barrelracer
|
posted on July 24, 2001 09:35:13 AM
Sorry, I have been gone a few days and this might have been covered.
I have been getting emails that appear to be from persons, with different subjects, but all say the same text
<<Hi! How are you?
I send you this file in order to have your advice
See you later. Thanks>>
with an attachment.
~Not barrelracer on ebay, don't pick on them!~
|
beatsarealjob
|
posted on July 24, 2001 09:40:22 AM
This one is for real, check this site to verify and assist in removal if you have received the virus:
http://www.sarc.com/avcenter/venc/data/[email protected]
McAfee.com has seen a large and growing number of consumer
computers infected with W32/SirCam@MM. This is a HIGH RISK
VIRUS FOR CONSUMERS. The infected email can come from
addresses that you recognize. Attached is a file with two
different extensions. The file name itself varies.
The email message can appear as follows:
Subject: [filename (random)]
Body: [content varies]
Hi! How are you?
I send you this file in order to have your advice
or I hope you can help me with this file that I send
or I hope you like the file that I sent to you
or This is the file with the information that you ask for
See you later. Thanks
--- the same message may be received in Spanish ---
Hola como estas ?
Te mando este archivo para que me des tu punto de vista
or Espero me puedas ayudar con el archivo que te mando
or Espero te guste este archivo que te mando
or Este es el archivo con la información que me pediste
Nos vemos pronto, gracias.
The virus searches for .GIF, .JPG, .JPEG, .MPEG, .MOV, .MPG,
.PDF, .PNG, .PS, and .ZIP files in the MY DOCUMENTS folder
and attempts to send copies of these documents to email
recipients found in the Windows Address Book and addresses
found in cached files.
|
WeRuleWithTechnology
|
posted on July 24, 2001 09:42:45 AM
Yes, this virus is running rampant! I've received it at home and at work. Never click on the attachment that comes with it!
|
barrelracer
|
posted on July 24, 2001 09:51:41 AM
Thanks! I knew I could find out info and links here faster than by myself.
I will say it is running rampant. I have received it 4 times all with different senders (one is even some one I know) and different subjects. That makes it more difficult for people to remember.
I belong to the MaCafee (sp) email virus alert and I am surprised I ahven't received anything yet.
Again, thanks for your quick responses.
~Not barrelracer on ebay, don't pick on them!~
|
cdnbooks
|
posted on July 24, 2001 09:59:01 AM
so, do I understand this correctly. If you don't open the attachment, you are OK?
Bill
|
barrelracer
|
posted on July 24, 2001 10:09:34 AM
Yes, as long as you don't open the attachment.
My attachment showed a weird ending zlg or something.
~Not barrelracer on ebay, don't pick on them!~
|
Microbes
|
posted on July 24, 2001 12:34:00 PM
Rampant is right. I just now got emailed a copy.
People, PLEASE keep your virus software up to date. 
Who Need's a stink'n Sig. File?
|
docpjw
|
posted on July 24, 2001 12:49:18 PM
Just got it a few Minutes ago. DID NOT open the attachment. This is the first time this has happened to me in my two years on the internet. I hope they get what's coming to "them". 
|
mar30
|
posted on July 24, 2001 12:54:53 PM
I got one today, too. I deleted without opening, as I didn't recognize the person it came from at all. Whew!
|
timaratz
|
posted on July 24, 2001 01:03:03 PM
I got a bunch of these yesterday. And they were sent to e-mail addresses that I only use on eBay.
|
WeRuleWithTechnology
|
posted on July 24, 2001 01:04:50 PM
What strange is... I've gotten e-mails containing the virus twice, and both times I had no idea who the sender was. Since the virus sends itself out to people in your address book, that must mean I'm in these people's address book! Not sure who they are. With eBay and all the e-mailing I do, I can understand. But not at my work address!
|
bibliophile
|
posted on July 24, 2001 01:26:12 PM
You DON'T want this worm on your computer. My son opened the attachment on his computer the other day, and unfortunately his system is on my network. Guess who got it?
