Searching \ for '[OT]:Virus anyone ?' in subject line. ()
Make payments with PayPal - it's fast, free and secure! Help us get a faster server
FAQ page: www.piclist.com/techref/index.htm?key=virus+anyone
Search entire site for: 'Virus anyone ?'.

Exact match. Not showing close matches.
PICList Thread
'[OT]:Virus anyone ?'
2001\11\09@182621 by Jinx

face picon face
Has anyone else received a virus attachment called "sample.exe"
today ? Andrew Hooper and I both did, and the only thing we have
in common is the PIClist. Maybe some s***head mined addresses.
Just be on the lookout. Mine was caught by Inoculate but Andrew's
auto-ran, slipping past his AV s/w. Andrew can tell you more about
the virus contents and make-up

--
http://www.piclist.com hint: The list server can filter out subtopics
(like ads or off topics) for you. See http://www.piclist.com/#topics


2001\11\09@190957 by Andrew Hooper

flavicon
face
Yes, Looks like this virus/email had multiple payloads

The attachment in the file was called sample.exe and was imbeded into
the email and disguised as a sound file, this autoran and infected OE
(outlook express) when the message was previewed.

W32.Nimda.E@mm (dr) virus

Im not sure but the same infection looks like it unloaded a copy of

W32.Sircam.Worm@mm virus.

Also, I say im not sure because im not keeen on reinfecting myself
just to test it but i also found Sircam, it did not appear active but
was there all the same, maybe waiting for a reboot.

Regards
Andrew

{Original Message removed}

2001\11\09@210305 by Bob Ammerman

picon face
I got it and deleted it. My AV software (Norton) didn't squawk, but I
deleted it without opening the attachments.

Bob Ammerman
RAm Systems

{Original Message removed}

2001\11\10@062547 by Russell McMahon

picon face
C'mon guys - we can all get caught out occasionally (and I probably will be
as soon as I post this) but

- NOTHING from incoming email should EVER be allowed to autorun on a Windoze
system.

- NO exe file (or bat, com, vbs, pif, scr and more) should EVER be manually
run without checking it's contents first.
(A virus checker may not save you here.)

- Viewing of all file extensions must be turned on.

I received this too and my virus checker DIDN'T catch it but it was pretty
obviously a virus.
I save such things to disk for inspection at leisure.
Unless you are 101% sure look inside the file for "clues" and if still
unsure ask the sender if it was sent on purpose.
In this case the subject line was rubbish and the vast majority of the
contents was "AAAAAAAAAAAAAA ..." on inspection (Alt-Enter on IE5.x, right
arrow, Alt-M, maximise)

Let's not let the really stupid ones catch us out!!




       RM


> Has anyone else received a virus attachment called "sample.exe"
> today ? Andrew Hooper and I both did, and the only thing we have
> in common is the PIClist. Maybe some s***head mined addresses.
> Just be on the lookout. Mine was caught by Inoculate but Andrew's
> auto-ran, slipping past his AV s/w. Andrew can tell you more about
> the virus contents and make-up

--
http://www.piclist.com hint: The PICList is archived three different
ways.  See http://www.piclist.com/#archives for details.


2001\11\10@192424 by Andrew Hooper

flavicon
face
Russell,

Yea i agree but the scary thing is that i have VB script turned off, view
extensions and i dont allow anything to auto run other than the preview
of the text but for some reason it still managed to infect me.

Andrew
{Original Message removed}

2001\11\11@033942 by Peter May

flavicon
face
I haven't read the start of this thread but I do remember in the last week
or so seeing a report from one of my list (a warning from one of the anti
virus things I subscribe to) that there is a very smart virus floating
around at the moment that only needs to be previewed to get going. I don't
need an arguement on this at it may be incorrect. If you are interested I
will try and find it but I believe it to be legit.....

{Original Message removed}

2001\11\11@171726 by Bob Ammerman

picon face
----- Original Message -----
From: "Andrew Hooper" <spam_OUTandrewTakeThisOuTspamBEST.NET.NZ>
To: <.....PICLISTKILLspamspam@spam@MITVMA.MIT.EDU>
Sent: Saturday, November 10, 2001 12:21 PM
Subject: Re: [OT]:Virus anyone ?


> Russell,
>
> Yea i agree but the scary thing is that i have VB script turned off, view
> extensions and i dont allow anything to auto run other than the preview
> of the text but for some reason it still managed to infect me.
>
> Andrew

Hm....

That is exactly my situation, and I _didn't_ get infected!

Bob Ammerman
RAm Systems


----- Original Message -----
{Quote hidden}

pretty
> > obviously a virus.
> > I save such things to disk for inspection at leisure.
> > Unless you are 101% sure look inside the file for "clues" and if still
> > unsure ask the sender if it was sent on purpose.
> > In this case the subject line was rubbish and the vast majority of the
> > contents was "AAAAAAAAAAAAAA ..." on inspection (Alt-Enter on IE5.x,
right
{Quote hidden}

--
http://www.piclist.com#nomail Going offline? Don't AutoReply us!
email EraseMElistservspam_OUTspamTakeThisOuTmitvma.mit.edu with SET PICList DIGEST in the body


2001\11\12@144045 by Brent Brown

picon face
I got the same email. As stated Norton AV may not have caught it,
but there have been a couple of live updates in the last few days. I
ran the file "sample.exe" past it this morning and it catches it now.

I use Pegasus mail which is much safer than MS anything by virtue
of not being anything MS. Norton doesn't integrate directly with
Pegasus for scanning incoming email but does spring up if I try to
save an attachment to disk or run it/view it.

One thing to watch out for with Norton (as discovered by a friend) is
when your 12 months of free live updates expire it doesn't inform
you and you can become vulnerable to newer viruses. Apart from
that it seems to do a pretty good job.

Brent Brown
Electronic Design Solutions
16 English Street
Hamilton, New Zealand
Ph/fax: +64 7 849 0069
Mobile/text: 025 334 069
eMail:  brent.brownspamspam_OUTclear.net.nz

--
http://www.piclist.com hint: To leave the PICList
@spam@piclist-unsubscribe-requestKILLspamspammitvma.mit.edu


2001\11\12@150111 by Gerhard Fiedler

flavicon
face
At 08:37 11/13/2001 +1300, Brent Brown wrote:
>I use Pegasus mail which is much safer than MS anything by virtue
>of not being anything MS. Norton doesn't integrate directly with
>Pegasus for scanning incoming email but does spring up if I try to
>save an attachment to disk or run it/view it.

Depending on the version you have, NAV has an option to manually configure
any POP3 email program to have incoming mail scanned. This gives you the
same integration as the one that's built-in.

>One thing to watch out for with Norton (as discovered by a friend) is
>when your 12 months of free live updates expire it doesn't inform
>you and you can become vulnerable to newer viruses.

So far it always has prompted me to pay :)

ge

--
http://www.piclist.com hint: To leave the PICList
KILLspampiclist-unsubscribe-requestKILLspamspammitvma.mit.edu


More... (looser matching)
- Last day of these posts
- In 2001 , 2002 only
- Today
- New search...