posted on July 27, 2001 04:58:38 PM
Finally got this damn email, from a customer. I didn't click on the attachment because I knew what it was from reading this thread. (Thanks for the warnings!!!) I deleted it and then deleted it from my trash folder, but was still afraid, so I ran Norton live update and did a full system scan and it didn't find anything.
I have my Outlook Express set to mark all emails as read after I've looked at them for 5 seconds in the preview pane. I was afraid maybe that would somehow open it, but I guess not. WHEW!!!
posted on July 27, 2001 05:25:20 PM
This has been one nasty virus. I just got my PC back today from the tekkies who couldn't save it..we had to wipe out everything & rebuild the PC from scratch.
I'm still mourning the loss of my ebay database. Will be starting in the morning to rebuild everything. Sigh.
From what I've read over on the discussion boards, even the initial patch didn't work. Once it got into you system, the only choice was to do what I did...reformat the hard drive & start reloading software.
Oh, well...live & learn..next time I'll have Nortons on up front rather than trying to do a clean up after the fact.
The good news (and I'm REALLY looking hard to find some) is that I sure got rid of a lot of junk loaded at the factory this time round.
posted on July 27, 2001 05:32:54 PMhttp://wtc.trendmicro.com/wtc/ For what it's worth. It seems to grasping hold in Canada and The USA....rapidly. Go to this site and use "housecall" for a free scan of your computer.
posted on July 27, 2001 05:45:57 PM
Wow Eventer, that sucks.
While we're on the subject, how exactly do you back up your computer? I have Norton Rescue Discs but I don't really understand what they do.
I have all my photos in a folder on my desktop, which I copied to a CD on my CD burner. I had countless hours into fixing old family photos and didn't want to lose them! They all appeared on the CD just like they do on the desktop. Then I put them all on floppies, just in case.
Can I just highlight my C drive folder in Windows explorer and copy and paste it to the CD and actually get all the files on there?
Is there some certain order in which you have to back things up in order for them to work right from the disc?
I hate to be clueless about such an important thing. My sister in law just had her whole hard drive wiped out and had NO backup.
Best to find microbes and get his opinion on the best way to back up. This was a fairly new PC and I had transferred all my data from my old one but hadn't done a major backup yet.
All my ebay files (seller's assistant) were lost. Because the virus had invaded EVERYTHING, it was best not to try & save anything..just start over.
Most of my stuff is either saved on floppies or uploaded to my server site (except the damn seller's assistant, of course).
Once everything is rebuilt, I'll be saving it to CD also. From what I gathered, you can just save the whole configuration (files and folders) onto the CD.
BTW, this new PC was one that came "preloaded" and w/o any of the original discs..only a "restore" disc. Hate this new trend..when something goes wrong..they want you to call "software" support at a cool $198/hr to fix whatever is wrong. My local tekkies worked a whole lot longer than an hour getting this done & didn't charge me any $198/hr either!
pwolf..I also have another computer (and soon to have a third). We have taken to duplicating everything on each computer. Now if one goes down, I have backups. We just hadn't gotten everything duplicated yet when this virus hit (darn it!).
posted on July 27, 2001 08:05:51 PM
To save time, you can send any suspected emails to [email protected] and you will
receive a reply from the site within minutes if the email contains a virus.
The added benefit is that [email protected] email is mainly for tracking down and
stopping spammers. I forward all spam to this email account.
posted on July 27, 2001 08:18:43 PMBest to find microbes and get his opinion on the best way to back up.
Gee, Thanks.
I don't have a rom burner, so I can't speak to much about how to do it that way, although I like the idea. If you want a "whole hard drive backup, it would be best to do this with the help of some software that will read and copy hidden files, as there are hundreds of them in Windows now-a-days.
I use a zip drive to back up. I don't back up everything on my hard drive, as I have the CDs my software came on, but I do try to back up all the importaint DATA files. I try to keep all my pictures, my UPS software database files, and emails backed up. Most of these programs have built in "back ups" that are easy to use. I probably don't back up as often as I should.... Once a month, and that would leave a lot to lose.
