By Blue Gill (Bluegill) on Tuesday, July 24, 2001 - 05:22 am: Edit

FYI: I have received two separate emails, one from Nathan Crabtree and one from Enoch Snyder that contain a virus - it's the email message with an obscure subject line and then a text message that reads something along the lines of "I send you this email to get your advice." It's floating around in spanish, too (hence the broken english). It's the attachment that will get you if you are unfortunate enough to open it. I delete stuff I don't recognize, so I don't know what would have happened if I opened it. Probably forwards the virus to everyone in your address book, which is probably why I got it from Nathan and Enoch (nothing personal against you guys, I understand that you're victims like everyone else - just posting a general warning here). I saw a virus alert email that clued me into this whole thing.

If you see a computer nerd creating a virus, stomp his face for all of humanity.

By Chris Merritt (Smokinbro) on Tuesday, July 24, 2001 - 06:07 am: Edit

then package him/her up, ship to me, I will solve problem once and for all with live electrical wires attached to sensitive and damp body parts.

zzzzzzzaaaaaaaaaappppppp

By Eric N (Grnrvr) on Tuesday, July 24, 2001 - 07:28 am: Edit

I got that message and it looked like an HTML page with some joke cartoons in a ZIP file. I don't think that it sent out to all my email addresses as one is a off-roading list and it would have sent it back to me along with everyone in the club. Thanks for the heads up.. I'll run virus scan anyway just to be safe.

By Jeremy A. (Jmansphc) on Wednesday, July 25, 2001 - 04:56 am: Edit

Symatec is calling it W32Sircam.worm@mm

Technical description:

This worm arrives as an email message with the following content:

Subject: The subject of the email will be random, and will be the same as the file name of the email attachment.
Attachment: The attachment is a file taken from the sender's computer and will have the extension .bat, .com, .lnk or .pif added to it.
Message: The message body will be semi-random, but will always contain one of the following two lines (either English or Spanish) as the first and last sentences of the message.

Spanish Version:
First line: Hola como estas ?
Last line: Nos vemos pronto, gracias.

English Version:
First line: Hi! How are you?
Last line: See you later. Thanks

By Glenn Guinto (Glenn) on Wednesday, July 25, 2001 - 06:22 am: Edit

I'm a network admin for our company and we have the filters installed in our Exchange Server (email server). This morning, while reviewing the "quarantined" messages, a couple of them are addressed to me (of all people) and they came from Enoch Snyder, the emails were deleted before infecting anyone. As Blue Gill said, I'm sure ESnyder is one of the many victims so I encourage everyone to please download the latest and greatest DAT files for your Virus Protection Program so you don't have a false sense of security

Let's all practice safe computing

peace out!

glenn

By gp (Garrett) on Wednesday, July 25, 2001 - 08:10 am: Edit

damn. i got this one too. i was trying to figure out who in the hell this person was. thanks for clearing this up. another one to look out for that i got as well was from Peggy Owens. i actually got two from this person. the subject headings were as follows: 'herbert', 'forgusL1' and 'jns-dbw'. i opened one of them yesterday and i forget what the attachment said and i don't really think i want to try it today. i have a new version of nortons, but i did not get any quarantine message. my nortons automatically updates over the web. and now that i think about it my computer is running like crap......slow as hell. so it looks like a reformat for me. i hate that. takes me half a day to back all my crap up and all that.

By Eric N (Grnrvr) on Wednesday, July 25, 2001 - 08:45 am: Edit

Anybody know where it pulls the files from you computer that it sends out with the email.. The one that I got from Nathan had comics in it.. Wondering if it sent out some things that I had on my PC....

By gp (Garrett) on Wednesday, July 25, 2001 - 09:02 am: Edit

well i just fixed my pc since i did find out this virus was really bogging down my pc. was attaching itself to my SirC32.exe files. would not let me run application files after i tried to delete it the old way. so i ran a 'restore' in safe mode on it and things are fine right now. not sure what if anything this virus sends. god i hope no one got anything from my 'personal' files. i have some pretty sick and twisted stuff.

By John C. on Wednesday, July 25, 2001 - 09:10 am: Edit

I got one from "LASLOAN"

This is the body of the email (the file attached is "news_doc.scr" which I did not open)

"'Giampaulo Cinquegrana' wrote:
====
- --- In d90@y..., RoverTym@a... wrote:
- > In a message dated 7/24/01 10:19:55 AM Eastern Daylight Time,
- > mrocho4u@a... writes:
- >
- > >
- > Sorry, didnt mean to post on the list..
- >
- > John
- I have a set from a RRC, interested?
-
- John
-
-
- http://groups.yahoo.com/group/d90
-
-
- Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
-
-
-
> Take a look to the attachment."

I had responded to John's (RTE) request for front radius arms on the D90 list. He responded to my message to my AOL email. I guess the virus read his address book since I have never corresponded with LASLOAN fellow. It is not John's fault but I am curious to know what kind of Anti-virus s/w he is running and if he has the latest DAT/pattern files.

By Eric N (Grnrvr) on Wednesday, July 25, 2001 - 09:14 am: Edit

Well I had the latest DAT files but that didn't matter when I had my auto protect disabled so it was looking for any... If you got an email from me.. Sorry about that.. I had ran the virus scan after I noticed it and it found it and killed it but who knows what may have gone out from my mail box.

By Glenn Guinto (Glenn) on Wednesday, July 25, 2001 - 09:21 am: Edit

Eric,

Those attached files came from your PC?! Man you have those files?

just kidding... I did not attempt to decipher the virus but normally, if you're using outlook, you're address book is something called *.pab.

By Eric N (Grnrvr) on Wednesday, July 25, 2001 - 09:27 am: Edit

You mean the pictures of me at the strip bar putting Disco web stickers on the rear quarters of all the strippers Those were going to go out as x-mass cards..

By gp (Garrett) on Wednesday, July 25, 2001 - 09:55 am: Edit

eric~

i would like to have a few copies of those for my cards as well. mine will be scratch and sniff cards this year i think.

can the discoweb stickers be made to have a smell.......like mud or grease?

i'm sorry......just in a sick mood today i guess. must have been that virus!!

By Enoch Snyder on Thursday, July 26, 2001 - 09:34 am: Edit

Thanks for the messages, guys. I've been unable to post a warning because the virus completely toasted my computer. I unplugged it as soon as I realized I had it, but it was sent unknowingly to lots of people, here at Discoweb and other places. I'm posting from a work computer now. If you get it, it may be eradicated by using a removal tool from www.symantec.com/avcenter. Go to the security updates, click on W32Sircam.worm virus and follow directions. I originally got it from Nathan Crabtree also. It is particulary bad because it pulls random documents out of your files and combines it with email addresses you don't even know you have! The good thing is that it doesn't always totally eat your computer as it did mine. Hope it didn't wack anybody. If anyone out there was in the process of trading emails with me, please send again. My address book was wiped out (along with everything else!) I think I'll just get in my Series truck, move into the woods, and be a Luddite for a while. :-(

By Blue Gill (Bluegill) on Thursday, July 26, 2001 - 11:24 am: Edit

Enoch - sorry to name you (and Nathan) personally, but I figured you'd understand. Damn virus writers...

By Ricardo P. on Thursday, July 26, 2001 - 05:35 pm: Edit

I recieved the one from Nathan but was not able to open it,Does that mean that my computer didn't get the virus???

Rico

By gp (Garrett) on Friday, July 27, 2001 - 04:13 am: Edit

unless you opened the attachment ricardo you did not 'get it'. you may have recieved the virus in an attachment, but unless you unleashed the thing you are fine. i unfortunately opened hoping someone mistakenly sent me photos of anna. was an easier fix though than i thought. if you pc starts running real slow or bogging down let me know and i can get you a quick fix.

