PDA

View Full Version : Virus Warning!



Hillbillie
08-14-2001, 02:04 PM
Okay, I just caught a virus from an e-mail attachment. If you get any e-mails from some 'ChessFreak' guy, don't open the attachment!!! His addy is something like 'chessfre@bellsouth.com'....I can't remember.

This is the worst virus I've seen. When I try to run _any_ program, it runs the virus, spreading itself to another part of your harddrive.

Does anyone know about this virus and how to possibly get rid of it. BTW, Norton said it deleted the virus, but apparently it didn't fix it...

*Gets ready to reformat :-(.....

webmaster
08-14-2001, 02:39 PM
I think its the W95.MTX, at least, that is the virus that infected my computer. chessfre@bellsouth.net is my email address. One of my family members infected a computer in my house, and you were, apparently, sent an email by the virus. It was not intentional.

Hillbillie
08-14-2001, 03:44 PM
I figured it was unintentional...

Anywho, I got Windows reinstalled. Hehe, this website looks major funny without an SVGA driver installed :)

Fordy
08-14-2001, 03:46 PM
Nasty sounding little bug - did it do anything specific?

Hillbillie
08-14-2001, 04:37 PM
Nasty sounding little bug - did it do anything specific?

Hmm...not really. I just couldn't run anything at all, so my computer was basically a big paperweight. Anyways, I needed to reinstall Windows....

Fool
08-14-2001, 05:19 PM
That sucks man, thanks for the heads up!

-Fool

SilentStrike
08-14-2001, 07:01 PM
I just got one of those messages as well.

"Subj: No
Date: Tue, 14 Aug 2001 7:41:02 PM Eastern Daylight Time
From: "Chessfreak"<chessfre@bellsouth.net>
To: rpgnmets@aol.com

No.doc.pif (244169 bytes)

Hi! How are you?

I send you this file in order to have your advice

See you later. Thanks


"

doubleanti
08-14-2001, 07:10 PM
i got that too, but the attachment said it has a virus (i guess i have hotmail to thank for that, which means thank you, yes, M$...) wierd... and it must have felt refreshing to reformat eh Hillbillie? and yes, everything looks funny in 16 colors... but it is pretty cool how they blend to try to emulate other colors... you get a pretty good idea of the actual pictures, remarkably!

adrianxw
08-15-2001, 03:25 AM
This is the sircam virus. From McAfee website...

>>>
This mass-mailing virus attempts to send itself and local documents to all users found in the Windows Address Book and email addresses found in temporary Internet cached files (web browser cache).

It may be received in an email message containing the following information:

Subject: [filename (random)]
Body: Hi! How are you?

I send you this file in order to have your advice
or I hope you can help me with this file that I send
or I hope you like the file that I sendo you
or This is the file with the information that you ask for

See you later. Thanks
<<<

Also sent in Spanish sometimes.

Chemanuel
08-15-2001, 05:18 AM
Now that you mentioned it, I remember that on Monday (perhaps Tuesday) I got a warning message telling that an email sent to me had a virus.

The body of the message was something like

This is the file with the information that you ask for Linux

I don't know the original address since yahoo only sent me the notification.

I can't remember now exactly but I think it was in Spanish.

Theologian
08-15-2001, 09:07 AM
There's a spanish and an english version.

You need to run the Mcaffee program to remove it. If you get it you may need to clean up autoexec.bat also.

Another problem to check for after you remove it from your machine is that rundll32.exe in the windows directory gets renamed to run32.exe. If you don't change the name back you will have trouble opening items on the control panel.

The virus does not delete anything but on some computers (this is part of a random deal in the virus) it will fill your hard drive to capacity.

In october it runs another little random dealy and has like a 33% chance of deleting your entire hard drive.

But while it is on your machine it will grab items from your MyDocuments folder and mail them to people as attachments. I have gotten some very interesting mail from people. Personal pictures, documents, etc.

I don't think it affects NT. I know for sure that it only hits M$ machines.

no-one
08-15-2001, 11:00 AM
never had any such a thing... though i strive not to get set up the bomb so...

Govtcheez
08-15-2001, 11:09 AM
not to get set up the bomb

LOL!

Move zig. For great justice. :D

Nick
08-15-2001, 01:25 PM
hmm better rename My Docments to docs

VirtualAce
08-15-2001, 03:36 PM
I have a Yahoo e-mail account and I found the PE_Magistr.A and PE_Magistr.DAM virus in one of it's e-mail attachments. I'm currently working on a program with someone over the net so I thought the attached exe (setup32.exe) was from him. I should have known better since the subject line was a bit strange, but I ran the exe anyways. Real stupid. The Magistra virus totally wrecked all of my .exe and .scr files. This virus uses a random subject line, random text - about 60 characters or so taken from the infected computer's drive and an attached exe. Do not mess with this e-mail. Just delete it. First virus that I've had since the old Form virus back in the 80's and early 90's.

If you get this virus, go to www.symantec.com to find out more about how to kill it.

So, instead of getting more code from part of my team, I ended up losing all of the code, headers, dlls, and everything else since I FDISK'ed, re-formatted, and re-installed Windows.

How do most of you keep backups of your projects? I do not have a CDRW or a zip drive and the project would have taken many 1.44 floppies.

Fordy
08-15-2001, 03:44 PM
>>How do most of you keep backups of your projects

I use a SLR5 Tape drive - but the sodding thing wont work properly under Win2k. Worked fine on Win98.

Until I figure it out I periodically;

[list=*]
Copy files over my LAN to my spare
Use CDRW
use my old zip disk
[/list=*]

iain
08-15-2001, 04:07 PM
i save my work to my laptop (coding computer) and to another station via my network. I make full hard disk backups to CRDW's

-KEN-
08-15-2001, 06:09 PM
I jsut got the e-mail, too! Thanks for the virus, webmaster! :p I didn't open it, though. Why didn't you just use a bootdisk to get into DOS, and play around with things from there. I always forget to do that when it's MY computer under attack, but I always seem to remember it if it isn't...hmm...go figure.

ski6ski
08-15-2001, 08:14 PM
I hope this is a lesson that we should update our VScan more often than we do! I always try to update on the 15 & 30 of each month, but sometimes I do it more often depending on the alerts that symantec sends.

VirtualAce
08-17-2001, 01:22 AM
I did use DOS when I was attacked, but I made a big mistake. First, I immediately scanned all of my project for the virus. When it came up clean, I used WinZip to zip the whole thing into a self-extracting archive. Then, I rebooted into DOS so the virus could not infect anything else. The archive was clean but I forgot that I added a 2 to the end of the name, since I could not create an archive with the same exact name as my Win32 executable. So, when I copied to A drive, I copied the Win32 executable instead of the self extracting archive of my project. When I realized what I had done, I just sat there dumbfounded for about 10 minutes. I knew that I really messed up and just lost all my source.

It stinks that I lost my code, but now I have more incentive to re-write the source from the ground up and make it compatible with ActiveX. Now, instead of hard-coding some functions that relate only to my specific program I think I'm going to create some ActiveX controls and ActiveX friendly classes to use in my program.

Back to the drawing board.