribe-requestKILLspamspammitvma.mit.edu


2001\08\14@104654 by Roman Black

flavicon
face
Ned Seith wrote:
>
> Roman,
>
> Again, please excuse my ignorance.
>
> I wasn't aware that virus files started with 4D5Ah.
>
> I would then imagine that 4D5Ah must be Norton and McAffee's first filter?

Ha ha! Not quite so simple, small .exe files
start with MZ. This has been a dos standard since
very early days.

If a file starts with MZ you can be pretty sure
that it is a program that does something.

So don't delete all these files from your
computer! That's all we need, an Anti-Virus
program that deletes every MZ file from
your hard disk... ;o)
-Roman

--
http://www.piclist.com hint: To leave the PICList
KILLspampiclist-unsubscribe-requestKILLspamspammitvma.mit.edu


2001\08\14@120009 by robertf

flavicon
face
regarding the attachment, it
is an .xls.pif.
I'd rather not ask the sender
what it is- afraid of being on
more mass mailing list.
File has been deleted. Problem
solved

Thx,

rf


{Original Message removed}

2001\08\14@121359 by O'Reilly John E NORC

flavicon
face
.pif is like a shortcut IIRC.  The reason the file has two extensions is
that the default windows setup is to hide extensions of know file types.
So, this file would show up as ??????.xls, making you think it's an excel
spreadsheet.

John

{Original Message removed}

2001\08\14@122524 by Roman Black

flavicon
face
O'Reilly John E NORC wrote:
>
> .pif is like a shortcut IIRC.  The reason the file has two extensions is
> that the default windows setup is to hide extensions of know file types.
> So, this file would show up as ??????.xls, making you think it's an excel
> spreadsheet.


The very first thing I do when using a Windows
computer is disable write cacheing and make it
UN-hide file extensions. Both are very smart things
to do when you're dealing with Bill's software.
:o)
-Roman

--
http://www.piclist.com hint: To leave the PICList
RemoveMEpiclist-unsubscribe-requestTakeThisOuTspammitvma.mit.edu


2001\08\14@155354 by Chris Carr

flavicon
face
> BTW. Has someone estimated the losses in global economy caused by crappy
> design of M$ OS'es?
> --
Hadn't you noticed, since George W Bush (pronounced Toxic Texan) became
World President, the World has shrunk to the size of the USA. Now the Global
Economy doesn't matter, only the American Economy and as Micro$oft IS the
American Economy..... It costs money to produce good software, and as aliens
(i.e. Non US Citizens) are prepared to pay for crappy software why should
Micro$oft hurt it's bottom line and hence the American Economy by producing
good software.

Of course I am not serious, I'm just giving the Menwith Hill Computers
something to do. 8-)

Regards

Chris Carr

--
http://www.piclist.com hint: To leave the PICList
spamBeGonepiclist-unsubscribe-requestspamBeGonespammitvma.mit.edu


2001\08\14@160447 by Jim

flavicon
face
... the country is now recovering from the 'party-
on-Garth mentality' that over-took Washington
some eight years ago - while Nero fiddled (w/Monica)
the seeds to our ills were being planted ...

Menwith Hill! Ha! AS IF every danged wireline
circuit ran though there! I wish SOMEBODY
would tally up just how much *real* compute
power would be needed to do 1/100th of what
they *claim* Echelon is capable of ...

Jim

{Original Message removed}

2001\08\14@164701 by Paul Hutchinson

flavicon
face
Un-hiding the file extensions is a very good idea, I always do it.

However some extensions can't be unhidden without hacking the registry.
Among the always hidden extensions are .lnk and .pif, both shortcuts to
executables.

This is how the SirCam virus bit the IT manager at our parent company. He
saved an attachment to his desktop and it showed as filename.xls. He was
expecting an updated spreadsheet from the sender so, he opened it. In
reality the file was named filename.xls.pif so, SirCam executed and then
started Excel and loaded the spreadsheet.

To really make all file extensions show, remove all keys in the registry
named "NeverShowExt". In addition to the usual warnings about hacking the
registry, anyone doing this should be aware that all desktop and start menu
items will now show as shortcutname.lnk or shortcutname.pif. It definitely
makes the menu and desktop look ugly.

