Espritmodel.com Telemetry Radio
Reply
Thread Tools
Old Jul 25, 2001, 04:23 PM
characters welcome!
Mark Wood's Avatar
United States, CA, Bear Valley Springs
Joined Feb 2000
26,279 Posts
Whacked by a virus! Please read!!

Gang, this is the text and link from an email that I sent out from a clean system today.

This is NOT a drill...
=============================================
Friends:

If you have gotten a strange email from my system with an attached file of >100k, don't open the file and engage it with a virus program. This is apparently a worm virus that infected my system (first one, dang it!). The webpage devoted to it's description and the tool for it is in the following link: http://www.sarc.com/avcenter/venc/da...m.worm@mm.html

Below is a clip from the webpage describing the virus:
=============================================
"This worm arrives as an email message with the following content:

Subject: The subject of the email will be random, and will be the same as the file name of the email attachment.
Attachment: The attachment is a file taken from the sender's computer and will have the extension .bat, .com, .lnk or .pif added to it.
Message: The message body will be semi-random, but will always contain one of the following two lines (either English or Spanish) as the first and last sentences of the message.

Spanish Version:
First line: Hola como estas ?
Last line: Nos vemos pronto, gracias.

English Version:
First line: Hi! How are you?
Last line: See you later. Thanks

Between these two sentences, some of the following text may appear:

Spanish Version:
Te mando este archivo para que me des tu punto de vista
Espero me puedas ayudar con el archivo que te mando
Espero te guste este archivo que te mando
Este es el archivo con la informaci=n que me pediste

English Version:
I send you this file in order to have your advice
I hope you can help me with this file that I send
I hope you like the file that I sendo you
This is the file with the information that you ask for"
================================================== ======================

I am truly sorry that this has happened and I'm in the process of rectifying the problem.
I strongly suggest that you run a virus detection program to make certain of the integrity of your systems. I also strongly suggest that you go to the supplied link, learn about this virus and if necessary download the removal tool for this virus. It is located just past the middle of the page.

Again, I apologize for any inconvenience this may have caused. I guess it's time to upgrade my virus programs, huh?

Regards,

Mark
Mark Wood is offline Find More Posts by Mark Wood
Reply With Quote
Old Jul 25, 2001, 04:44 PM
Rotorhead
Luxor's Avatar
Oly, Wa, USA
Joined Jun 2001
331 Posts
Mark, got them, didn't open them, flushed them right away. I got these yesterday and didn't know who they were from. I wrote a reply to the sender and got no response, The e-mail it was sent from didn't exist. Thank god I didn't open them. Thx, Eric S.

ps. Mine read: Look at these(IE. dreamstick, platimum). I need your advise. From MAXIMUS@PRODIGY. Hope this help someone else. Damn cyberterrorists anyway.
Luxor is offline Find More Posts by Luxor
Reply With Quote
Old Jul 25, 2001, 05:06 PM
RIP Ric
Andy W's Avatar
Marietta, GA
Joined Jun 1999
43,312 Posts
Guys, use AV, and set it up to update your defs. on a regular basis..
Also use a personal firewall, even if you're on dialup. zonelabs.com is about the most user friendly, although you can buy products from Symantec (the Norton folks). You can get a 'suite' of personal protection stuff from Symantec known as the Norton Internet Security. Does AV, firewall, privacy protection and content filtering. Go here for info: http://www.symantec.com/homecomputing/ and buy online or TODAY @ compusa, best buy, media play, etc.
..a
Andy W is offline Find More Posts by Andy W
Reply With Quote
Old Jul 25, 2001, 06:25 PM
Registered User
Madison Ms. USA
Joined Jan 2000
614 Posts
Mark,
I got the message from you this AM, but I was skeptical since it didn't seem to have anything to do with electric planes, or making beer. I deleted it without opening, thank goodness.

Andy,
For us (at least me) computer dummies, does that mean if I had the software you mentioned installed that my computer would have been protected if I had opened the file from Mark?
Thanks,

Sligh
Sligh is offline Find More Posts by Sligh
Reply With Quote
Old Jul 25, 2001, 08:26 PM
too old to 3d
Scott C's Avatar
United States, GA, Peachtree City
Joined Aug 2000
1,135 Posts
I got one the other day about exam results.

