San Juan 23 mailing list

Mobile Geographics MapTap for PalmOS CelestNav for PalmOS IQ Booster for iQue 3600 SJ23 links tides

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Yahoo Hit with Virus?




Yes, I got it to. I thought I recognized the senders name, opened the attachment and zap I had it without realizing it. I had it both on my office and home computers. I ended up haveing a technician in to clean up my office machine then did mine at home. I am sorry for anyone that I may have infected.
 
Frank
-----Original Message-----
From: owner-sanjuan23@xxxxxxxxxxxxxxxxxxxxx [mailto:owner-sanjuan23@xxxxxxxxxxxxxxxxxxxxx]On Behalf Of Chuck vanDe Wetering
Sent: Friday, July 27, 2001 7:34 AM
To: sanjuan23@xxxxxxxxxxxxxxxxxxxxx
Subject: Re: Yahoo Hit with Virus?

It wasn't Yahoo, but rather my computer and a few SJ23 skippers who were in a member's address list. It was the W32SirCam Virus about which please read the warning and remedy furnished below: 
 
My apologies to any and all who may have gotten the e-mail asking for "advice" on an attachment.  It contained the Sir Cam worm/virus and stopped me dead.  I could not open any applications until windows 98 was re-installed.  Hopefully the info below will help stop the contagion.

 
 
::: Virus Alert:::


W32.Sircam.Worm@mm


W32.Sircam.Worm@mm contains its own SMTP engine, and propagates in a manner similar to the W32.Magistr.Worm. Due to what appears to be a bug, this worm does not replicate under Windows NT or 2000.

This worm propagates via email using SMTP commands by sending copies of itself to all addresses listed in an infected user's address book. It arrives in an email with a random subject line and an attachment by the same name. It also propagates via shared network drives.

Here is a collection of links to various anti virus companies and there information and removal tools.

Information and removal process from Sophos Anti Virus:
http://www.sophos.com/virusinfo/analyses/rmsirc.bat

Information and removal process from Symantec/Norton:
http://www.symantec.com/avcenter/venc/data/w32.sircam.worm@xxxxxxxxxxxxxxxxxxxx

Information and removal process from NAI/Mcafee:
http://vil.nai.com/vil/virusRemovalInstructions.asp?virus_k=99141

Information and removal process from F-secure:
http://www.f-secure.com/v-descs/sircam.shtml

Information and removal process from Panda software:
http://www.pandasoftware.com
Click on the link for the sircam on the right side of the page as this site is using frames.

Information and removal process from Trend Micro:
http://www.antivirus.com/pc-cillin/vinfo/virusencyclo/default5.asp?VName=TROJ_SIRCAM.A



To manually remove Trojan from (Trend Micro) for experienced users only…

1.Disconnect from the network

2.Run REGEDIT.EXE

Go to HKEY_CLASSES_ROOT\exefile\shell\open\command

On the right panel, double click on the (Default) value and remove

C:\Recycled\SirC32.exe leaving only “%1” %* (double quote, percent one,

double quote, space, percent asterisk).

3.Go to HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\

CurrentVersion\RunServices

4.On right panel delete the value Driver32

5.Go to HKEY_LOCAL_MACHINE\Software\Sircam and Delete the key Sircam

6.Go to MSDOS Prompt and go to Windows\System folder.

(C:\Windows\System or C:\Winnt\System32)

7.Type ATTRIB –S –H –R SCAM32.EXE to unhide Trojan file.

8.Type DEL SCAM32.EXE to delete Trojan file.

9.Go to the Recycled folder (C:\Recycled) and do steps 7 and 8 to delete the Trojan file hidden in the recycle bin because emptying this folder may not effectively do so.

10.Go to the Windows folder and Search for RUN32.EXE.

11.If present delete RUNDLL32.EXE and rename RUN32.EXE to RUNDLL32.EXE

12.Edit AUTOEXEC.BAT

13.Delete @win \recycled\Sirc32.exe

14.Restart Computer


There are 0 comments Re: W32.Sircam.Worm@mm -- Information and removal process
Create Thread & Post a Comment or Send This Page to a Friend
-
Chuck and Barbara Vande Wetering
PO Box 2205
Friday Harbor, WA 98250
wwp62@xxxxxxxxxxxxxxx
360-378-3194
http://www.geocities.com/Yosemite/Rapids/5493
----- Original Message -----
Sent: Thursday, July 26, 2001 6:10 PM
Subject: Yahoo Hit with Virus?

I have been unable to access the San Juan 23 WebPages this afternoon including the Management files. This may be just a temporary normal down time but I wondered if the "advice" virus might have hit them or me. I received that virus attached to an e-mail four times and deleted it without opening. In case you haven't heard, it is an e-mail soliciting the recipient's advice on the "attached". DON"T OPEN IT. Look for the key word advice in the body of the message. Mine was from a David Rosen whom I do not know so did not open attachment.
-
Chuck and Barbara Vande Wetering
PO Box 2205
Friday Harbor, WA 98250
wwp62@xxxxxxxxxxxxxxx
360-378-3194
http://www.geocities.com/Yosemite/Rapids/5493

Date Index | Thread Index