This latest virus is a nasty bugger from what I hear. And even with the daily updates I get from McAffee, I know that sooner or later I could get "hit". Norton, Mcaffee, and the other AntiVirus people are only playing "catch up" at best. The Jerks that write the viruses stay one step ahead of the anti virus people.
I haven't seen one of the machines that was hit with this virus, so I don't know how badly it scrambles files, but often times an amazing amount of Data can be recovered from a crashed machine that won't even boot. But it's very time comsuming, and unless you know how to do it your self (data recovery isn't something the average user has expereince with), or the data is very valuable, it probably isn't worth the trouble.
posted on July 27, 2001 10:05:44 PM
I, too received this email yesterday. I remembered seeing an AW thread about a virus so I checked the thread prior to opening the attachment. Thank you. Thank you. Thank you. I've learned lots by lurking on AW and I thank you all for sharing. It's been very helpful.
posted on July 27, 2001 10:49:18 PMin the preview pane. I was afraid maybe that would somehow open it, but I guess not. WHEW!!!
This virus doesn't do that, but SOME OF THEM DO. The KAK worm that was going around about a year ago would infect a machine as soon as it "previewed". Then every time you sent an email, a second email would go out to the same person with the virus. We must of had that one emailed to us at least 20 times. We where infected (twice, I think) before McAffee came up with a cure, and had to go thru the "manual removal" process both times. Real pain in the butt. It wasn't as nasty as this one, but it slowed a machine down to a crawl.
posted on July 28, 2001 06:24:11 AM
Well, the sircam worm/virus/whatever got me bad yesterday, when I opened a pdf file from someone I bought from on ebay in the past. It was his e-mail address all right, but he later told me he did not send any of the 3 infected e-mails. I was hesitant to open the e-mail at first, but seeing his name, I did not want to offend him by deleting it or not checking out the attachment. I opened just 1 of the 3 e-mails, and BINGO! Several hours later, I couldn't open any of my programs (internet, mr lister, ANYTHING!).
And for the ultimate catch-22, I couldn't run
any virus fix-it programs either, because Windows kept saying it couldn't find the required sirC32.exe file, which was a bogus file implanted by the little b*stard that starting this entire virus/worm. I used to have Norton 2000 on my system, but at least in my case, it caused more crashes & problems than it ever fixed, so I removed it many months ago. I'm not sure it would have caught the problem anyway.
But this morning, I checked out the free Symantec fix website address shown on page one of this thread, and afer a lot of scary moments, it SEEMS like the problem is fixed on my pc.
By the way, THANKS to the person that posted that website url for the fix, since you literally saved my life. I mean it.
The losses that people have incurred must be staggering, with no estimate possible for the loss of money & time, not to mention to fear and anger that goes through your mind when you could lose everything because of some idiot. Hope the perpetrator gets a nice Singapore vacation, because I'd be first in line to cane his cowardly *ss.
Sorry for the loss of composure here, but to do something like this to untold thousands of people's lives should demand mandatory prison, no discounts given for being underage, harshly toilet trained as a child, etc.
posted on July 28, 2001 06:30:48 AM
Just survived the Sircam Worm-(It really rocked my boat!!!) and found this thread very interesting! I received it from my favorite Ebay customer and he said he got it from another Ebay seller. It seems to be really hitting the Ebay community.
Then received this warning from another Ebay member- and thought I'd share it here.
WORST EVER VIRUS (CNN announced)
PLEASE SEND THIS TO EVERYONE ON
YOUR CONTACT LIST !!
A new virus has just been discovered that has been
classified by Microsoft as the most destructive ever! This virus
was discovered yesterday afternoon by McAfee and no vaccine
has yet been developed. This virus simply destroys Sector Zero
from the hard disk, where vital information for its functioning are
stored.
