Jahnava Nitai Das Posted July 23, 2001 Report Share Posted July 23, 2001 I noticed in the last two days there have been many,many different people sending me an email with an attached file. The email always reads the exact same, something like: "Hi, I am sending this for you to check." Or something like that. I notice the emails are all people who have written to me sometime or another. And I have received these types of virus in several accounts. The attachement file name is always different, usually a .pif file or something. I am just posting this here in case any of you are also getting these emails. It only started two days back, so I assume it is a new virus, and quite active and fast at propagating (judging from the various people who have sent it to me). Quote Link to comment Share on other sites More sharing options...
Maitreya Posted July 23, 2001 Report Share Posted July 23, 2001 Hey Jndas, I remember reading within the last two or three weeks something about a virus being sent to devotee's web sites. Someone had their files erased or something. YS MC Quote Link to comment Share on other sites More sharing options...
livingentity Posted July 23, 2001 Report Share Posted July 23, 2001 Yes, that is a new virus and it is called the sircam or something like that. If you open it will attach itself to many different files in your computer and fill up your drives until your computer crashes. I have mcafee and they sent me an alert on that one yesterday. Quote Link to comment Share on other sites More sharing options...
Puru Das Adhikari Posted July 24, 2001 Report Share Posted July 24, 2001 bject: Virus Alert W32/SirCam@MM (Sir Cam Virus) Thu, 19 Jul 2001 20:41:58 -0700 "McAfee.com Dispatch" <dispatch@mcafee.com> "purudas@compuserve.com" <purudas@compuserve.com> (((((((((((((((((( McAfee.com Dispatch ))))))))))))))))))))) --------------------------- **VIRUS ALERT - W32/SirCam@MM (Sir Cam Virus)** --------------------------- [This message is brought to you as a r to the McAfee.com Dispatch. To , please follow the instructions at the bottom of the page.] McAfee.com has seen a large and growing number of consumer computers infected with W32/SirCam@MM. This is a HIGH RISK VIRUS FOR CONSUMERS. The infected email can come from addresses that you recognize. Attached is a file with two different extensions. The file name itself varies. The email message can appear as follows: [filename (random)] Body: [content varies] Hi! How are you? I send you this file in order to have your advice or I hope you can help me with this file that I send or I hope you like the file that I sendo you or This is the file with the information that you ask for See you later. Thanks --- the same message may be received in Spanish --- Hola como estas ? Te mando este archivo para que me des tu punto de vista or Espero me puedas ayudar con el archivo que te mando or Espero te guste este archivo que te mando or Este es el archivo con la información que me pediste Nos vemos pronto, gracias. The virus searches for .GIF, .JPG, .JPEG, .MPEG, .MOV, .MPG, .PDF, .PNG, .PS, and .ZIP files in the MY DOCUMENTS folder and attempts to send copies of these documents to email recipients found in the Windows Address Book and addresses found in cached files. For detection and removal instructions for the Sir Cam Virus, -> http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=2371 McAfee.com VirusScan Online and Clinic rs: If you don't have ActiveShield installed and updated, you are not protected from this virus. Click here to download ActiveShield. -> http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=2372 Retail VirusScan Users: Version 4.0.70 and above with DAT file 4148 will detect and remove this virus. To download the latest DAT files, -> http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=2253 __________ If you would like to receive the McAfee.com Dispatch in a graphical (HTML) format in the future, please -> http://dispatch.mcafee.com/default2.asp?id=640762 ________________________Virus Fixes_________________________ Find out more about this virus. Click here to go to the W32/SirCam@mm Help Center. -> http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=2371 Become a McAfee.com r and check your system online. -> http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=2377 Buy the latest VirusScan in the McAfee Store! -> http://mcafeestore.beyond.com/AF77887-VS_700/Product/0,1057,3-18-SN101924,00.html Is your VirusScan current? Purchase the VS Maintenance Plan for $22.45 (USD) and upgrade to the most current version. -> http://mcafeestore.beyond.com/AF77887-SMP_400/Product/0,1057,3-18-SN102899,00.html Download the latest DAT files, -> http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=2253 _____________________Anti-Virus Tips!_______________________ Find out how to detect and prevent viruses with these handy tips. -> http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=1589 ______________________Special Offers_________________________ SAVE UP TO 33% on security for your computer AND get 20 hot songs from MP3.com. -> http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=2366 Get a 2-year subscription of VirusScan Online now only $39.90 (USD)! SAVE $10! -> http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=2367 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ [ You are currently d as: purudas@compuserve.com ] McAfee.com Support: To contact us about this dispatch, -> http://www.mcafee.com/support/cust_serv/default.asp Subscribe: If you received this message from a friend and would like to to McAfee.com Dispatch, -> http://dispatch.mcafee.com/sub.asp?s=22 Un: If you do not wish to receive email, -> http://dispatch.mcafee.com/unsub.asp Note: Promotions are subject to change without notice. Click here to view our permission policy. -> http://dispatch.mcafee.com/permission_policy.asp Trademarks 2001 McAfee.com Corporation / . Quote Link to comment Share on other sites More sharing options...
