San Juan 23 mailing list
|Mobile Geographics||MapTap for PalmOS||CelestNav for PalmOS||IQ Booster for iQue 3600||SJ23||links||tides|
It wasn't Yahoo, but rather my computer and a few SJ23 skippers who were in a member's address list. It was the W32SirCam Virus about which please read the warning and remedy furnished below:
My apologies to any and all who may have gotten the e-mail asking for "advice" on an attachment. It contained the Sir Cam worm/virus and stopped me dead. I could not open any applications until windows 98 was re-installed. Hopefully the info below will help stop the contagion.
W32.Sircam.Worm@mm contains its own SMTP engine, and propagates in a manner similar to the W32.Magistr.Worm. Due to what appears to be a bug, this worm does not replicate under Windows NT or 2000.
This worm propagates via email using SMTP commands by sending copies of itself to all addresses listed in an infected user's address book. It arrives in an email with a random subject line and an attachment by the same name. It also propagates via shared network drives.
Here is a collection of links to various anti virus companies and there information and removal tools.
Information and removal process from Sophos Anti Virus:
Information and removal process from Symantec/Norton:
Information and removal process from NAI/Mcafee:
Information and removal process from F-secure:
Information and removal process from Panda software:
Click on the link for the sircam on the right side of the page as this site is using frames.
Information and removal process from Trend Micro:
To manually remove Trojan from (Trend Micro) for experienced users only…
1.Disconnect from the network
Go to HKEY_CLASSES_ROOT\exefile\shell\open\command
On the right panel, double click on the (Default) value and remove
C:\Recycled\SirC32.exe leaving only “%1” %* (double quote, percent one,
double quote, space, percent asterisk).
3.Go to HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\
4.On right panel delete the value Driver32
5.Go to HKEY_LOCAL_MACHINE\Software\Sircam and Delete the key Sircam
6.Go to MSDOS Prompt and go to Windows\System folder.
(C:\Windows\System or C:\Winnt\System32)
7.Type ATTRIB –S –H –R SCAM32.EXE to unhide Trojan file.
8.Type DEL SCAM32.EXE to delete Trojan file.
9.Go to the Recycled folder (C:\Recycled) and do steps 7 and 8 to delete the Trojan file hidden in the recycle bin because emptying this folder may not effectively do so.
10.Go to the Windows folder and Search for RUN32.EXE.
11.If present delete RUNDLL32.EXE and rename RUN32.EXE to RUNDLL32.EXE
13.Delete @win \recycled\Sirc32.exe
There are 0 comments Re: W32.Sircam.Worm@mm -- Information and removal process
Create Thread & Post a Comment or Send This Page to a Friend
Chuck and Barbara Vande Wetering
PO Box 2205
Friday Harbor, WA 98250