By Jeff Bieler (Mrbieler) on Friday, July 27, 2001 - 04:53 am: Edit

One of the joys of running a Mac is that we're so unimportant that no one writes viruses for us...

By Rob Davison (Pokerob) on Friday, July 27, 2001 - 06:57 am: Edit

or useful software either....

By Jeff Bieler (Mrbieler) on Friday, July 27, 2001 - 08:46 am: Edit

and we even pay more for the privilege...

;-)

By Ho Chung (Ho) on Friday, July 27, 2001 - 09:05 am: Edit

>Hi! How are you?
>
>I send you this file in order to have your advice
>
>See you later. Thanks


i been giving advice all week long.

LOL

By Kyle Van Tassel (Kyle) on Sunday, July 29, 2001 - 05:02 pm: Edit

Butch Santiago has one as well. its the badtrans virus. he has infected me today and mine sent out 31 before I knew what was going on. I had some kicked back that were stripped but I am sure some got out. Dont open anything from me if it happens to come to you.

Kyle

By gp (Garrett) on Monday, July 30, 2001 - 02:23 am: Edit

i am now getting the same virus attachment from a 'mailer-daemon'. subject was 'letter to the irs'. had the same message body as all the other ones. twice this weekend.

By Moe on Monday, July 30, 2001 - 06:00 am: Edit

For those who use Outlook, you want to make sure your preview pane is off. This is a weakness often exploited, as when the preview is on some macros are allowed to operate and potentially allows for a self execution of an attached virus. To turn the preview pane off in Oulook, go to 'View' and choose 'Layout' and at the bottom you will find the preview pane option.

I have yet to catch the latest bugs, but I have been there and know it is a huge pain.

By Milan on Monday, July 30, 2001 - 08:01 pm: Edit

Butch Santiago has one as well. its the badtrans virus. he has infected me today and mine sent out 31 before I knew what was going on. I had some kicked back that were stripped but I am sure some got out. Dont open anything from me if it happens to come to you.

Kyle

Too late Kyle. I tried to open one up before realizing what it was. Now I get my own alternate email sending me messages.

By gp (Garrett) on Tuesday, July 31, 2001 - 04:36 am: Edit

they just keep coming for me. maybe it is scott nicols and he is really pissed at me now. but i have gotten about 12 emails in the past 24 hours with this virus attached. most of them came with no name attached to them with the subject heading of MattMcKinley and TrimLtr. oh well lets just hope this other moster virus suppose to be unleashing its fury today will not slow us down here to much........what will i do all day?

By Kyle Van Tassel (Kyle) on Tuesday, July 31, 2001 - 04:41 am: Edit

Damn Milan , all that shit happened right in the middle of our E Mail exchange the other day...

Kyle

By Blue Gill (Bluegill) on Tuesday, July 31, 2001 - 05:30 am: Edit

I keep getting that virus in emails as well. Now I just put a condomn on before sitting at my computer. I also don't share my needles with my computer any more.

By Milan on Tuesday, July 31, 2001 - 05:45 am: Edit

Yeah, Kyle that's eactly when it happened, that's why I just opened the message before checking it. Oh well...How do I get rid of it?

By Kyle Van Tassel (Kyle) on Tuesday, July 31, 2001 - 05:47 am: Edit

http://www.symantec.com/avcenter/venc/data/pf/w32.badtrans.13312@mm.html


That should do it for ya.

Kyle

By gp (Garrett) on Tuesday, July 31, 2001 - 07:06 am: Edit

ribbed for your pc's pleasure!!!

By Roverine on Tuesday, July 31, 2001 - 12:38 pm: Edit

The Red Worm; Well ... Let's see if "the big slow down" happens on the net - CNN says it's supposed to happen around 8:00 PM tonight (I'm assuming EST). Could end up being like all the bru-haha about Y2K, where nothing really happened - Said they don't think it was a real malicious worm/virus, just meant to snap a few heads up to attention, but it will be interesting to see since it has mutated, etc.