Virus Alert

Chuck Smith

2000 Club Member
Location
NJ
I know this is off topic, but.....

This is a nasty virus folks. DO NOT DOWNLOAD FILES FROM STRANGERS.

Do not download files from friends if they fit the description below. The info below is taken from the Norton Anti-Virus Research Center.


Virus Name - W32.Sircam.Worm@mm
Discovered on: July 17, 2001
Last Updated on: July 23, 2001 at 09:51:57 AM PDT


Read about it here:

http://www.symantec.com/avcenter/venc/data/w32.sircam.worm@mm.html


SARC (Symantec Anti-Virus Reasearch Center) has upgraded the threat level of W32.Sircam.Worm@mm from 3 to 4, due to its increased rate of submissions. Over 1,000 computers have been infected.

Technical Info

Subject: The subject of the email will be random, and could be the same as the file name of the attachment in the email.
Attachment: The attachment will be a file taken from the sender's computer and will have the extension .bat, .com, .lnk or .pif added to it.

Message: The message body will be semi-random, but will always contain one of the following two lines (either English or Spanish) as the first and last sentences of the message.

English Version:
First line: Hi! How are you?
Last line: See you later. Thanks

Between these two sentences, some of the following text may appear:

English Version:
I send you this file in order to have your advice
I hope you can help me with this file that I send
I hope you like the file that I sendo you
This is the file with the information that you ask for

Name of attachment: A file from the sender's computer with the extension .bat, .com, .lnk, or .pif added to it.

Removal instructions can be found here:

http://www.sarc.com/avcenter/venc/data/w32.sircam.worm@mm.removal.tool.html


<B>I have gotten this virus mailed to me 8 times since Friday July 18, 2001.</B>

PROTECT YOURSELVES!


~Chuck
 

snow

PlowSite.com Veteran
Location
Connecticut
I got one from a friend called SOFUNNY.exe . once u download it, it steals ur password and emails it do an address. my friend was talking to me and a few people, and it sent it to me and them. it screwed up the computer and the virus finder finally found it.


watch out,

bryan

p.s- i also got sent that by someone
 
OP
Chuck Smith

Chuck Smith

2000 Club Member
Location
NJ
Here's an actual e mail I got with the virus attached. I was smart enough not to download it.


Subj: rep change letter
Date: 7/23/01 2:26:21 PM Eastern Daylight Time
From: mzarkari@mywsi.com (Massoud Zarkari)
To: csmith669@aol.com

File: repchangeletter.doc.lnk (147968 bytes)
DL Time (48000 bps): < 1 minute

Hi! How are you?

I send you this file in order to have your advice

See you later. Thanks


----------------------- Headers --------------------------------



~Chuck
 
OP
Chuck Smith

Chuck Smith

2000 Club Member
Location
NJ
Since my first post on this thread, I have gotten this virus mailed to me <b>21 times!</B> I spoke to EricELM, and he has gotten it mailed to him twice.

~Chuck
 

75

PlowSite.com Addict
Until today, hadn't received any of these E-mails. So far today, 3 times & counting :mad:

Thank you for the "heads-up" Chuck - other than coming from "Curtis@optonline.net" the message I got was the same as the one you posted.

Straight to the "trash can" with that one..................

Better amend that count - 4 times now. :mad: (It's titled "Goldfarb JAN01 Invoice".)

I guess if creating & sending out that sort of thing is what makes someone happy................................. I could think of a lot better things to do! :rolleyes:
 
Last edited:
OP
Chuck Smith

Chuck Smith

2000 Club Member
Location
NJ
Was this the one you got Rob????



Subj: Furn and Equipment- 2000
Date: 7/31/01 8:20:28 PM Eastern Daylight Time
From: Curtis@optonline.net (Curtis)
To: csmith669@aol.com

File: FurnandEquipment-2000.xls.pif (156160 bytes)
DL Time (49333 kbps): < 1 minute

Hi! How are you?

I send you this file in order to have your advice

See you later. Thanks


----------------------- Headers --------------------------------


I just got this one tonight, along with 4 more. I'm up to about 33 times now.

~Chuck
 

JCurtis

Banned
Location
Stamford, CT
:(

I wasn't aware of the sircam virus when I opened an email from comet landscaping.

