Results 1 to 3 of 3

Thread: Is this a virus?

  1. 10-08-2001, 01:19 AM #1
    Praetorian
    Praetorian is offline
    Senior Member Praetorian's Avatar
    Join Date
    Mar 2001
    Posts
    704

    Is this a virus?

    Seems kinda weird. Its long. I didn't download it yet.

    Subj:
    Date: Sun, 7 Oct 2001 4:02:02 PM Eastern Daylight Time
    From: UnknownSender@UnknownDomain
    To: 904_01ok, 904_02ok, 904_03ok, 904_04okok, 904_05okok

    Unknown.txt (79644 bytes)

    [Only the first part of this message is displayed. The entire message has
    been turned into a text attachment, which you can retrieve by selecting
    Download. Once downloaded, open it with a word processor or text editor for
    reading.]
    Subject:=?big5?Q?=C5=E7=B6r=BE=F7=AFS=BB=F9=B7G=B0 =E2?=
    MIME-Version: 1.0
    Content-Type: multipart/related;
    type="multipart/alternative";
    boundary="----=_NextPart_7yY5NTK4SqM0HeAKlwI"
    X-Mailer: WXVJjS9dNn5IAzbh
    X-Priority: 3
    X-MSMail-Priority: Normal
    This is a multi-part message in MIME format.

    ------=_NextPart_7yY5NTK4SqM0HeAKlwI
    Content-Type: multipart/alternative;
    boundary="----=_NextPart_7yY5NTK4SqM0HeAKlwIAA"


    ------=_NextPart_7yY5NTK4SqM0HeAKlwIAA
    Content-Type: text/html;
    charset="big5"
    Content-Transfer-Encoding: base64

    PCFET0NUWVBFIEhUTUwgUFVCTElDICItLy9XM0MvL0RURCBIVE 1MIDQuMCBUcmFuc2l0aW9uYWwv
    L0VOIj4NCjxIVE1MPjxIRUFEPjxUSVRMRT7F57ZyvvcgTU9ERU w8L1RJVExFPg0KPE1FVEEgY29u
    dGVudD0idGV4dC9odG1sOyBjaGFyc2V0PWJpZzUiIGh0dHAtZX F1aXY9Q29udGVudC1UeXBlPg0K
    PE1FVEEgY29udGVudD0iTWljcm9zb2Z0IEZyb250UGFnZSA0Lj AiIG5hbWU9R0VORVJBVE9SPg0K
    PE1FVEEgY29udGVudD1Gcm9udFBhZ2UuRWRpdG9yLkRvY3VtZW 50IG5hbWU9UHJvZ0lkPjwvSEVB
    RD4NCjxCT0RZIGJnQ29sb3I9I2ZmZmZmZj4NCjxQPjxGT05UIG NvbG9yPSM2NmNjZmYgc2l6ZT0y
    Pqa5vHOnaatIrVm577F6s3mmqKd4wlqhQafarcymYqa5xEC+R6 2rplaxeq1QunChQzxCUj6mcLF6
    pKPEQKZBpqyo7Ka5q0g8QSANCmhyZWY9Im1haWx0bzpwYW5jb3 JwQHBhbmNvcnAubmV0Ij690KZe
    sUio7LNvuMw8L0E+PEZPTlQgY29sb3I9IzAwMDBmZiANCnNpem U9Mz4uPC9GT05UPqfarcy3fKZi
    pFSk0aS6sU6xeqq6sWK4uadSsKOhQzwvRk9OVD48L1A+DQo8VE FCTEUgYm9yZGVyPTAgd2lkdGg9
    IjkyJSI+DQogIDxUQk9EWT4NCiAgPFRSPg0KICAgIDxURCBhbG lnbj1taWRkbGUgd2lkdGg9IjMz
    JSI+DQogICAgICA8UCBhbGlnbj1jZW50ZXI+PEZPTlQgY29sb3 I9IzY2Y2NmZj48QSANCiAgICAg
    IGhyZWY9Imh0dHA6Ly93d3cucGFuY29ycC5uZXQvIj48Rk9OVC BmYWNlPbLTqfrF6SANCiAgICAg
    IHNpemU9Mz7F57Zyvvc8L0ZPTlQ+PC9BPjwvRk9OVD48Rk9OVC BzaXplPTI+PEEgDQogICAgICBo
    cmVmPSJodHRwOi8vd3d3LnBhbmNvcnAubmV0LyI+PEZPTlQgZm FjZT2y06n6xek+PEZPTlQgDQog
    ICAgICBjb2xvcj0jNjZjY2ZmPjxCUj48L0ZPTlQ+PC9GT05UPj xGT05UIGNvbG9yPSMwMDgwODA+
    PEZPTlQgZmFjZT2y06n6xek+SC0zMjIgICAgICANCiAgICAgIK 7gpFerrCA8QlI+tKG5caahIChB
    QzExMFYpIDxCUj48L0ZPTlQ+PC9GT05UPjxGT05UIGNvbG9yPS MwMDAwZmY+TU9ERUw6ICAgICAg
    DQogICAgICBILTMyMjxCUj48Rk9OVCBmYWNlPb


    --------------------Headers --------------------
    Return-Path: <rduMTpFoRYv23@tpts6.seed.net.tw>
    Received: from rly-xa05.mx.aol.com (rly-xa05.mail.aol.com
    [172.20.105.74]) by air-xa05.mail.aol.com (v80.17) with ESMTP id
    MAILINXA53-1007160202; Sun, 07 Oct 2001 16:02:02 -0400
    Received: from eddy (229.c210-85-60.ethome.net.tw [210.85.60.229])
    by rly-xa05.mx.aol.com (v80.21) with ESMTP id
    MAILRELAYINXA59-1007160130; Sun, 07 Oct 2001 16:01:30 -0400
    Received: from kimo by gcn.net.tw with SMTP id
    Uz8nbB6Yi4Dr3WbkHk5BLrK20P; Mon, 08 Oct 2001 04:03:43 +0800
    Message-ID: <ldoBNN9@microsoft.com>
    From: UnknownSender@UnknownDomain
    To: 904_01ok, 904_02ok, 904_03ok, 904_04okok, 904_05okok
    Date: Sun, 7 Oct 2001 4:02:02 PM Eastern Daylight Time
    Content-Type: text/plain; charset="US-ASCII"
    Content-Transfer-Encoding: 7bit
    This will all be over before you can say Cat in a Hat.
    Reply With Quote Reply With Quote
  2. 10-08-2001, 03:26 AM #2
    KAknight
    KAknight is offline
    Member KAknight's Avatar
    Join Date
    Aug 2000
    Location
    Tulsa,OK,USA
    Posts
    317
    From: UnknownSender@UnknownDomain
    Since you don't know who it is from, you don't need to download the file. I'd bet it is a virus/trojan. If it actually is from someone you know, they will ask you about it if it is important. I'd just delete it.
    Reply With Quote Reply With Quote
  3. 10-08-2001, 01:35 PM #3
    ctaylor
    ctaylor is offline
    Member
    Join Date
    Sep 1999
    Location
    New Hampshire, USA
    Posts
    347
    I don't read hex, but I know that JPG files will look like that too. If someone sent you a JPG attachment larger than the size allowed by your mail server, it will arbitratily break the image into pieces which look like the body of the toip of this message.

    Taking a look at the headers part, this does not appear to be the case. I can see that this message did travel through Taiwan (TW) along the way to get to you and was also sent to several other Taiwan addresses.

    I would guess that you do not want to open this attachment as it is always safer not to open attachments from unknown places, especially when the attachment was unrequested. The message ID also looks suspicious....

    I would delete it.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules