San Juan 23 mailing list

Mobile Geographics MapTap for PalmOS CelestNav for PalmOS IQ Booster for iQue 3600 SJ23 links tides

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Yahoo Hit with Virus?

It wasn't Yahoo, but rather my computer and a few SJ23 skippers who were in a member's address list. It was the W32SirCam Virus about which please read the warning and remedy furnished below: 
My apologies to any and all who may have gotten the e-mail asking for "advice" on an attachment.  It contained the Sir Cam worm/virus and stopped me dead.  I could not open any applications until windows 98 was re-installed.  Hopefully the info below will help stop the contagion.

::: Virus Alert:::


W32.Sircam.Worm@mm contains its own SMTP engine, and propagates in a manner similar to the W32.Magistr.Worm. Due to what appears to be a bug, this worm does not replicate under Windows NT or 2000.

This worm propagates via email using SMTP commands by sending copies of itself to all addresses listed in an infected user's address book. It arrives in an email with a random subject line and an attachment by the same name. It also propagates via shared network drives.

Here is a collection of links to various anti virus companies and there information and removal tools.

Information and removal process from Sophos Anti Virus:

Information and removal process from Symantec/Norton:

Information and removal process from NAI/Mcafee:

Information and removal process from F-secure:

Information and removal process from Panda software:
Click on the link for the sircam on the right side of the page as this site is using frames.

Information and removal process from Trend Micro:

To manually remove Trojan from (Trend Micro) for experienced users only…

1.Disconnect from the network


Go to HKEY_CLASSES_ROOT\exefile\shell\open\command

On the right panel, double click on the (Default) value and remove

C:\Recycled\SirC32.exe leaving only “%1” %* (double quote, percent one,

double quote, space, percent asterisk).

3.Go to HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\


4.On right panel delete the value Driver32

5.Go to HKEY_LOCAL_MACHINE\Software\Sircam and Delete the key Sircam

6.Go to MSDOS Prompt and go to Windows\System folder.

(C:\Windows\System or C:\Winnt\System32)

7.Type ATTRIB –S –H –R SCAM32.EXE to unhide Trojan file.

8.Type DEL SCAM32.EXE to delete Trojan file.

9.Go to the Recycled folder (C:\Recycled) and do steps 7 and 8 to delete the Trojan file hidden in the recycle bin because emptying this folder may not effectively do so.

10.Go to the Windows folder and Search for RUN32.EXE.

11.If present delete RUNDLL32.EXE and rename RUN32.EXE to RUNDLL32.EXE


13.Delete @win \recycled\Sirc32.exe

14.Restart Computer

There are 0 comments Re: W32.Sircam.Worm@mm -- Information and removal process
Create Thread & Post a Comment or Send This Page to a Friend
Chuck and Barbara Vande Wetering
PO Box 2205
Friday Harbor, WA 98250
----- Original Message -----
Sent: Thursday, July 26, 2001 6:10 PM
Subject: Yahoo Hit with Virus?

I have been unable to access the San Juan 23 WebPages this afternoon including the Management files. This may be just a temporary normal down time but I wondered if the "advice" virus might have hit them or me. I received that virus attached to an e-mail four times and deleted it without opening. In case you haven't heard, it is an e-mail soliciting the recipient's advice on the "attached". DON"T OPEN IT. Look for the key word advice in the body of the message. Mine was from a David Rosen whom I do not know so did not open attachment.
Chuck and Barbara Vande Wetering
PO Box 2205
Friday Harbor, WA 98250

Date Index | Thread Index