VIRUS ALERT

Calypso

New member
Hi! How are you?

I send you this file in order to have your advice

See you later. Thanks

If you receive an e-mail with the above message, delete it immediately and DO NOT open the attached file. This is apparently a bad virus and will go into your address book and send itself to everyone in your book. I have received four of these in the past two days from different sources. If you have gotten one let us know. This may be some anti's targeting hunters or it may be someone that has an axe to grind with us. Report it to your ISP spam and/or securtiy department.


Take Care,

Bob C.
 
Timberking

Run your virus scann and update your virus scann now.



------------------
Kevin Bowler
Support NRA Vote Freedom First
 
Scanned drives C and D NO virus found. Could'nt scan drive A whatever drive A is? Then i updated the virus scan. Is this all i should do? Just before i opened the "bad file" my antivirus page said no virus found with a big green checkmark in front of it. What else is there now? BTW Thanks Onefoot,glad to see ya back on the boards.
smile.gif


------------------
Timberking
 
Bob, I got one last night and another this morning. The first one was titled "K Plot" and the second was "1999 tax return". I didn't open either and sent both to IS security. They confirmed it was a malicious virus and are running a trace on the origin site. Is this how they killed Posse Country???
 
What is SirCam?

SirCam is a malicious program with characteristics of a worm--a self-propagating piece of destructive code--and a virus, a malicious program that attaches itself to other files. It also has qualities of a "Trojan horse" in that it poses as a harmless file.

How can I tell if a message I receive is infected by SirCam?

All SirCam messages arrive with an attachment and an e-mail subject line, but these are different for every SirCam message. That's because each time the SirCam worm infects a computer, it randomly plucks a document from that computer and sends itself out with the document attached--drawing the e-mail subject line, and the name of the attachment itself, from the title of the pilfered document.

Each virus-carrying message contains the same text in the body of the message, however. The first and last lines are "Hi! How are you?" and "See you later. Thanks" in the English version of the message and "Hola como estas?" and "Nos vemos pronto, gracias" in the Spanish version.

How dangerous is SirCam?

The main threat posed by the worm is possible security breaches from its propagation method. By attaching randomly chosen documents to itself, the worm could share confidential information with others.

SirCam also can perform several destructive acts based on a combination of arcane PC settings and chance. If the infected PC uses the European date format (day/month/year), for example, there is a 1-in-20 chance the worm will delete all files and folders on that computer's hard drive on Oct. 16.

Who can be infected?

Any PC running Windows 95, Windows 98, Windows Me, Windows 2000 or Windows NT. Due to an apparent flaw in the worm, however, SirCam cannot replicate itself on Windows 2000 and Windows NT systems.

What should I do if I receive an infected message?

Delete the message, then check to see if your PC is infected. Locating and removing the infection on your own is a relatively complex process, as detailed in a McAfee document.

The easier approach is to use the automated SirCam detection and removal tool available for free downloading from antivirus-software maker Symantec.

How can I keep SirCam messages from flooding my mailbox?

If your Internet or e-mail service provider screens incoming messages, your mailbox should be safe, although Hotmail users have reported that the service's virus filters have failed to catch SirCam.

For those who use unfiltered services--and for unlucky Hotmail users--you're on your own. Install antivirus software on your PC, keep it updated, and set it to screen your e-mail--at least infected messages won't be able to deliver their payload.

Most e-mail programs also allow you to set up rules for incoming messages. Using a tool such as the Rules Wizard in Microsoft Outlook, for instance, you could set up a rule that all incoming messages with the body text "See you later. Thanks" are moved to a separate folder, where you can easily delete any suspicious entries.


Robb



------------------
"Happiness... is a Target-Rich Environment"

paws2.gif
 
I don't remember opening anything weird. I have had my computer about two years now without one problem. Tommorow I am taking down to have windows reloaded and to see if they can fix all the other funny things that just started happening. I can't bring my scanner program up, Outlook Express won't open so no mail. Games that worked fine before, crash and require a scandisk to fix the error each time now. When I "restart" it acts like I'm "shutting down" instead and I have to turn the power on and off to bring it back. I have never had a glitch on this system till the last three weeks or so. I always keep Norton updated. Didn't find anything on a virus scan but it sure seems weird. Also, when I do a scandisk now it says "invalid longfile."

Oh well....
 
I just got that exact e-mail!! It said it came from A PM member. I tried everything to open it, but the computer wouldn't hear of it. I e-mailed the person, but have not yet heard back.

Please keep updates of this posted, I will try to do some research.

The file name was BEAVER.CL.DOC.

Thanks,
Vinny



[This message has been edited by VCinRI (edited 07-25-2001).]
 
Mine also came from a pm member. I now get a dialog box that says-windows cannot find SirC32.exe. this rogram is needed for opening of files of type'Application' location of SirC32.exe.
mad.gif


------------------
Timberking
 
apparently word is SirCam stores itself in your Recycle Bin, where most virus programs dont look...

I got it last night too, but I knew what it was already and deleted it without issue...

I didnt recognize the sender at all...


Robb


------------------
"Happiness... is a Target-Rich Environment"

paws2.gif
 
I'm unaware if it's the same virus, but I've recieved two emails in the last week with the W32.magistr.24876mm virus clinging to it.
Both times from an unfamiliar source. My software caught it both times as I downloaded my mail.

It's pretty much the same ole same ole, if you get an attachment from anyone you don't know...dump it.

~River Runner~

------------------
predatorlogo3jpg.gif

www.predatormasters.com
 
Some more good advise, is to never open any executable, even if it appears to be from somebody you know. Anybody who sends you an executable should tell you in advance what it is.

You can get bad stuff hidden in most any file, but opening executables is asking for big trouble.
 
I had the same message in my Hotmail account this morning and deleted without opening. So far McGaffee has saved me a couple times, once on the Happy Virus and don't remember the other.
If I'm understanding this right, I should clean out my trash bin in the morning just incase the virus is hiding there?
 
The happy virus was making its' rounds today, as well.

I use a PC extensively at work and have been hit more than once by a virus. I no longer keep a contacts or address list.
One of my last contacts with a valued customer in China was his "thanks" for an e-mail that contained links to porn sites and a virus no more harmful than forwarding the same to all of his contacts.

Vandalism is far worse than thievery, emasculation seems a fitting punishment for the perpetrators.
 
Mystery solved for me I think. Found Sircam.worm when I did a file search. My anti-virus couldn't find it and didn't catch it when opened. My also came from a VERY well trusted PM member. I am sure they were unaware it was sent. It was a document sent to a lot of members if I remember right. The only suspicious mail I've received besides that snow white stuff that comes once a month. I slipped and fell for it. Didn't even read more than a sentence and saw it didn't interest me, so I deleted it. Damage done.
 
I got that message yesterday at the office, and mine said it was from someone at Phantom Calls!!!!! I didn't open it, but I did reply. I haven't gotten a response to that. Fortunately, the virus scanner on our system here picked it up and warned me before I opened the attachment.

ScottD
 
Back
Top