It came from somebody I don't know in the Netherlands and has subject: <Esc>
The body contains various stuff including ASCII representation of the binary (as it appears to be) CMDL32.EXE

The body is here (http://www.otheos.clara.net/pub/esc.txt) (216kB), I would appreciated it if you could take a look and tell me what you think.

TIA

[This message has been edited by otheos (edited 07-30-2001).]

Looks like something that needs to be deleted.

If it came from someone you don't know is there any question of what to do with it? I would delete this quick!

If it came from someone I did know, I'd still delete it http://www.sysopt.com/forum/wink.gif

Sounds like the Sircam virus (or variant thereof) - it has a similar size.

I downloaded it and opened up the text file and it doesn't seem to be a virus. Hope I'm right! http://www.sysopt.com/forum/biggrin.gif

The file is just a text file that contains the body of the email in ASCII, and there is no way it can infect anything by opening for view (it's not executable!)

It contains some shortcut key combinations for some use (?) and the CMDL32.EXE file in ASCII form (lots of hex).

What is the CMDL32.EXE file by the way?

The message is already deleted from all my windows clients and I have it on my FreeBSD (virus proof) box for reference.

I would presume the message was meant to have an executable attachmend of the file CMDL32.EXE but for some reason it's full of junk. I do not know if copying pasteing the hex part of the file and saving it as a .exe file will make it work, nor will I try!!!

I'm just curious what is the purpose of this email and if anybody has seen anything similar.

Thanks for your time all.

CMDL32.EXE is a file that's located in:

WINNT\SYSTEM32 Folder

I have no idea what that is, but it sure ain't Dutch. http://www.sysopt.com/forum/wink.gif

If I don't know what it is, or who it is from...I just delete it. I think I can live without seeing whatever it is. If it was that important and from someone you know just email them asking them what it was. The little bit of time that it takes to ask them is a lot less than having something mess up your system.

Those of you that say "just delete it" are absolutely no fun what-so-ever. What stick in the mud's. He's obviously is curious about it and what it does.

However otheos, if you don't have the guts to just run it, then maybe you should delete it. If you have a few machines I'd just isolate one and run it on that machine to see what happens.

OR, you can forward it to some Ultra-Large corporation that has triple firewall protection and see what comes out the other side..

I'd give ya my addy at the Pentagon, but the subsequent investigation into us both might be more trouble than it was worth.

DrVette

lol.

I'll just forget about it then (chicken feathers all over the place...)

Thanks for your time!