*
*
Home
Help
Login
Register
Welcome, Guest. Please login or register.
December 01, 2021, 10:40:42 AM

Login with username, password and session length
Forum changes: Editing of posts has been turned off until further notice.
Search:     Advanced search
275647 Posts in 27717 Topics by 4285 Members Latest Member: - Jason DAngelo Most online today: 88 - most online ever: 565 (October 17, 2020, 02:08:06 PM)
Pages: [1]
Print
Author Topic: Virus Alert!!  (Read 4183 times)
Jack Spencer Jr
Guest
« on: July 25, 2001, 11:22:00 PM »

I don't know if this is the right forum for this, but, eh, close enough.

If you've recently received an email from me pblock
eeville@dreamscape.com
asking for help with the attached file

DO NOT OPEN THE ATTACHMENT!

It contains the SirCam worm, an especially nasty little bugger that uses email.

As I write this, I'm using the removal tool from symantec.com.  Hopefully that'll do it.

If you received and already opened said email.  My appologies.  Get rid of it now before it gets out of hand.

If you've received said email but have not opened the attachment or the email.  Check your system anyway.  Better safe than sorry.

On a more general note, any email with the a message asking for help with an attached file is suspect and should be deleted immediately.

mighty pissed off right now.
Jack
Logged
Clinton R. Nixon
Member

Posts: 2624


WWW
« Reply #1 on: July 26, 2001, 06:17:00 AM »

I got a copy of the SirCam worm last night labeled--seriously--risus15.zip.pif. Luckily, I'm using Eudora Pro, but still--it was named after an RPG. These viruses are getting crazy.
Logged

Clinton R. Nixon
CRN Games
Jack Spencer Jr
Guest
« Reply #2 on: July 26, 2001, 08:56:00 AM »

Yeah, that seems to be how this virus works.

What it does from what I've seen is it camps out in your recycling bin in a way that you can't see it, and therefore can't delete it.  It then creates trojans of itself by using the name of files on your hard drive.  This is how I found out about it.  Wherever it gets the email addresses, either randomly or by scanning your system, several of the ones it used were non-deliverable so I had 42 undeliverable messages returned.  They all had attachments with odd names like wb15.doc.pif (the 15th episode of The Wanna Be) or kroz.exe.com (Kingdom of Kroz)

So beware of attachments with two tags.
Logged
Epoch
Member

Posts: 201


WWW
« Reply #3 on: July 26, 2001, 12:53:00 PM »

Heh.  It's worse than that.

It actually copies those files from your system into the email, and adds its own code to them.  So, if you view the attached files through something safe, like Notepad or a hex editor (do not attempt to auto-execute them by double-clicking on them!), you can see someone else's files.

If you've got confidential information on you machine, this is cause for worry.

Also be aware that there's a 5% chance that it will recursively delete your C drive on October 16th, if you still have the virus at that late date.
Logged
Ron Edwards
Global Moderator
Member
*
Posts: 16490


WWW
« Reply #4 on: July 26, 2001, 01:15:00 PM »

Quick inquiry from a not-especially-savvy computer person:

I did receive the message in question (as mentioned in the Sorcerer forum) but did NOT open the attachment or view it in any way. I deleted its hairy ass most thoroughly.

So ... does that mean I'm still clean, doc?

Best,
Ron
Logged
greyorm
Member

Posts: 2233

My name is Raven.


WWW
« Reply #5 on: July 26, 2001, 01:52:00 PM »

Quote

I did receive the message in question (as mentioned in the Sorcerer forum) but did NOT open the attachment or view it in any way. I deleted its hairy ass most thoroughly.

So ... does that mean I'm still clean, doc?

You SHOULD be...there's no reason that you should have been infected if you didn't open/run the file.  But better safe than sorry.  You can go to Symantec and download and run the fix anyways, just to make sure: http://www.symantec.com/avcenter/venc/data/w32.sircam.worm@mm.removal.tool.html

If you're clean, and you should be, it won't do anything untoward to your files; it scans for the virus and lets you know if it finds it, cleans it out if it does.
Logged

Rev. Ravenscrye Grey Daegmorgan
Wild Hunt Studio
Epoch
Member

Posts: 201


WWW
« Reply #6 on: July 26, 2001, 02:34:00 PM »

You may or may not be.

Some mailers have the highly unfortunate tendancy to open attachments without prompting you.  While this behaviour can be turned off, they are sometimes shipped with it on as default.  (The Outlook family did this for a while, I think, though I'm not sure).

I agree with Greyorm (as advice to anyone who's at all unsure as to whether they've got the virus) -- follow his link, get the tool and scan your system.  It won't take all that long, and it might save your C drive.

By the way, the virus is network aware.  It can and does propagate across shared drives.  So even if you practice excellent email hygiene, if you're on a LAN with people who don't, you might need to beware.
Logged
Pages: [1]
Print
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.11 | SMF © 2006-2009, Simple Machines LLC
Oxygen design by Bloc
Valid XHTML 1.0! Valid CSS!