This virus acts in the following manner: It sends itself
automatically
to all contacts on your list with the title "A Virtual Card for
You."
As soon as the supposed virtual card is opened, the computer freezes
so that the user has to reboot. When the ctrl+alt+del keys or the
reset button are pressed, the virus destroys Sector Zero,
thus permanently destroying the hard disk.
Yesterday in just a few hours this virus caused panic in New York,
according to news broadcast by CNN. This alert was received
by an employee of Microsoft itself. So don't open any mails with
subject:
"A Virtual Card for You." As soon as you get the mail, delete it.
Please pass this mail to all of your friends. Forward this to
everyone
in your address book.
I would rather receive this 25 times than not at all. Also: Intel
announced that a new and very destructive virus was discovered
recently.
If you receive an email called "An Internet Flower For You,"
do not open it. Delete it right away! This virus removes all dynamic
link libraries
(.dll files) from your computer.
Your computer will not be able to boot up !!
I hate to be the voice of doom and gloom. And I hope it doesn't happen, but if you read the discussion boards over at Norton, the patch isn't holding in some cases. I've also talked w/the manufacturer of my PC and they aren't having luck getting the patch to hold in all cases either. Same from the local tekkies.
And it can attach to ANY file, exe, jpg, txt, xls..anything. Originally I had managed to download all my main files onto floppies thinking we'd just reload once we reformatted the PC. But after talking w/the manufacturer & reading the boards, I realized even the downloaded files could be infected..it was too much of a risk that I could re-infect the newly cleaned PC.
It was a hard decision, but I deleted everything (including my 1000+ ebay database) and reformatted the entire computer. I even "formatted" the floppies where the downloaded data was just to make sure the virus was stopped dead there. It was the only way to make 100% sure the virus wasn't hiding on a file somewhere.
It contains it's own SMTP program so you don't KNOW it's sending out emails under your name until you start hearing back from people asking why you emailed them. I emailed as many people as I could to warn them & included a link to the patch on Nortons before my machine shut down completely.
From what I'm hearing from the boards, my local tekkies & the maker of my PC, this has been a particularly nasty virus and even many of the patches aren't holding.
BUT, I happened to be one of the "lucky" ones where the virus went almost to the worst case scenario. (Actually the WORST case scenario w/this one is it fills your HD up, then eats everything). My tekkie was telling me yesterday about one where the virus went all the way to destroy the motherboard.).
Mercifully my only MAJOR loss is the ebay files and that's primarily my descriptions. 90% of the jpgs were uploaded to my server and are already back on my newly restored PC. I probably have a weeks worth of work to recreate all the descriptions. I also lost everything in my email system which is actually more of a loss than my ebay descriptions..I may never find some of those contacts again.
The virus picks & chooses which of your email addresses to send the attachment, so it doesn't affect everyone in your email system, but just enough to make sure it gets passed along.
Good luck to anyone who was unfortunate enough to get it. I feel your pain! Now back to typing descriptions.
posted on July 28, 2001 10:58:10 AM
Hi Eventer, and other fellow Auctionwatchers. Eventer, I am very sorry to hear about your system. My god, that totally sucks, and I wish there was something that we could all do to find the perpetrator of this gutless prank. It's unsettling to hear that I myself may not be out of the woods, especially since my printer spool file is crashing now. It may not be related, but who knows? Meanwhile, I must carry on with my computer, whether I like it or not. There's no way I can ignore 60 to 80 e-mails a day without repercussions that I did nothing to deserve. I use the vrane.com program to notify winning bidders, so I'm not in danger of spreading the problem around, I hope.
Anyway, to all who've been afflicted with this unnecessary nonsense, I really feel for you and hope the damage (if any) is minimal.
The only things keeping me from being totally dead in the water were an ISP where I could pull down my emails on line & not have to worry about HAVING to have a PC based email system.
AND, having a second backup computer w/atleast SOME of the files duplicated on there. Enough to get me back in action.