Paul

{Quote hidden}

--
http://www.piclist.com hint: To leave the PICList
TakeThisOuTpiclist-unsubscribe-requestEraseMEspamspam_OUTmitvma.mit.edu


2001\08\14@164856 by Barry Gershenfeld

picon face
>You can save it as a .txt file and look at it in
>notepad or other text editor. Just be careful that
>windows doesn't try to run it, normally if it is
>tagged .txt windows will just load the data into
>the text viewer and it's pretty safe.
>-Roman

Better yet, don't view it by clicking on it.  Open
your favorite viewer first and use Open
to read the file in.

>The very first thing I do when using a Windows
>computer is disable write cacheing

Where do I go to change write cacheing?

>regarding the attachment, it
>is an .xls.pif.
> I'd rather not ask the sender
>what it is- afraid of being on
>more mass mailing list.
>rf

Since it is a worm or virus, it is exceedingly
likely the sender isn't even aware of any of this,
and couldn't tell you anything.

Barry

--
http://www.piclist.com hint: To leave the PICList
RemoveMEpiclist-unsubscribe-requestspamTakeThisOuTmitvma.mit.edu


2001\08\14@165926 by Bob Barr

picon face
Barry Gershenfeld wrote:

<snip>

>
>Since it is a worm or virus, it is exceedingly
>likely the sender isn't even aware of any of this,
>and couldn't tell you anything.
>

But if you receive a virus from someone that you do know, you really ought
to let them know that their system is infected. It's probably best not to be
laughing at them when you do though (as much as you might be tempted to).

:=)

Regards, Bob


_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp

--
http://www.piclist.com hint: To leave the PICList
piclist-unsubscribe-requestEraseMEspam.....mitvma.mit.edu


2001\08\14@173005 by wzab

flavicon
picon face
On Tue, Aug 14, 2001 at 03:01:36PM -0500, Jim wrote:
>
> Menwith Hill! Ha! AS IF every danged wireline
> circuit ran though there! I wish SOMEBODY
> would tally up just how much *real* compute
> power would be needed to do 1/100th of what
> they *claim* Echelon is capable of ...
>

One of my friends loves the Echelon people so much that
he configured his mail agent ("mutt" I think) that way
that it adds to each message the additionall header lines:

X-encr-line1:Pp354232fj65340wdfgmj*^$%45estreretrhfghh
X-encr-line2:fbghy6634132we3$%&*&refdsf345344543534545
...

Certainly the each line contains the random characters
generated by a really good random number generator,
Yes, I know it causes the vasting of bandwith, but probably steals a lot
of Echelon computing power as well.

BTW. If someone really wants to send something which should be hidden,
the best method for him is to hide the message with steganographic
techniques (see http://members.tripod.com/steganography/stego/softwareunix.html )
in a big ".jpg" file (eg. "My new wonderful car" or so) and
send it not to the real recipient but just to the public forum
(eg. alt.binaries.pictures.... ) with a previously agreed subject.
The real recipient can retrieve the message without leaving almost
any traces that the hidden message was transferred.
(Sender can additionally use MixMaster or another anonymizing system).

Well, "Echelon" may be good in stealing of trade secrets or investigating
of dummiest criminals. The really dangerous people probably know much better
methods than described above (which anyway is Echelon-safe).
--
                                   Regards,
                             Wojciech M. Zabolotny
       http://www.ise.pw.edu.pl/~wzab  <--> EraseMEwzabspamise.pw.edu.pl

http://www.debian.org  Linux - free OS for free people!

--
http://www.piclist.com hint: To leave the PICList
RemoveMEpiclist-unsubscribe-requestEraseMEspamEraseMEmitvma.mit.edu


2001\08\14@181038 by Jinx

face picon face
> regarding the attachment, it is an .xls.pif. I'd rather not ask
> the sender what it is- afraid of being on more mass mailing
> list. File has been deleted. Problem solved
>
> Thx,
>
> rf

Beware anything with 2 extensions. SirCam is rife around the
mail groups (what an absolute waste of bandwidth worms are)
and one of its characteristics is to change and add extensions.
If you have AV s/w it should detect a virus when you save the file

--
http://www.piclist.com hint: To leave the PICList
RemoveMEpiclist-unsubscribe-requestspam_OUTspamKILLspammitvma.mit.edu


More... (looser matching)
- Last day of these posts
- In 2001 , 2002 only
- Today
- New search...