The virus infects the Windows registry and randomly changes pathnames so that no programs can be launched. Fortunately we were able to download a fix from Norton, but meanwhile I spent half a workday and an entire evening getting things up and running again.
|
packer
|
posted on July 24, 2001 01:29:37 PM
add me to the list of just getting one.
It was forwarded from my old e-mail address.
Nothing to my new one yet.
packer
|
xenainfla
|
posted on July 24, 2001 01:58:16 PM
THIS IS A BRUTAL VIRUS. I have a friend who just got it. Unfortunately the way the wording is, being an eBay seller, you think you are getting a legitimate email from a customer.
I have received several warnings about this virus from my web hosting company as well as my MLS (Real Estate) board about this virus. It is not just affecting eBay users, but may have originated with us.
I have downloaded virus updates on both computers and scanned disks since all this started. Luckily, no problem.
Good luck everyone - I know it is a nightmare.
|
eventer
|
posted on July 24, 2001 02:43:02 PM
This IS a particularly nasty one. I unknowingly opened one coming from a customer thinking they wanted me to review something for them.
By the time I realized the situation, it was too late. Locked down my entire PC which is now at the tekkies being put back together piece by piece. Thank goodness for backup computers.
If you believe your system might have gotten infected..shut down your computer immediately & get it to a professional.
|
GreetingsfromUK
|
posted on July 24, 2001 03:07:59 PM
Hi folks. Just thought you would be interested to learn that this was a major item on UK TV News tonight.
|
thedewey
|
posted on July 24, 2001 03:08:50 PM
I've received this virus at least 7 times in the last 24 hours, all from customers. 
|
barrelracer
|
posted on July 24, 2001 04:05:24 PM
I keep my virus program up to date, but never receive warning notifications on emails.
Do you recieve warnings only if you try to open the attachment? I don't do that.
~Not barrelracer on ebay, don't pick on them!~
|
raglady1
|
posted on July 24, 2001 09:02:09 PM
I got about 35 of these in the past week, was wondering what was going on, then figured it had to be a virus, I never download anything from anyone, if its a customer I always check with them first, even a friend, I always ask whats with the download? I wish this one would run its course, its getting annoying
|
janusaries
|
posted on July 24, 2001 10:08:14 PM
Barrelracer, check your virus program's settings. Some (Norton AntiVirus) have to be TOLD to scan your email as it comes in, and you must specify which email programs you use. I had mine set up for my primary email client, but not my secondary. Had a virus get past me on the secondary a few months back.
So CHECK THOSE SETTINGS.
And this latest virus is BRUTAL. Just had to clean it off my system 24 hours ago because my virus definitions were 2 weeks old. Gak.
I'll be updating my software more frequently after this!!!
J.A.
|
ExecutiveGirl
|
posted on July 24, 2001 10:08:52 PM
I've received this SEVERAL times in the past week or so. Every time it has a different "subject" and once it even said "INVOICE" in the subject line.
I had a feeling it was a virus the first time I received it, so I never opened it.
Figures... as soon as I FINALLY stop getting those "hahahaha Snow white & the 7 dwarfs" virus emails, this one takes it's place... VERY annoying!
|
snakebait
|
posted on July 24, 2001 10:44:42 PM
I have never had an email virus. And never will. And about a decade online....
I DO NOT USE MICROSOFT GARBAGE FOR EMAIL!!!!
I use a newsreader with Email capability that DOES NOT DO MACROS! I can 'read' the most dangerous virus/worm on earth with impunity simply because my email software is designed to do just email, unlike the M$ crap which is designed to sabotage the end user.
Get rid of Outlook! Disable macros in word and kill off Windows Scripting Host. Disable Java, or reduce its functionality. Rename WORD and use WordPad for WORD associations.
|
overworked
|
posted on July 24, 2001 11:06:47 PM
Received it a number of times over the last few days from an ebay seller I did some business with a couple of years ago. Thank heaven for Norton anti virus, and keeping it current
|
mrspock
|
posted on July 25, 2001 05:02:32 AM
I received this e-mail hope it helps
W32.Sircam.Worm@mm
This bilingual beast is spreading like wildfire! There's no need for panic, just make sure your virus definitions are up to date and exercise caution when you receive an email message containing an attachment.