I HIGHLY recommend, especially w/PC prices SO cheap, to have a second computer in the house somewhere.
AND, (falling in the live & learn category), a consistent backup policy.
The worm has two payloads. On 16th of October in one case out of 20 it deletes everything from the drive where Windows is installed. On any other day in one of 50 cases it fills up the drive where Windows is installed. In this case it creates a file called '<windows drive>:\recycled\sircam.sys' and continuosly fills it with one of below given text strings until the hard drive space is consumed.
Removal instructions are available.
[ edited by AnonymousCoward on Jul 28, 2001 12:43 PM ]
posted on July 28, 2001 12:29:36 PM
blackjack21,
Ah yes, we just had someone out from Gateway with a new motherboard.....I spent a couple of days beating myself up over sending this virus to people, all the while receiving not-so-nice emails from folks who thought I was doing this maliciously. I am with you on your views about what the perpetrator of this virus should go through. I have been through one h*** of a week, with this computer stuff being only part of the story. I hope the moron who is responsible is getting some satisfaction from what he/she has done. It will come back at them eventually. Ok, I'm off my soapbox now . I hope none of you lost too much business because of this.
posted on July 28, 2001 12:32:49 PM
Let me get something straight...
If I never click on an email file attachment, then I have no chance of getting a virus.... right?
I use Eudora Pro. Never had a virus, in 8 years of computing. But then I have never clicked on a file attachment other than .jpg files from friends and family.
If you don't open the attachment w/this particular virus, you are fine..though you want to make sure it's fully deleted from your system, not just dumped into the recycle bin.
However, there are OTHER viruses which can invade w/o benefit of an attachment or even w/o opening the attachment.
Words of wisdom from someone who wasn't watching closely...get a good antivirus system up (Norton's, McAfee..take your choice) and be sure it's also set to scan your email.
savon1,
My sympathies..you apparently got hit w/the worst case scenario! I feel "fortunate" I was atleast one step away from the worst case when we decided to wipe out the entire system before it did.
Don't beat yourself up. I "thought" I was responding to a customer's request to review something when I opened mine. I'm sure I have some pretty angry customers & friends who then got it sent to them from my email account.
I can only say it was passed to me & I was unaware, until it was too late, it had gotten into my email system & was passing it along.
I will go to my grave never understanding the mentality it takes to "create" something like this to wreak havoc on innocent people. I actually feel a bit sorry for them that their lives are so worthless, this is all they can think of to make themselves feel important. It's sad really.
edited to add:
lifesablur,
This particular virus can even attach to jpgs and gifs, so you aren't safe if you think it's just xls, doc, txt or pdf you don't have to open.
[ edited by Eventer on Jul 28, 2001 12:53 PM ]
posted on July 28, 2001 01:51:18 PM
tonito,
If you read the very good advice in the second message by beatsarealjob, you will find a link to the sircam virus removal tool, and the information given there is quite helpful. Apparently, the e-mail message can come in different forms. Mine was an English message with an attached from a trusted friend, but we are both French, and he never addresses me in English, that was my first clue; the second clue was that the attached file had two extensions on it, .doc and .Ink. There is more information on the sircam tool site, and many of the other people who contributed to this thread have added much helpful advice as well. I think it is wise to update your anti-virus as often as possible, this virus is rampant.
posted on July 28, 2001 05:26:42 PM
Thanks Eventer, Microbes and everyone for the helpful advice.
Microbes, I'm not sure what software you're referring to that reads and copies hidden files. Is there anything at ZDnet? Or could I just click on View Hidden Files, like in the folder options? Or would some still not show up?
