Did you get an infected email from Jess? [Archive]


Pirate4x4.Com > General Tech > General 4x4 Discussion > Did you get an infected email from Jess? PDA : Did you get an infected email from Jess? LOPPY 11-28-2001, 11:49 AM Sorry to post in Gen 4x4, but I know this is where Jess hangs. Me and a few buds known to hang here got emails from a "Jess" To: cc: Subject: Re: Super U joints! Anti-Virus Software has detected a virus! - Sorry_about_yesterday.MP3.pif Jess is that you? Anyone else get this? broncoboy 11-28-2001, 11:55 AM i got it, i deleted it, i knew it wasnt a pic, my ghetto instincts went off. pat SHERPA 11-28-2001, 12:27 PM me too... the man must be infected... --Sherpa brector 11-28-2001, 12:54 PM I got it from someone else - but our server caught it. LOPPY 11-28-2001, 01:27 PM Man that sucks. And I notice he's not around either. It must have infected his chit and replicated and tossed out using his mail list. Hope he did'nt loose it all. :( hewl35 11-28-2001, 01:51 PM Mcaffee has flu shot for it. It's the W32/badtrans II. Its making the rounds. toyzilla 11-28-2001, 03:36 PM W32.Badtrans.B@mm Virus Problem/Issue A MAPI worm that emails itself out as one of several different file names. This worm also creates a DLL in \Windows\System directory as a Kdll.dll. It uses functions from this DLL to log keystrokes. Contains either .scr or .pif attachments. This worm arrives as an email with one of several attachment names and a combination of two appended extensions. The list of possible file names is: HUMOR, DOCS, S3MSONG, ME_NUDE, CARD, SEARCHURL, YOU_ARE_FAT!, NEWS_DOC, IMAGES, PICS, info, Sorry_about_yesterday, SETUP, stuff, HAMSTER, New_Napster_Site, or README. The first extension that is appended to the file name is one of the following: .DOC, .MP3 or .ZIP The second extension that is appended to the file name is one of the following: .pif or .scr The resulting file name would look something like this: CARD.DOC.PIC, NEWS_DOC.MP3.SCR, etc. When executed, this worm copies itself as kernel32.exe in the "\windows\system" directory. It then adds the following registry value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce\Kernel32=kernel32.exe Shaker 11-28-2001, 03:51 PM thanks for the warning........I just got a "virus" a few minutes ago and deleted it........thanks again for the "heads up".....:D :beer: :beer: miniyota 11-28-2001, 03:53 PM i've never gotten a virous. my friends like me:barf: :D onetoncv 11-28-2001, 08:55 PM very sorry about this- it was a strange day on the puter- the thing is not working right- it appears that i do have this virus as of this morning - its unplugged right now and will get fixed tomorrow- i am sorry- Jess Toyaholic 11-28-2001, 10:13 PM you need any help jess? im a computer geek and can take a look tomorrow when i get there if you want. lemme know.