1. Welcome to PlowSite. Notice a fresh look and new features? It’s now easier to share photos and videos, find popular topics fast, and enjoy expanded user profiles. If you have any questions, click HELP at the top or bottom of any page, or send an email to help@plowsite.com. We welcome your feedback.

    Dismiss Notice

Virus Alert

Discussion in 'Commercial Snow Removal' started by Chuck Smith, Jul 23, 2001.

  1. Chuck Smith

    Chuck Smith 2000 Club Member
    from NJ
    Messages: 2,317

    I know this is off topic, but.....

    This is a nasty virus folks. DO NOT DOWNLOAD FILES FROM STRANGERS.

    Do not download files from friends if they fit the description below. The info below is taken from the Norton Anti-Virus Research Center.


    Virus Name - W32.Sircam.Worm@mm
    Discovered on: July 17, 2001
    Last Updated on: July 23, 2001 at 09:51:57 AM PDT


    Read about it here:

    http://www.symantec.com/avcenter/venc/data/w32.sircam.worm@mm.html


    SARC (Symantec Anti-Virus Reasearch Center) has upgraded the threat level of W32.Sircam.Worm@mm from 3 to 4, due to its increased rate of submissions. Over 1,000 computers have been infected.

    Technical Info

    Subject: The subject of the email will be random, and could be the same as the file name of the attachment in the email.
    Attachment: The attachment will be a file taken from the sender's computer and will have the extension .bat, .com, .lnk or .pif added to it.

    Message: The message body will be semi-random, but will always contain one of the following two lines (either English or Spanish) as the first and last sentences of the message.

    English Version:
    First line: Hi! How are you?
    Last line: See you later. Thanks

    Between these two sentences, some of the following text may appear:

    English Version:
    I send you this file in order to have your advice
    I hope you can help me with this file that I send
    I hope you like the file that I sendo you
    This is the file with the information that you ask for

    Name of attachment: A file from the sender's computer with the extension .bat, .com, .lnk, or .pif added to it.

    Removal instructions can be found here:

    http://www.sarc.com/avcenter/venc/data/w32.sircam.worm@mm.removal.tool.html


    <B>I have gotten this virus mailed to me 8 times since Friday July 18, 2001.</B>

    PROTECT YOURSELVES!


    ~Chuck
     
  2. snow

    snow PlowSite.com Veteran
    Messages: 1,002

    I got one from a friend called SOFUNNY.exe . once u download it, it steals ur password and emails it do an address. my friend was talking to me and a few people, and it sent it to me and them. it screwed up the computer and the virus finder finally found it.


    watch out,

    bryan

    p.s- i also got sent that by someone
     
  3. Chuck Smith

    Chuck Smith 2000 Club Member
    from NJ
    Messages: 2,317

    Here's an actual e mail I got with the virus attached. I was smart enough not to download it.


    Subj: rep change letter
    Date: 7/23/01 2:26:21 PM Eastern Daylight Time
    From: mzarkari@mywsi.com (Massoud Zarkari)
    To: csmith669@aol.com

    File: repchangeletter.doc.lnk (147968 bytes)
    DL Time (48000 bps): < 1 minute

    Hi! How are you?

    I send you this file in order to have your advice

    See you later. Thanks


    ----------------------- Headers --------------------------------



    ~Chuck
     
  4. SlimJim Z71

    SlimJim Z71 PlowSite.com Addict
    Messages: 1,031

    Thanks for the "heads-up" Chuck! I got an e-mail from Ameritech today about that same virus. I could see how something like that could spread pretty quickly. They also included a link to a bulletin on it: http://www.cert.org/advisories/CA-2001-22.html

    Tim
     
  5. Chuck Smith

    Chuck Smith 2000 Club Member
    from NJ
    Messages: 2,317

    Since my first post on this thread, I have gotten this virus mailed to me <b>21 times!</B> I spoke to EricELM, and he has gotten it mailed to him twice.

    ~Chuck
     
  6. 75

    75 PlowSite.com Addict
    Messages: 1,382

    Until today, hadn't received any of these E-mails. So far today, 3 times & counting :mad:

    Thank you for the "heads-up" Chuck - other than coming from "Curtis@optonline.net" the message I got was the same as the one you posted.

    Straight to the "trash can" with that one..................

    Better amend that count - 4 times now. :mad: (It's titled "Goldfarb JAN01 Invoice".)

    I guess if creating & sending out that sort of thing is what makes someone happy................................. I could think of a lot better things to do! :rolleyes:
     
    Last edited: Jul 31, 2001
  7. Chuck Smith

    Chuck Smith 2000 Club Member
    from NJ
    Messages: 2,317

    Was this the one you got Rob????



    Subj: Furn and Equipment- 2000
    Date: 7/31/01 8:20:28 PM Eastern Daylight Time
    From: Curtis@optonline.net (Curtis)
    To: csmith669@aol.com

    File: FurnandEquipment-2000.xls.pif (156160 bytes)
    DL Time (49333 kbps): < 1 minute

    Hi! How are you?

    I send you this file in order to have your advice

    See you later. Thanks


    ----------------------- Headers --------------------------------


    I just got this one tonight, along with 4 more. I'm up to about 33 times now.

    ~Chuck
     
  8. JCurtis

    JCurtis Banned
    Messages: 862

    :(

    I wasn't aware of the sircam virus when I opened an email from comet landscaping.