JRdd Posted July 24, 2001 Report Share Posted July 24, 2001 Something went wrong with my computer Saturday, and now I am limited to whatever half hours I can grab at the library. I never open attached files unless they are from someone I know and are expected, and I always scan first. So i dont know what happened. Except I got less association now. JR Quote Link to comment Share on other sites More sharing options...
mahak Posted July 24, 2001 Report Share Posted July 24, 2001 With all the spammin goin on, unsolicited aparadha and apisiddhanta propaganda, it is important to know who you are opening letters from. We are not talking about erasing a few e-mails, I had a worm virus eat up an entire bank of computers that were hooked together (but it served the greedy Kinko's right for charging $12.00 per hour, so I had no compassion for them at all). This virus was set in something that read "remove me", so it may have been a devotee's angst at the unsolicited stuff. Haribol, ys, mahaksadasa Hey, haribol, Puru, hope you are well. Quote Link to comment Share on other sites More sharing options...
Gauracandra Posted July 24, 2001 Report Share Posted July 24, 2001 Not to change the subject, but I also wanted to use this opportunity to let people know of a problem that has occured to two people I know (one of them twice, so three times in total). In one instance a child of the person went to a Pokeman website, and the website decided to "update" their browser or something like this. They ended up creating two "ratings.pol" configuration files. These are the files that handle what websites a person can go to. The problem is, when this happens you are completely taken out of using the internet. A message keeps popping up saying some sort of error. The way to solve this is easy (it took me literally hours to search for a solution and none came, until someone at work said the same thing happened to them). Basically just do a search on your c: drive for ratings.pol. when you find two of them, delete one (the newest one) and you will be back to normal. I literally (well not LITERALLY literally) went nuts trying to fix the problem at first. It happened again yesterday to my neighbors and I fixed it with no problem. Just sending this out in case it happens to any of you guys. Gauracandra Quote Link to comment Share on other sites More sharing options...
Guest guest Posted July 28, 2001 Report Share Posted July 28, 2001 I just received the worm in my email. It is a really long file, about 300K. Deleted it upon arrival. No problemo. Here's some good advice about it: http://www.sarc.com/avcenter/venc/data/pf/w32.sircam.worm@mm.html Quote Link to comment Share on other sites More sharing options...
Jahnava Nitai Das Posted July 28, 2001 Author Report Share Posted July 28, 2001 I have received this virus about 100 times so far. I just delete it. The only problem is in having to download these huge file attachments that come with it! Quote Link to comment Share on other sites More sharing options...
Guest guest Posted July 28, 2001 Report Share Posted July 28, 2001 Originally posted by jndas: I have received this virus about 100 times so far. I just delete it. The only problem is in having to download these huge file attachments that come with it! Some email clients let you poll your SMTP server before downloading, so you can delete them on the server and not suffer thru waiting for the download. If you have broadband, it doesn't matter. Quote Link to comment Share on other sites More sharing options...
Guest guest Posted August 5, 2001 Report Share Posted August 5, 2001 <h3>This Information Pertains To Windows NT 4.0/Windows2000 Professional & Windows2000 Server users. If you are running Windows95/98/ME you are *not* affected by this virus.</h3> A new version of the Code Red Virus has hit the net. Temporarily labeled "Code Red II" this virus has different behavior than the original Code Red virus. After reading the reports on Incidents.org and examining the hex dumps that have been provided, here is the fastest way Windows2000 Professional, Windows2000 Adv. Server and Windows NT 4.0 users can determine if they have the virus: 1. In Explorer or a DOS prompt, go to your C:\InetPub\Scripts Directory. 2. Look for a file called CMD.EXE in the C:\InetPub\Scripts directory. 3. If the file CMD.EXE exists in C:\InetPub\Scripts, you have the new Code Red II virus. Delete the file CMD.EXE from your C:\InetPub\Scripts directory. DO NOT DELETE THE CMD.EXE FILE FROM ANY OTHER DIRECTORY!! If you do not have ZoneAlarm installed, click HERE to download it and install it. Set your INTERNET security on HIGH. Set your LOCAL security on LOW. Once you've done all the above, the best way to protect yourself is to STOP the IIS (Internet Information Service) on your computer. This is for Windows NT 4.0 and Windows2000/Windows2000 Server users only. Once you've stopped the service, click on Properties and set the service to Manual or Disable. Additionally, you'll want to stop and disable the Indexing Service as well. If you're running Windows2000/Windows2000 Adv. Server you can do the above by clicking My Computer, then Administrative Tools, then Component Services. Stop in order: IIS Admin Service FTP Publishing Service Indexing Service Be sure to change the properties of these services to MANUAL or DISABLED startup to ensure you're protected from Code Red. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You are posting as a guest. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.