Scott
Scott C is offline Find More Posts by Scott C
Reply With Quote
Old Jul 25, 2001, 08:41 PM
characters welcome!
Mark Wood's Avatar
United States, CA, Bear Valley Springs
Joined Feb 2000
26,279 Posts
Luxor/Sligh:

WEIRD. To my knowledge I've never sent either one of you email.
I downloaded and ran the provided tool which expunged 20 files just a few minutes ago.
Headed to Office depot for Norton as we speak.
This sucks...

mw
Mark Wood is offline Find More Posts by Mark Wood
Reply With Quote
Old Jul 25, 2001, 09:14 PM
Rotorhead
Luxor's Avatar
Oly, Wa, USA
Joined Jun 2001
331 Posts
Mark, I believe mine came from someone on the Ikarus board. Quit a few of us there have been hit with this thing. Very strange. Eric S.
Luxor is offline Find More Posts by Luxor
Reply With Quote
Old Jul 25, 2001, 09:16 PM
too old to 3d
Scott C's Avatar
United States, GA, Peachtree City
Joined Aug 2000
1,135 Posts
Thanks,
I ran the fix program and it said that it removed the virus. My computer seems ok. What damage did it do to yours?

Scott
Scott C is offline Find More Posts by Scott C
Reply With Quote
Old Jul 25, 2001, 10:33 PM
characters welcome!
Mark Wood's Avatar
United States, CA, Bear Valley Springs
Joined Feb 2000
26,279 Posts
All:

I'm not sure of the extent of the damage yet besides the deletion of 20 files that were corrupted when I ran the virus program that was bundled with the system when I bought it. Talk about learning a valuable lesson.

mw
Mark Wood is offline Find More Posts by Mark Wood
Reply With Quote
Old Jul 25, 2001, 11:45 PM
Speed Demon
GregG's Avatar
Antioch,CA,USA
Joined Dec 1999
12,303 Posts
I got this email yesterday. It came from "Education Department". I had never heard of this so I checked it out by looking at the source code of the email. It said one part was text, and the other part a ".pif" file. I purposely didn't open it because of the .pif. Thanks for the warning Mark, Thanks for the advice on the firewall software Andy.
GregG is offline Find More Posts by GregG
Reply With Quote
Old Jul 26, 2001, 07:50 AM
No retreat no surrender
newguy's Avatar
USA, WI, Milwaukee
Joined Apr 1999
653 Posts
Hi guys, I got sent this one too. I didn't open it, but deleted it from the Eudora e-mail program I am using. Does that mean I will be OK? Jim

newguy is offline Find More Posts by newguy
Reply With Quote
Old Jul 26, 2001, 08:29 AM
Sometimes it works!
GYROGEARLOOSE's Avatar
Caldera, Costa Rica
Joined May 2000
897 Posts
Quote:
Originally posted by Mark Wood [groundloop]:
Luxor/Sligh:

WEIRD. To my knowledge I've never sent either one of you email.
I downloaded and ran the provided tool which expunged 20 files just a few minutes ago.
Headed to Office depot for Norton as we speak.
This sucks...

mw
I got hit with one this morning that started sending itself to everyone in my address book! I think I got it stopped! -gyro-
GYROGEARLOOSE is offline Find More Posts by GYROGEARLOOSE
Reply With Quote
Old Jul 26, 2001, 09:52 AM
Restful User
Jacques Flambeau's Avatar
Backwoods Alabama
Joined May 2000
3,861 Posts
This virus has been spreading like wildfire.
Read about it at:
http://enterprisesecurity.symantec.c...09&PID=7322320

SOP is to never, ever open email attachments, and in your eMail program, turn off javascript and vbs.

--Bill

Jacques Flambeau is offline Find More Posts by Jacques Flambeau
Reply With Quote
Old Jul 26, 2001, 01:28 PM
Cat With Wings
SassyCat's Avatar
Texas
Joined Mar 2001
316 Posts
I got it, but it didn't effect my computer or e-mail at all. I asked everyone on my e-mail address if it'd been sent to them and they said no, so I must have some kind of protection, or, I don't know. I ran the anti virus program on both computers and it didn't detect anything. ~shrugs~

Sass
SassyCat is offline Find More Posts by SassyCat
Reply With Quote
Old Jul 26, 2001, 01:49 PM
Registered User
Royal Oak, MI USA
Joined May 2000
554 Posts
Hey Loop...I got it. And thanks for the file...glad you downloaded Andy's friend holding the airplane. Remember that one? I had discarded it!
Hank Villerot is offline Find More Posts by Hank Villerot
Reply With Quote
Reply


Thread Tools

Similar Threads
Category Thread Thread Starter Forum Replies Last Post
Booted outta our field!! Please read slowflyer Electric Plane Talk 23 Dec 13, 2007 03:26 PM
Severe Virus Alert - Please Read Andy W Life, The Universe, and Politics 5 Feb 19, 2004 09:51 AM
If you were cheated by Shawn @ eflightpower....please read this rcdude Vendor Talk 32 Feb 27, 2002 09:49 PM
PLEASE READ johnpmartins Aircraft - Electric - Airplanes (FS/W) 8 Feb 21, 2002 04:32 PM
Zagi Pitch problems, Zagi guys please read!! slowflyer Foamies (Kits) 4 Jul 10, 2001 09:14 AM