    I am sorry about the inconvenience, I really am !!!!
    I will attempt to disinfect my computer tonight. either that or i will run it over with my truck !!!!


    Again I am sorry for the inconvenience. Please disregard all email from JCurtis1@optonline.net or Curtis@optonline.net until further notice!!!


    Jeff
     
  9. SlimJim Z71

    SlimJim Z71 PlowSite.com Addict
    Messages: 1,031

    Jeff,

    Don't lose any sleep over it. It's not your fault. That's how this thing spreads.

    -Tim
     
  10. BRL

    BRL PlowSite.com - Veteran
    Messages: 1,277

    I always knew that Jeff guy from CT was a troublemaker! ;)
     
  11. JCurtis

    JCurtis Banned
    Messages: 862

    Thanks Tim...

    BRL and I thought you were such a nice guy LOL!!!!:D



    The really fun part is gonna be disinfecting my Home computer, razzin fraggin@*%^#!??/x~`^*7% damn piece of electronic junk!!!!
     
    Last edited: Aug 1, 2001
  12. SlimJim Z71

    SlimJim Z71 PlowSite.com Addict
    Messages: 1,031

    LOL...

    Just a thought here... I don't know how fast your internet connection is, but if you click on this link ---> http://www.zdnet.com/downloads/stories/info/0,10615,67212,00.html it will take you to a spot on ZD-NET where you can download Norton Antivirus. It takes a little while, but its free and it works pretty well... it'll scan you e-mails as you receive them so you won't get it again.

    Hope this helps.

    -Tim
     
  13. JCurtis

    JCurtis Banned
    Messages: 862

    I have Norton anti Virus already on my PC.

    I downloaded the info Chuck posted from Sarca and will try that if Norton anti virus can't clear out sircam
     
  14. Chuck Smith

    Chuck Smith 2000 Club Member
    from NJ
    Messages: 2,317

    Jeff, I feel bad I didn't reply to that infected e mail from "you". I just assumed it was another person. I didn't realize you had those 2 e mail addresses! :-(

    Also, make sure you use the live update on Norton Anti-Virus every Thursday, or Friday. They release an update every Thursday.

    Hopefully that fix at SARC will remove the virus.

    (Did anyone tell Thom (comet) he has the virus??)

    ~Chuck
     
  15. JCurtis

    JCurtis Banned
    Messages: 862

    OK, My Computer is DISINFECTED!!!

    Thanks Chuck !!!

    I ran the fix from www.sarc.com/avcenter/FixSirc.com and it worked.

    It only took a few minutes. But I got the message that the program successfully removed the virus. it checked almost 22,000 files and found only 1 file and 1 key registry infected.


    Thank God !!!! Chuck Smith and Symantec.
    ( Not necessarily in this order)

    :D


    Jeff
     
  16. JCurtis

    JCurtis Banned
    Messages: 862

    No Chuck,

    I haven't told Comet Landscaping (Thom) to be perfectly honest, I deleted his email this am when I realized what happened.

    The SarC program worked. Thanks for the heads up on the Norton Live updates. How do I access them?

    Please let Thom know about the problem!

    Jeff
     
  17. SlimJim Z71

    SlimJim Z71 PlowSite.com Addict
    Messages: 1,031

    When you start Norton, in the upper left corner, you'll see the icon for the LiveUpdate section. Make sure you're connected to the net, and let it do the rest.

    Tim
     
  18. 75

    75 PlowSite.com Addict
    Messages: 1,382

    Chuck - upon arriving home from work this evening found 6 more "viral" messages, one of which was the "FurnandEquipment" one you mentioned.

    The others were: "Proposal for 200 pinewood rd", "205 pinewood", "Wright Tech Sponsor ltr", "=?ISO-8859-1?Q?=20Supplies=20=28760?=" and "joe's table of contents"

    :mad: :mad: :mad: (Not at you JCurtis - as Tim said, that's how these things spread. I didn't realize that was your address either until reading today's posts.)

    Then again, I DO recall you saying something at another forum about "Pull the blinds, lock the doors and maybe he'll think we're not home............" ;)
     
    Last edited: Aug 1, 2001
  19. JCurtis

    JCurtis Banned
    Messages: 862

    Just delete them Rob

    Sorry Rob,

    I assure you that it was accidental. Please delete those emails.

    I ran a sircam removal program and successfully removed the virus from my pc.

    Again I apologize for the inconvenience.

    Jeff
     
  20. Chuck Smith

    Chuck Smith 2000 Club Member
    from NJ
    Messages: 2,317

    Jeff,

    You can also start Norton Live Update right off your Start Menu. Just go to Start>Programs>Norton Anti Virus> and you'll see Live Update in the list on the start menu, right above where you would start Norton Anti Virus.


    This virus sucks.... it has it's own SMPT Engine built in, so it extracts e mail addresses from address books on the host computer. If the computer is set up on a network, and there are no passwords for the various computers on the network, it will infect every computer on the network, and start spreading itself via e mail. It picks random files from infected computers, attaches itself to them, and mails them out. SO it also might be mailing out "sensitive" information.

    Just an FYI here. When you get a file with 2 extensions... avoid it. For example .jpg.pif, or .zip.exe, or .gif.bat, etc....... Keep your Norton updated, and keep "Auto Protect" enabled.

    ~Chuck