Re: !!! att.VIRUS or trojan ! Re: Sorta silly dc motor question - From: "colin" !!!

From: colin (no.spam.for.me_at_ntlworld.com)
Date: 10/09/04 

Date: Sat, 09 Oct 2004 23:07:40 GMT

"Spajky" <Spajky##@volja.net> wrote in message
news:ngngm0l6eekk6fiiel314lq4ukt4881ab8@4ax.com...
> On Sat, 09 Oct 2004 20:30:31 GMT, "colin"
> <no.spam.for.me@ntlworld.com> wrote:
>
> >I just looked at the post i made and am now veiwing the source of it but
> >there doesnt seem to be any code in it at all as it apears in OE having
got
> >it from my NTL server, it looks pertfectly ordinary. however im runing a
> >virus scan.
>
> I did it too, but no positive indentification; I searched the Agent´s
> Data folder with WinExplorer for a file containing text
> <6Eg9d.894$_d4.393@newsfe3-gui.ntli.net>, which revealed that
> mentioned agent file; than I just opened it with a text editor to see
> the code: it looks like a sorting of a bunch multimedia system files
> listed from my system mixed with garbagled signs & kernel commands
> Quite a lot of stuff!
>
> & that listed text can not be copy pasted to a text editor (or here!)
> - interesting!
>
> >maybe its some virus thats somehow atatched itself to it on your
> >system or news server? or maybe you just had a file system coruption ?
>
> I don´t know...
>
> >looks
> >like autoexec.bat has been overwriten with the headers of the news
article.
>
> no , IIRC inside that "new" Autoexec.bat there was around 10 lines of
> code to IMHO starting kinda server (for calling home?)
>
> >those system mesages are the result of the system trying to execute the
> >simple headers of the news article and are totaly benign. The 'Date' part
is
> >just simply a header to signify the date of the post, and just hapens to
be
> >a system comand thats expecting you to enter the curent date/time and
will
> >wait until you do so. strange though, its worying with these new jpg
viruses
> >as well...
>
> Yeah, maybe I picked up one of those *.jpg trojans ... who knows.
>
> (4 months ago I picked a new unknown version of some trojan/remote
> controler with very unique "features" which my AV did not recognize
> it; I also sent to the AV company the sample with complete description
> what it did to me & how I got rid of it, but still took them almost a
> month after before they put it into AV database so that AV program
> could detect it after updated) . I thought that they would do it
> sooner .. :-(
>
> Well, this time again I saved myself from disaster, what the hell I
> keep & update AV software, just to fill my HD space? Damn ...
>
> --
> Regards, SPAJKY ®
> & visit my site @ http://www.spajky.vze.com
> "Tualatin OC-ed / BX-Slot1 / inaudible setup!"
> E-mail AntiSpam: remove ##

Well i ran nav and it didnt find much, found something in 1 file that was a
.tmp file in my internet cache, cant see how it was active tho,
read something about how things can take over OE by using a malformed feild
lol, geez i wish MS would employ some decent managers to make sure their
programers always check for aray bounds or whatever the issue is.

it always wories me becuase i always find any anti virus thing is just too
restrictive and has cuased me more hassle over the years than any virus so
far, so i always end up disabling it, wich with nav is tricky it seems to re
enable itself from time to time :o bit like a virus intself, must be on more
machines than any other virus so far i gues.

Colin =^.^=

Relevant Pages

  • Re: Outlook chokes on mal-formed headers in POP downloads
    ... as long as you have real-time virus checking turned on (i.e. NAV will ... check an executable file before allowing it to run), ... > all of them catch malformed headers. ...
    (microsoft.public.outlook.general)
  • Re: OE/virus query..ps I fogotted summat
    ... >> Mailwasher headers last time, that implies it's neither her ISP ... >> something banished to my virus vault if that was the case? ... >> Thinking that my AVG had removed it I went back to mailwasher and ...
    (uk.people.silversurfers)
  • Re: How Can This Happen???
    ... >email from his ISP that said I had sent him a virus just last ... <SNIP another email, from an infected computer, with forged headers> ... Many of these viruses currently plaguing us have two effects - and the second is ... infected computer stuck your email address into the header of the infected email ...
    (alt.computer.security)
  • Re: [Full-Disclosure] POSSIBLE TARGETING OF SECURITY RELESE READ
    ... From the message's full, original headers: ... already detected by all virus scanners and has spread profusely all ... a security mailing list with something as obvious as an already ... of IE on Internet exposed machines (Bugbear.B has an auto-execute on ...
    (Full-Disclosure)
  • Re: Question on Blocking an ISP.
    ... seem to look deep enough into the headers. ... These virus that are sent to me and many others on my server are spoofing ... so the from: is not aol. ... > Do the email servers all have aol.com in them. ...
    (Security-Basics)