Eventer, I wish you luck with your restoration. I've been considering a second computer for months and I am definitely getting one now!
posted on July 28, 2001 06:22:17 PM
I just got this cleaned out of my system. It is a mean virus that will take you or your tech a good day to make sure it is removed. You will know that you have it when you start getting file not found errors when trying to open a program. If your online, the virus will also be working your email and if you have an icon that shows your modem is working when it shouldn't be this will be a good clue that you have a virus. It almost wiped out my system in just a few hours, but was able to get on top of it. Another clue is that you may be getting a large # of returned emails. This is because your system is send ing the virus out, but your server is catching the virus before it hits the intended receiver and sending it back to you. If you suspect you have it you need to get the fix fast as it is a fast working bug.
posted on July 28, 2001 06:34:15 PM
I got the virus!I wasn't sure if I had it or not but I went to MacAfee & tried the virus scan online & it told me I had about 8 files already infected!
Went to symantec.com's site as recommended her & did the SIrcamWorm removal. After running it 2X, it told me that the worm was removed.
I then went back to MacAfee TO do another scan & its telling me I have 3 files infected!
How can this be possible if the worm removal tool told me it deleted it?
I have to subscribe to Macafee's virus scan program to be able to clean.delete the infected files. Costs about $39.95/yr.
Is there a free virus scan site that can clean/dlete these infected files for free? I checked Trend Micro & tried to do the housecall for PC but it would not load into my computer.
Do I format my C drive. I have the restore disk but I do not have the Windows 98 boot disk so i can install it.
How do I create a WIN98 boot disk before I do the format/restore?
I've spent hours trying to get this fixed & i am getting very frustrated.
If not for this message board..I dont know what I'd do! Thanks for all the help!
[ edited by araindrop5 on Jul 28, 2001 06:37 PM ]
posted on July 28, 2001 07:31:17 PM
I have gotten an email the last 3 mornings of this week with this virus attached. 2 of them took forever to load with big file attached but the one yesterday was not so big.
Thank goodness I knew about it and have Norton Anti Virus protection and that is auto updated every week!!
Or could I just click on View Hidden Files, like in the folder options? Or would some still not show up?
It might, but I think you would run into a problem with the contents of the Hard drive not fitting on the CD. It would need several CDs (if you have the typical amount of software). Software that would "span several disks with one large compressed file" would be a better way to go. Less chance of missing files, bad paths, etc.
Who Need's a stink'n Sig. File?
[ edited by Microbes on Jul 29, 2001 06:03 AM ]
posted on July 29, 2001 06:23:22 AMDo I format my C drive. I have the restore disk but I do not have the Windows 98 boot disk so i can install it.
A format may or may not get rid of a virus. You should be sure the virus is gone before formating a hard drive.
How do I create a WIN98 boot disk before I do the format/restore?
go to "my computer".
then go to the "control panel".
Then go to Add/Remove Programs
Click on the Startup Disk tab.
Click Create Disk.
I would do this on a computer you know is virus free. If the startup disk is infected.... Yup, it could reinfect the hard drive
Some computers can be setup to boot from the CDrom.
I then went back to MacAfee TO do another scan & its telling me I have 3 files infected!
If you plan to format your hard drive and start over, try deleting these 3 files (and then delete them from the trash can). Run the scan again, and see if that cleans it up.
How can this be possible if the worm removal tool told me it deleted it?
Because the anti-virus people are not perfect, and they are playing "catch up" with the scumbags that write the viruses.
Edited to try to make my self clear... I hope I did.
[ edited by Microbes on Jul 29, 2001 06:30 AM ]
posted on July 29, 2001 06:27:36 AM
lifesablur, ANY file can be renamed with a jpg extension. So, for now, I would not open ANY attachments, even jpgs from friends and family.
posted on July 29, 2001 07:07:18 AM
I have my jpegs set to arrive open. Are viruses sent as jpegs still jpegs? Can a photo that arrives open release a virus?
I was told the virus can arrive under ANY format including .jpgs. If it attaches to a jpg & is sent to you, you'll run the risk of getting it if you open it.
Granted that risk is probably small since most of the problems I've heard have been with xls, pdf, txt and pdf files but it can happen.
You might wish to reset your "open automatically" policy for a while.