I am sorry about the inconvenience, I really am !!!!
I will attempt to disinfect my computer tonight. either that or i will run it over with my truck !!!!


Again I am sorry for the inconvenience. Please disregard all email from JCurtis1@optonline.net or Curtis@optonline.net until further notice!!!


Jeff
 

JCurtis

Banned
Location
Stamford, CT
Thanks Tim...

BRL and I thought you were such a nice guy LOL!!!!:D



The really fun part is gonna be disinfecting my Home computer, razzin fraggin@*%^#!??/x~`^*7% damn piece of electronic junk!!!!
 
Last edited:

JCurtis

Banned
Location
Stamford, CT
I have Norton anti Virus already on my PC.

I downloaded the info Chuck posted from Sarca and will try that if Norton anti virus can't clear out sircam
 
OP
Chuck Smith

Chuck Smith

2000 Club Member
Location
NJ
Jeff, I feel bad I didn't reply to that infected e mail from "you". I just assumed it was another person. I didn't realize you had those 2 e mail addresses! :-(

Also, make sure you use the live update on Norton Anti-Virus every Thursday, or Friday. They release an update every Thursday.

Hopefully that fix at SARC will remove the virus.

(Did anyone tell Thom (comet) he has the virus??)

~Chuck
 

JCurtis

Banned
Location
Stamford, CT
OK, My Computer is DISINFECTED!!!

Thanks Chuck !!!

I ran the fix from www.sarc.com/avcenter/FixSirc.com and it worked.

It only took a few minutes. But I got the message that the program successfully removed the virus. it checked almost 22,000 files and found only 1 file and 1 key registry infected.


Thank God !!!! Chuck Smith and Symantec.
( Not necessarily in this order)

:D


Jeff
 

JCurtis

Banned
Location
Stamford, CT
No Chuck,

I haven't told Comet Landscaping (Thom) to be perfectly honest, I deleted his email this am when I realized what happened.

The SarC program worked. Thanks for the heads up on the Norton Live updates. How do I access them?

Please let Thom know about the problem!

Jeff
 

SlimJim Z71

PlowSite.com Addict
Location
Cary, IL
When you start Norton, in the upper left corner, you'll see the icon for the LiveUpdate section. Make sure you're connected to the net, and let it do the rest.

Tim
 

75

PlowSite.com Addict
Chuck - upon arriving home from work this evening found 6 more "viral" messages, one of which was the "FurnandEquipment" one you mentioned.

The others were: "Proposal for 200 pinewood rd", "205 pinewood", "Wright Tech Sponsor ltr", "=?ISO-8859-1?Q?=20Supplies=20=28760?=" and "joe's table of contents"

:mad: :mad: :mad: (Not at you JCurtis - as Tim said, that's how these things spread. I didn't realize that was your address either until reading today's posts.)

Then again, I DO recall you saying something at another forum about "Pull the blinds, lock the doors and maybe he'll think we're not home............" ;)
 
Last edited:

JCurtis

Banned
Location
Stamford, CT
Just delete them Rob

Sorry Rob,

I assure you that it was accidental. Please delete those emails.

I ran a sircam removal program and successfully removed the virus from my pc.

Again I apologize for the inconvenience.

Jeff
 
OP
Chuck Smith

Chuck Smith

2000 Club Member
Location
NJ
Jeff,

You can also start Norton Live Update right off your Start Menu. Just go to Start>Programs>Norton Anti Virus> and you'll see Live Update in the list on the start menu, right above where you would start Norton Anti Virus.


This virus sucks.... it has it's own SMPT Engine built in, so it extracts e mail addresses from address books on the host computer. If the computer is set up on a network, and there are no passwords for the various computers on the network, it will infect every computer on the network, and start spreading itself via e mail. It picks random files from infected computers, attaches itself to them, and mails them out. SO it also might be mailing out "sensitive" information.

Just an FYI here. When you get a file with 2 extensions... avoid it. For example .jpg.pif, or .zip.exe, or .gif.bat, etc....... Keep your Norton updated, and keep "Auto Protect" enabled.

~Chuck
 

Top Forums

Similar threads

Similar threads

Top