|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
RE: [PLUG] Need Virus Information
|
Jim,
The virus I am getting is the W95.Hybris virus...but as an attachment is it
dwarf4your.exe or something like that but payload changes depending upon
sender. Sometimes its a .scr other times its a .exe. I have since removed
it from quarrentine and deleted it. The mailto is always hahaha@sexyfun.net
and the subject is always been about "Snow White and her Seven Dwarfs"
Below are two of the IP's that have sent this virus under various attachment
names.
207.103.93.229
216.239.66.2 associated with a "daniel".
Last night's messages reads...
<snip>
Today, Snowhite was turning 18. The 7 Dwarfs always where very educated and
polite with Snowhite. When they go out work at mornign, they promissed a
*huge* surprise. Snowhite was anxious. Suddlently, the door open, and the
Seven
Dwarfs enter...
</snip>
Opening the payload erases your hard drive, I do believe.
Headers are:
Return-Path: <>
Received: from home2 (dialup0434-pri.dialup4.voicenet.com [207.103.93.229])
by bill.codycomp.com (8.9.3/8.8.7) with SMTP id TAA08749
for <charles@codycomp.com>; Sun, 4 Feb 2001 19:51:16 -0500
Date: Sun, 4 Feb 2001 19:51:16 -0500
Message-Id: <200102050051.TAA08749@bill.codycomp.com>
From: Hahaha <hahaha@sexyfun.net>
Subject: Snowhite and the Seven Dwarfs - The REAL story!
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="--VE96J4LYB09A3ST67K5MB45UB8D"
Status: O
Charles
-----Original Message-----
From: plug-admin@lists.phillylinux.org
[mailto:plug-admin@lists.phillylinux.org]On Behalf Of Jim McCoy
Sent: Monday, February 05, 2001 1:13 PM
To: plug@lists.phillylinux.org
Subject: [PLUG] Need Virus Information
Earlier today there was a virus Windows virus warning on the list.
Since I got the same file mentioned through egroups today, and I have a
netaxs IP address, I thought maybe I somehow got infected and passed it to
this list.
But scan by Mcafee shows no viruses. Just in case, does anyone have any
info on this virus?
Can I manually look for it in case it is one that Mcafee does not look for?
Thanks.
Jim Mc Coy
----- Original Message -----
From: Charles Stack <charles@codycomp.com>
To: <plug@lists.phillylinux.org>
Sent: Monday, February 05, 2001 12:40 PM
Subject: RE: [PLUG] Computer Virus Warning
> Dunno if its a coincidence...but VoiceNet just informed me that they have
> contacted an individual on their network who is (hopefully was) infected
> with the same virus.
>
> Charles
>
> -----Original Message-----
> From: plug-admin@lists.phillylinux.org
> [mailto:plug-admin@lists.phillylinux.org]On Behalf Of Charles Stack
> Sent: Monday, February 05, 2001 12:33 PM
> To: plug@lists.phillylinux.org
> Subject: RE: [PLUG] Computer Virus Warning
>
>
> Okay, then we can probably safely conclude that person is on this list.
>
> Hopefully, the individual will realize that their system is infected and
> deal with it accordingly. Anybody running Windows without a virus scanner
> has got to be out of their mind (or a personal firewall). Since
installing
> BlackICE Defender on my laptop (which does, on occassion, connect directly
> to the internet via a dialup), I detect an average of five (5) port scans
> per evening and the occassion deliberate attack. BlackICE seems to keep
> them at bay...for now.
>
> BTW, I've received similar messages from Canada (Quebec in particular) as
> well in the past several weeks. Perhaps this additional bit of info will
> allow the person to realize its them that's infected.
>
> Charles
>
>
>
> -----Original Message-----
> From: plug-admin@lists.phillylinux.org
> [mailto:plug-admin@lists.phillylinux.org]On Behalf Of Rupert Heesom
> Sent: Monday, February 05, 2001 12:04 PM
> To: plug@lists.phillylinux.org
> Subject: Re: [PLUG] Computer Virus Warning
>
>
> On 05 Feb 2001 08:45:24 -0500, Charles Stack wrote:
> > I'm trying to track down the infected party and I suspect they are on
this
> > lists.
> >
> > Somebody with the IP 207.106.60.11
> > ID: dyn-11-blackbox-2netaxs.com
> > Host: renoir
> >
> > is infected with a Windows script virus. The message masquarades with a
> > sender name of "HaHaHaHaHa" and a subject line "Snow White and the Seven
> > Dwarfs". It's an old virus and utilities like Norton AV catch it with
no
> > problem.
> >
>
>
>
> I've also received this email twice or three times in the last couple of
> days. Maybe sender _is_ part of this list....
>
>
> BTW, I have a fixed IP, but _not_ that one!
>
>
> --
> regs
> rupert
>
>
> ______________________________________________________________________
> Philadelphia Linux Users Group - http://www.phillylinux.org
> Announcements-http://lists.phillylinux.org/mail/listinfo/plug-announce
> General Discussion - http://lists.phillylinux.org/mail/listinfo/plug
>
>
> ______________________________________________________________________
> Philadelphia Linux Users Group - http://www.phillylinux.org
> Announcements-http://lists.phillylinux.org/mail/listinfo/plug-announce
> General Discussion - http://lists.phillylinux.org/mail/listinfo/plug
>
>
> ______________________________________________________________________
> Philadelphia Linux Users Group - http://www.phillylinux.org
> Announcements-http://lists.phillylinux.org/mail/listinfo/plug-announce
> General Discussion - http://lists.phillylinux.org/mail/listinfo/plug
>
>
>
______________________________________________________________________
Philadelphia Linux Users Group - http://www.phillylinux.org
Announcements-http://lists.phillylinux.org/mail/listinfo/plug-announce
General Discussion - http://lists.phillylinux.org/mail/listinfo/plug
______________________________________________________________________
Philadelphia Linux Users Group - http://www.phillylinux.org
Announcements-http://lists.phillylinux.org/mail/listinfo/plug-announce
General Discussion - http://lists.phillylinux.org/mail/listinfo/plug
|
|