Attention MP3CAR.com specific VIRUS ALERT!!

mp3ford · 07-23-2001, 09:07 PM

___________________________________

Hi! How are you?

I send you this file in order to have your advice

See you later. Thanks
___________________________________

If you see this **** arrive, it's a message bearing the payload of:

TROJ_SIRCAM.A
Risk rating:
Virus type: Trojan
Destructive: Y

Aliases:
SCAM.A, TROJ_SCAM.A, W32.Sircam.Worm@mm

Description:
TROJ_SIRCAM.A has now been upgraded to HIGH RISK. This worm propagates via email using SMTP commands. It sends copies of itself to all addresses listed in an infected user's address book, and arrives in an email with a random subject line and an attachment by the same name. It also propagates via shared network drives.

Go to this site at http://www.antivirus.com/vinfo/virus...=TROJ_SIRCAM.A if you are already infected.

Some ******* actually sent me the file, asking for help/comments on his sound-card selection. The payload was disguised as a SB16 discription/technical file. If it was sent on purpose, may the fleas of a thousand camels infest his armpits.

Yes, for the first time in 5 years, i've been infected by a virus. Sucked right in.

bgoodman · 07-23-2001, 09:20 PM

Thanks. I was wondering what that was. I really need to run a virus scan now.

bgoodman · 07-23-2001, 09:29 PM

arrgh, just realized that I got 2 of these

Kain101 · 07-23-2001, 09:32 PM

Thank you,
i too was wondering what it was and was kind of suspect of it, so instead of opening it i sent a reply to the sender saying that you should check the email address "you sent it to, i do not believe it was intended for me and therefore did not opne it" and never got a reply i know to go delete the file immediately.

dekodan · 07-23-2001, 09:41 PM

I got one too. I Scan all new incoming files... I caught it in time.

What a low-life prick...

magnetik · 07-23-2001, 10:03 PM

does it only infect if you run the attachement??? I got one of these e-mails last nite...... the extension of the file was ".doc.bat" seemed a bit too weird????

opened the file with a text editor and the file started with the common "MZ...." .exe header.....

seemed really weird that someone would send an .exe file for me to try out.....

"low-life" prick.... your being tooo kind...
was he getting e-mails from this bbs, or from our mp3car sites.... since I know most of you guys posting here have your own sites, like myself......

thanks mp3ford...... bigtime!! oh and like yours he was talking about some dis-jointed english crap about SB16's.....

[ 07-23-2001: Message edited by: magnetik ]

mp3ford · 07-23-2001, 10:36 PM

Yup, the very same one about a SB16 card. I had opened the file up via text editor at first, and seeing it was a word 6.0 doc header file, went ahead and opened it. Wrong move. I assume the email address has been harvested from the bulletin board, in this case targeting my mp3ford@mp3car.com email address.

You have to run the file in the original .com or .exe file format to activate the payload, i think anyway. Scan your system to clean in any case.

bgoodman · 07-23-2001, 10:48 PM

well, i scanned my system and i'm clean. that's a relief

magnetik · 07-23-2001, 10:57 PM

Quote:

Originally posted by mp3ford:
Scan your system to clean in any case.

im running NAV 2001, so its the first task ill be doing when I get home from work...

thanks guys for the quick alert time....

Nos · 07-23-2001, 11:29 PM

Just so you all know, these folks weren't sending you the virus on purpose. The virus will look for random docs on your hard drive, and email those to everyone in your address book. If you open the message with outlook express (without turing off scripting) your infected.

The major virus sites have updates out.

Also, have a look in your Recycle bin (assuming your running Windows X). That's where the virus hides.

mp3ford · 07-23-2001, 11:38 PM

Normally, I would agree with you. However, the document bearing the payload was specific enough to make me suspicious that the sender was indeed purposefully malicious in their intent. Not many people would send an email with a document attachment requesting specific info on a SB16 card for mp3car purposes.

If the person wasn't looking out to do this, it's one helluva coincidence that the document was picked at random...

Quote:

Originally posted by Nos:
Just so you all know, these folks weren't sending you the virus on purpose. The virus will look for random docs on your hard drive, and email those to everyone in your address book. If you open the message with outlook express (without turing off scripting) your infected.

The link i posted has the specific disinfection procedure required to rid your system of the nasty virus.

Quote:

The major virus sites have updates out.

Also, have a look in your Recycle bin (assuming your running Windows X). That's where the virus hides.

Axkicker · 07-24-2001, 12:53 AM

I too was sent two emails exactly like this. Thanks for the heads up. I deleted them when I got them becuase they did seem to suspicious. I agree, they must have gotten our emails from this board.

moahdib · 07-24-2001, 01:05 AM

i have so much crap in my registry LOL i need to clean this mess up.....hopefully i don't have this trojan..... so far so good

RaZor · 07-24-2001, 01:57 AM

yeah, i had this happen 3 times to me today. i was smart enough not to open them. its funny because i installed Norton AV 2000 just 1 hr. before getting the virus email. my boss sure liked that Norton caught it as soon as i got the email.

magnetik · 07-24-2001, 02:11 AM

Quote:

Originally posted by mp3ford:
Normally, I would agree with you. However, the document bearing the payload was specific enough to make me suspicious that the sender was indeed purposefully malicious in their intent. Not many people would send an email with a document attachment requesting specific info on a SB16 card for mp3car purposes.

yeah too suspicious...... I don't think it was unintentional........ maybe a disgruntled bbs user we have all given bad answers to?