Norton users
http://www.symantec.com/avcenter/venc/data/[email protected]
Mcafee users
http://www.mcafee.com/anti-virus/viruses/sircam/default.asp?cid=2360
spock here......
[ edited by mrspock on Jul 25, 2001 05:03 AM ]
|
tjbrocean
|
posted on July 25, 2001 05:20:55 AM
I also received the same email. Here is some info I found on zdnet.com
SirCam is a sophisticated worm that will infect files shared over an open network so most people will never see the original infected e-mail associated with the worm. SirCam (w32.Sircam@mm) also contains a dangerous payload: It may delete all the files on the C drive in mid October. Antivirus vendors are continuing to examine the worm while reports of infection increase worldwide. SirCam currently ranks as a 6 on the ZDNet Virus Meter.
How it works
SirCam initially arrives as an e-mail message with the following information in either English or Spanish:
Subject: (Random)
Body: (Random content--see below)
Attached: (Random)
The body of the e-mail will always begin with "Hi! How are you?" and end with "See you later. Thanks." In between these opening and closing lines will be one of the following:
I send you this file in order to have your advice
I hope you can help me with this file that I send
I hope you like the file that I send you
This is the file with the information that you ask for
If a user clicks on the attached file, SirCam will copy itself to the Windows System directory with the name scam32.exe. The worm changes the Windows registry key so that it always launches upon system startup. The worm will check to see if there are any open shares on a network and if so, SirCam will copy rundll32.exe to the system, renaming the existing rundll32.exe to run32.exe.
SirCam contains its own e-mail capabilities using SMTP (similar to a feature found in the Magistr virus).
SirCam also spreads among open file shares on a networked system (in other words, if you can access other directories on other machines, that's an open file share). Antivirus vendors are suggesting that many more people will be exposed to SirCam via open networks than through e-mail. It is possible that individual computers on a shared network could become infected multiple times until all instances of the worm are removed from the shared network.
|
wisegirl
|
posted on July 25, 2001 07:06:05 AM
I got three of these yesterday, all with the "Hi! How are you?" message. Because the subject line read "Cover," and because I am a magazine editor who receives frequent requests for copies of my magazine's cover pictures, it never occurred to me that this might be a virus so I attempted to open it. Fortunately, my attempt was blocked and I received a message telling me it contained a virus. I deleted the others without opening them.
Does anyone know where this started?!?
|
Microbes
|
posted on July 25, 2001 07:18:29 AM
Just had to clean it off my system 24 hours ago because my virus definitions were 2 weeks old. Gak
We signed up with McCaffe, and every day at 7 pm, our 'puter logs onto their site, and updates. I think it cost us $30 a year for this service, but to my mind, it was worth it.
Who Need's a stink'n Sig. File?
|
kiawok
|
posted on July 25, 2001 09:13:46 AM
FYI
You might also want to consider installing Norton's 2001 edition which automatically updates their virus definitions as soon as
they are released. No need to manually download the latest definitions as Norton's does it for you. You can also set your email server up to run through Norton's so all infected emails are caught before they even hit your system.
|
janusaries
|
posted on July 25, 2001 09:34:52 AM
Snakebait--Outlook Express has nothing to do with the problem. I got infected through Eudora Light. And another time through Netscape Communicator because I had not configured Norton AntiVirus properly. My fault. This seems to have more to do with keeping your virus software updated than MicroSoft products' shortcomings.
Microbes--Norton reminds me about every 7 days to go to their site and update, but I have a bad habit of putting off the download if I'm doing something else. After this experience, I will be doing the download IMMEDIATELY when I'm prompted.
Kiawok--I got Norton AntiVirus 2000 with my machine last year, and the "subscription" price for downloading updates ($3.95, LOL!) was more attractive than buying a newer copy (NAV 2001) of the same software. But I will have to be better about actually doing the downloads (see my comments to Microbes, above).
|
tonito
|
posted on July 25, 2001 01:27:15 PM
How do you know you have the virus?
|
