if you get something like this in mail..

Hi! How are you?

I send you this file in order to have your advice

See you later. Thanks


dont open it.. I've heard is a pretty bad virus... I just recived it...but didnt open it.

You better read this, I have had it again since posting this message. Symantec has a free Worm Fixing thing available as a Download
http://www.sysopt.com/forum/Forum1/HTML/014984.html

Nodnerb2

I got 26 of them just this morning.
Anybody want a copy? http://www.sysopt.com/forum/biggrin.gif
(glad I don't use Outhouse Express!)

Comtech, so your using something better than OE and still getting attacked http://www.sysopt.com/forum/smile.gif http://www.sysopt.com/forum/smile.gif

Watch out for the "BadTrans.A" virus as well! (No, they never got past my 1st layer of a multi-layer defense!) http://www.sysopt.com/forum/biggrin.gif

My sister sent it to me twice before I blocked her address. I then called her and told her to give me a call once she gets her machine cleaned.

BTW, "BadTrans.A" attaches itself and resends itself off unread email and uses your Outlook or Outlook Express address book!

Harder

[This message has been edited by sharder8 (edited 07-25-2001).]

Sure, the attachments still show up, but I'm not stupid enough to click on it, DUH!
I have over 100 different things now, some really cool info in the docs the virus attaches to. Credit card info, legal depositions, you name it...
The reference to outhouse express is because I won't automatically forward the stupid thing to everyone in MY address book without my knowledge. Outhouse is the only email client that does that inventive piece of bandwith theft.

Good point Jim...I always send everyone in my address book Virus Warnings and links to free virus software just incase... http://www.sysopt.com/forum/smile.gif

I've been receiving these little gems as well and as some of you know, I don't use a virus scanning program. A little common sence goes a long way.

To help get rid of these little gems on the NET, I first look for the address of the sender either by the From note at the top of the E-mail or in the Properties and Details tab.

Then I send an alert to the person that sent it to me and scare the hell out of them. Letting them know they have a virus gets them to fix the problem either by seeking help from a qualified professional or by themselves.

If they are not alerted to the problem, most of my contacts don't know it is even happening.

I tell them what to look for. Such as with an E-mail virus, look at the Outbox when sending a mail. With a lot of these E-mail viruses they will see for a quick second, not a (1) but a (24) under the outbox folder if viewing the Outlookbar.

Reply to the E-mails that contain viruses and let the people know.

Don't click on any attachments from unknown senders.

Don't click on attachments with multiple extensions.

DON'T CLICK IF YOU ARE UNSURE!

Cheers!

A matter of fact, I just received another one of these little gems as I was posting to this thread.

Cheers!

Thankfully ours companies e-mail scanner is catching it at the gate. As for home I haven't received it there.

Sean

I've goten it from some one named cooter. twice from the same adress. the hotmail scanning **** didnt detect it but InoculateIT sure did. (I thought it was strange when the file was named somthing.doc.com.

Here is the info from InoculateIT. http://ca.com/virusinfo/virusalert.htm#w32.sircam

Doesn't say how to delete it or if the new dat kills it?

You can use your message rules temporarily until this virus slows down.

subject line containing words:

*.doc.
*.doc.zlo
*.doc.zip
I think that *.doc. will contain all the multiple extensions since this one seems to always use the something.doc.something format. I just included the ones I know about as well.

Cheers!

[This message has been edited by Beemer (edited 07-25-2001).]

The article at innoculate does give you good clues though. Read the Reg entries and you can go to the recycled and see if anything is residing in there that shouldn't be.
Remove the registry entries pointed out below.

When run, the worm copies itself to "C:\RECYCLED\SirC32.exe" as well as "SCam32.exe" in the Windows System directory. It modifies two registry keys:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\RunServices\Driver32="\SCam32.exe"
HKEY_CLASSES_ROOT\exefile\shell\open\command=""C:\recycled\SirC32.exe" "%1" %*"
The first key causes the worm to run when Windows starts. The second causes the worm to be run whenever any .EXE program is executed. The worm gets a list of .DOC, .XLS and .ZIP files in the "My Documents" folder. It appends one of these files to the end of itself and saves the result to the Recycled folder, adding the second extension to the filename as listed previously. This file is attached to the emails that the worm sends.

Cheers!.doc.zip

The best way to make sure I don't spread a virus is that I don't have an address book. I just have a text file with people's addresses there and copy and past as needed. It's hard for a worm to spread if there's no where for it to go.

Or, you can get rid of "Outhouse" and "Outhouse Express" and switch to a stand alone e-mail client like Eudora! As of yet, I haven't heard of any that will use the Eudora Address book to propagate itself. (That's one of the reasons I've used Eudora for the last several years.) I also have Eudora set to not open any executeables, first I'm warned, then if I still choose to open, the attachement is opened in an external shell! http://www.sysopt.com/forum/biggrin.gif

Harder

I've tried eudora, incredimail, and outlook. I don't like any of them compaired to outlook express. I would change if there was something better.