Virus!!

SHADOW-XIII · Post by **SHADOW-XIII** » 04 Mar 2003 19:44

I don't care .,... mp3pro ... you can send it to me .... I want to test my anti-vir protection

I just updated it

mp3Pro · Post by **mp3Pro** » 04 Mar 2003 19:49

the actual thing that happened when it was triggered was "ur my friend" popping up on screen in several languages then the screen shook

Post by **orudge** » 04 Mar 2003 22:05

mp3Pro wrote:yikes thats me ... how can I get rid of it ???!!??

<must have pissed someone off

I havent sent ANY mail in the last 3 days from that account
and I see today its full of bounces

It's probably Klez or a similar virus. Basically, somebody has both you and the recipient in their address book. The virus picks a random address (in this case yours) and sticks that in the From field. It then mails it out to the rest of the address book. I've been a victim of this (e-mails claiming to be from me, and e-mails sent to me from other people who aren't other people). I've received many viruses in my time, but not once have I opened one. Keep OE well patched and run a decent virus scanner, and you'll be fine.

spaceman-spiff · Post by **spaceman-spiff** » 04 Mar 2003 22:08

Well, he did say "fingers crossed" and we haven't heard from him

Post by **orudge** » 04 Mar 2003 22:12

I just got a copy of that virus too, actually:

Code: Select all

Return-path: <sc_cpl@bellsouth.net>
Delivery-date: Tue, 04 Mar 2003 20:04:50 +0000
Received: from mail213.mail.bellsouth.net ([205.152.58.153] helo=imf13bis.bellsouth.net)
	by buckaroo.freeuk.net with esmtp (Exim 3.33 #3)
	id 18qIef-0007Yh-00
	for orudge@freeuk.com; Tue, 04 Mar 2003 20:04:49 +0000
Received: from mail.lig.bellsouth.net ([67.33.252.136])
          by imf13bis.bellsouth.net
          (InterMail vM.5.01.04.25 201-253-122-122-125-20020815) with SMTP
          id <20030304200629.VSOF2682.imf13bis.bellsouth.net@mail.lig.bellsouth.net>
          for <orudge@freeuk.com>; Tue, 4 Mar 2003 15:06:29 -0500
From: BellSouth<sc_cpl@bellsouth.net>
To: orudge@freeuk.com
Subject: Fw: sprites
Date: Tue,04 Mar 2003 15:14:02 PM
X-Mailer: Microsoft Outlook Express 5.50.4133.2400
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary=nwuhltg
Message-Id: <20030304200629.VSOF2682.imf13bis.bellsouth.net@mail.lig.bellsouth.net>
X-Envelope-To: orudge@freeuk.com
X-claradeliver-Version: 4.15.0
X-UIDL: 1046808290.29111.buckaroo.freeuk.net
X-RCPT: orudge
Status: U 

--nwuhltg
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<HTML><HEAD></HEAD><BODY>
<iframe src=3Dcid:pnul height=3D0 width=3D0>
</iframe>
<FONT></FONT>
How to define new graphics
==========================

The new graphics are controlled by newgrf.txt, which is simply a list
of .grf files to include.  Each .grf file can then define graphics for
one or more vehicles.

In this document, you can find out how to define new sprites and
contr<BR>.<BR>.<BR><BR></BODY></HTML>

--nwuhltg
Content-Type: audio/x-wav;
	name=sprites.zip.bat
Content-Transfer-Encoding: base64
Content-ID: <pnul>
[snip]

The virus is WORM_YAHA.G, by the way.

spaceman-spiff · Post by **spaceman-spiff** » 04 Mar 2003 22:15

I just checked my mailbox, I got two from Bellsouth
One with sprites

Arathorn · Post by **Arathorn** » 04 Mar 2003 22:17

Can someone move this to General?

mp3Pro · Post by **mp3Pro** » 04 Mar 2003 22:30

Thanx for all the help everyone..
avg got the worm but now all my chit is messed up
grrrrrr I cant open a lot of stuff .. trying to fix it now but might just wipe and reinstall

lynsey · Post by **lynsey** » 04 Mar 2003 22:36

Guess that's something to be on the lookout for then...good luck getting it sorted, viruses suck!

spaceman-spiff · Post by **spaceman-spiff** » 04 Mar 2003 22:38

How do I know if my AVG virusscanner worked, I can't open that attached file, can't do anything with it, but I didn't get a warning from my virusscanner neither

Arathorn · Post by **Arathorn** » 04 Mar 2003 22:39

I haven't had a virus in years luckily. Only some hoax causing me to delete something from Windows (luckily I could get that from the microsoft website again).

lynsey · Post by **lynsey** » 04 Mar 2003 22:48

Ha I got Klez within a couple of hours of having my PC, my dad went off to work and basically said I could check my e-mail but otherwise I shouldn't use it til he'd put something on. What happened then is probably obvious or I wouldn't be telling this story.

SGWebmaster · Post by **SGWebmaster** » 04 Mar 2003 22:49

I presume that this e-mail doesn't some loaded with that particular e-mail. I mean, it isn't going to mean anything to most users. However, the McAfee Avert write-up of the virus (YAHA) doesn't say anything about it taking an e-mail off the infected computer. Strange.

lynsey · Post by **lynsey** » 04 Mar 2003 22:52

Surely the virus scanner won't know which e-mail it is, seeing as it probably changes and will be compressed in some way or another.

sultana · Post by **sultana** » 05 Mar 2003 09:21

Virus? well I have to admit, I could have hundreds of viruses on this PC and not know it

I always just exit the virus programs as soon as they load. If i get the "Do want this scanned, blah"... no, soo...

mp3Pro · Post by **mp3Pro** » 05 Mar 2003 14:11

The virus came in an email attachment that opened in outlook express when clicking on the header
it hides itself in the recycle bin then hides c:\recycled from explorer...
I think I killed the virus but now win 2k is fried :-/
this thing was nasty

ummm considering that this is the only place I chat/make posts... I wonder who is pissed at me and for what??

spaceman-spiff · Post by **spaceman-spiff** » 05 Mar 2003 17:13

Well, not me

SHADOW-XIII · Post by **SHADOW-XIII** » 05 Mar 2003 19:12

not me for sure .... all my mails (output and input) are scnanning

sultana · Post by **sultana** » 06 Mar 2003 05:22

Well not me either Mp3.... you make graphics

Transport Tycoon Forums

Virus!!

Who is online