SASPEEDRACER24 Posted January 27, 2004 Report Share Posted January 27, 2004 Just wanted to give you all a heads up on a new virus that I mistakenly opened. If you recieve a message from me with: "The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment. or "the message contains unicode characters and has been sent as a binary attachment," Do Not Open the Attachment! It will email itsself to all the adresses in your Adressbook and also plants a hidden program that will record your keystrokes according to McAffee... If you recieve anything that looks like this dont even open the email just delete it... Marc Link to comment Share on other sites More sharing options...
ChuckLicata Posted January 27, 2004 Report Share Posted January 27, 2004 Once again proving you should NEVER open an email from an address that you don't know!!! Link to comment Share on other sites More sharing options...
daffynmark Posted January 27, 2004 Report Share Posted January 27, 2004 Hey Chuck: I got that e-mailed "from me" "to me" so just avoiding attachments from people you don't know...won't stop this one. The virus has also started to change subject lines so beware of that. Even the name of the attachment has started to change. All of mine have come across with a 'zip' extension so far. In addition to the possibility of recording keystrokes, usernames, and passwords, it also leaves a back door open on your system so hackers can take over your computer remotely. Here is more info for those who are interested: http://us.mcafee.com/virusInfo/default.asp...100983&cid=9539 And McAfee will scan your somputer to check for the virus here: http://us.mcafee.com/root/mfs/default.asp?cid=9540 Link to comment Share on other sites More sharing options...
dancer52 Posted January 27, 2004 Report Share Posted January 27, 2004 I received about 4 variations of this virus at work today. All four came from address's within my work place. I still just deleted them since I did not recognized the person's name. Link to comment Share on other sites More sharing options...
KrisFrost Posted January 27, 2004 Report Share Posted January 27, 2004 It may look like I am sending out this virus but I do not have this virus on any of my computers. Several emails have bounced back to my inbox because the return address has been spoofed. The reply address includes anyname@frostracing.com but a reply address is easily falsified by the MyDoom virus. Sorry, It ain't me. Link to comment Share on other sites More sharing options...
SASPEEDRACER24 Posted January 27, 2004 Author Report Share Posted January 27, 2004 The subject lines on an infected email are usually garbled so just be careful. The email I got I recognized the sender so I just thought it was a mistake.... Just have to watchout for the contents I.E. if the person doesnt usually send attachments that you know dont open the attachment and so on... Marc Link to comment Share on other sites More sharing options...
Jason Posted January 27, 2004 Report Share Posted January 27, 2004 Yeah I have received about 50 of these so far today. Sent to brian@texasspeedzone.com, jim@texasspeedzone.com, etc. What is funny is that these email addys dont exist so they all come to my mail because I have "Catch All" enabled when someone emails the TSZ server and the mail address doesnt work. Jason Link to comment Share on other sites More sharing options...
ChuckLicata Posted January 28, 2004 Report Share Posted January 28, 2004 Hey Chuck: I got that e-mailed "from me" "to me" so just avoiding attachments from people you don't know...won't stop this one. Thanks for the info, Daffynmark.. Link to comment Share on other sites More sharing options...
racerjim2 Posted January 28, 2004 Report Share Posted January 28, 2004 Man I think I got it I had 2 return e-mails in my in box about returned due to virusone was to jason but I did not send it Link to comment Share on other sites More sharing options...
SASPEEDRACER24 Posted January 28, 2004 Author Report Share Posted January 28, 2004 One way to tell if you have it on your computer is to do a file search with Windows Explorer for this file.... taskmon.exe .... If you have this file it looks like you have the virus... Or if you click this link McAfee Security There is a diagnosing tool on it... Link to comment Share on other sites More sharing options...
KrisFrost Posted January 29, 2004 Report Share Posted January 29, 2004 Hey, I think the taskmon.exe file is supposed to be on all Windows boxes. See this link http://www.liutilities.com/products/wintas...ibrary/taskmon/ or this one http://www.annoyances.org/exec/forum/winme/r1073304215 I find taskmon.exe on my box and it is not infected. Kris Link to comment Share on other sites More sharing options...
racerjim2 Posted January 29, 2004 Report Share Posted January 29, 2004 updated my virus scan today and ran te program showing no infected files.also did a little reading and it says that if you get thede mesages it does not mean you are infected Link to comment Share on other sites More sharing options...
SASPEEDRACER24 Posted January 29, 2004 Author Report Share Posted January 29, 2004 Kris, I think that is the file that gets targeted by the virus now that I look at it becasue it also does some stuff to the registry. It also added 2 files to my shared file folder.... one was Office_Crack another shimgapi and winamp5... All three files didnt show up on the inital scan that I run everynight it wasnt untill I recieved a new patch that thoses files were found and either cleaned or deleted... In regards to the taskmon file I copied this direct from the McAfee virus information page for MyDoom... When this file is run (manually), it copies itself to the WINDOWS SYSTEM directory as taskmon.exe %SysDir%\taskmon.exe (Where %Sysdir% is the Windows System directory, for example C:\WINDOWS\SYSTEM) It creates the following registry entry to hook Windows startup: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\ CurrentVersion\Run "TaskMon" = %SysDir%\taskmon.exe The virus uses a DLL that it creates in the Windows System directory: %SysDir%\shimgapi.dll (4,096 bytes) This DLL is injected into the EXPLORER.EXE upon reboot via this registry key: HKEY_CLASSES_ROOT\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InProcServer32 "(Default)" = %SysDir%\shimgapi.dll The virus will not replicate on the 12th February or later (although the DLL will still be installed). After I ran the new patch for McAfee it cleaned the taskmon file along with the others listed above... Link to comment Share on other sites More sharing options...
rebelracewriter Posted January 29, 2004 Report Share Posted January 29, 2004 In English Marc, PLEASE in English!!! Link to comment Share on other sites More sharing options...
KrisFrost Posted January 29, 2004 Report Share Posted January 29, 2004 Oh ok, it looks like the virus infects or overwrites the taskmon.exe file in addition to moving itself into the kazaa share area. I hope it really stops on Feb 12th. That would be good news... I have been deleting from 140 to 240 virus emails each night this week. Kris. Link to comment Share on other sites More sharing options...
SASPEEDRACER24 Posted January 29, 2004 Author Report Share Posted January 29, 2004 Reb just makesure your virus software is up to date and that you check it regularly... The software will do all the work... Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.