Another nasty virus doing the rounds, normally received from someone you know, "SirCam".......

McAfee are posting 'NO new Alerts' for viruses. There is nothing listed remotely similar to the "SirCam" you quote. Probably a hoax - again...........

Norton AntiVirus Web Site
http://www.symantec.com/avcenter/venc/data/[email protected]

W32.Sircam.Worm@mm
Discovered on: July 17, 2001
Last Updated on: July 19, 2001 at 06:56:06 PM PDT
SARC has upgraded the threat level of W32.Sircam.Worm@mm from 3 to 4, due to its increased rate of submissions.
W32.Sircam.Worm@mm contains its own SMTP engine, and propagates in a manner similar to the W32.Magistr.Worm.
Also Known As: W32/SirCam@mm, Backdoor.SirCam

InFinRetirement:

Don't know where you are looking, but McAfee listed this one on the same date (17 July 2001) as Norton. (Actually, about an hour and a half earlier :) )

See Virus Info (http://vil.mcafee.com/dispVirus.asp?virus_k=99141&)


Snooze

That is truly odd, as I only found out about it via an alert email from McAfee???????

I immediately updated my McAfee Activeshield with the patch that was available, just passing on the info to help others, ignore it at your peril, it is NOT a hoax........

Virus Profile

W32/SirCam@MM is a Medium Risk Virus

Virus Name:
W32/SirCam@MM Date Added:
7/17/01 5:20:40 PM


VIRUS FAMILY STATISTICS
Over the Past 30 Days


Virus Name Infected
Files Scanned
Files % Infected
Computers
W32/SirCam@MM 4,929 16,641 0.31


Virus Characteristics:
This mass-mailing virus attempts to send itself and local documents to all users found in the Windows Address Book and email addresses found in temporary Internet cached files (web browser cache).
It may be received in an email message containing the following information:

Subject: [filename (random)]
Body: Hi! How are you?

I send you this file in order to have your advice
or I hope you can help me with this file that I send
or I hope you like the file that I sendo you
or This is the file with the information that you ask for

See you later. Thanks

--- the same message may be received in Spanish ---

Hola como estas ?

Te mando este archivo para que me des tu punto de vista
or Espero me puedas ayudar con el archivo que te mando
or Espero te guste este archivo que te mando
or Este es el archivo con la información que me pediste


Nos vemos pronto, gracias.

--- end message ---

Attached will be a document with a double extension (the filename varies). The first extension will be the file type which was prepended by the virus. When run, the document will be saved to the C:\RECYCLED folder and then opened while the virus copies itself to C:\RECYCLED\SirC32.exe folder to conceal its presence and creates the following registry key value to load itself whenever .EXE files are executed:

HKCR\exefile\shell\open\command
\Default="C:\recycled\SirC32.exe" "%1" %*

As the RECYCLE BIN is often on the exclusion list, check your settings to insure that this directory IS being scanned.

It also copies itself to the WINDOWS SYSTEM directory as SCam32.exe and creates the following registry key value to load itself automatically:

HKLM\Software\Microsoft\Windows\CurrentVersion\
RunServices\Driver32=C:\WINDOWS\SYSTEM\SCam32.exe

A list of .GIF, .JPG, .JPEG, .MPEG, .MOV, .MPG, .PDF, .PNG, .PS, and .ZIP files in the MY DOCUMENTS folder is saved to the file SCD.DLL (the 2nd character of the name appears to be random) in the SYSTEM directory. Email addresses are gathered from the Windows Address Book and temporary Internet cached pages and saved to the file SCD1.DLL (the 2nd and 3rd character of the name appears to be random) in the SYSTEM directory.

The worm prepends a copy of the files that are named in the SCD.DLL file and attaches this copy to the email messages that it sends via a built in SMTP server, using one of the following extensions: .BAT, .COM, .EXE, .LNK, .PIF. This results in attachment names having double-extensions.

The program creates a registry key to store variables for itself (such as a run count, and SMTP information):
HKLM\Software\Sircam

--------------------------------------------------------------------------------

Thanks Snooze, I obviously didn't press the right buttons! Good! Because I was worried that McA had lost the drop on Norton. ;)

Here at the Towers we've received that virus 27 times in the last 48 hours, originally in Spanish but latterly the English version.

Usual tag onto the address book disemination by the look of it.

Also been receiving one which is just a note apparently regarding human physiology. It is a sentence describing the structure of the arm. We received about 6 of those.

Then again - we do get a lot of mail and perhaps someone just wanted to give us a break from our RSI inducing pounding of the keyboards here at the Towers............

Guys! Guys!
SOS--ASAP--HELP PLEASE ASAP.
I am struck with this crap from last night.
I used the norton anto virus, scanned all files folders, C drive and also used VOPT to do it. All said no viruses found,
But each time my Outlook Express is opened about 50 to 60 emails of Mail Administrator, Mail system Error emails flood in.

This is a copy of one of the SuperUser that was sent in my email.


MAIL DELIVERY STOPPED FOR YOUR MAIL TO [email protected]

Our viruschecker stopped delivery of this message due to:

./Resume2.doc.lnk: Contains a virus

If you feel this is an error contact [email protected]
within seven days and reference message virus20450
This message has also been sent to the recipient.

What am I to do? Please advice ASAP.
Should I download Zone Alarm / How do I get rid of it? I am not very well versed in this, So a step by step guidance will be VERY APPRECIATED

Yup, got it 3 times today and twice on Friday.
Thank you Norton for saving me a lot of grief .....

Look for the words;

Hi! How are you?

I send you this file in order to have your advice

See you later. Thanks

BASTARDS! :mad:

I had it too, e.g. I got in from a flight at 1am this morning and it looks like the wife had earlier decided to read two new emails sent to me - one started with the ubiquitous "Hi there,.... " and the other with "I send you this file in order to have your advice", and both of which included an attachment.

Now what tipped me off was my ZoneAlarm firewall software asking me if it was ok to allow an application called Sirc32.exe to access the internet ( "Uhm, what the bloody'ell is that ?!" thought I ) - no doubt so that it could make use of its embedded SMTP connectivity to spread itself about to all the contacts in my email list.

Nb. That warning from ZoneAlarm occurred literally as I opened MS-Outlook, as apparently what triggers the virus to run is you running any .exe program.

I then spent the next 10 minutes getting rid of it, via the instructions from Symantec (see below).

Nb. It has not been mentioned above, but the Symantec anti-virus centre reports that there is a 1 in 20 chance that this virus can delete all the files on your C: drive !!!
I'd accordingly highly recommend a good read of: Symantec - Security Updates - W32.Sircam.Worm@mm (http://www.symantec.com/avcenter/venc/data/[email protected])

Of course, as many of us PPRuNers have each others email address, one can see just why we are all simultaneously experiencing this virus.

Ps. I normally instantly bin all emails with attachments from unknown sources - which is what I subsequently did in this instance - I've also since bollocked the wife about opening emails, and I've also (re)applied passwords to my computer - talk about Pandora's box !

PPs. When / if you get infected by this virus, have a look in C:\Windows\Applog folder for a file with a name like Sirc32 and open it with Notepad / Wordpad and you might be able to see from who's computer the virus was spread to you, or to whom it was trying to send itself next....

I am getting it too but at least i use a Mac and it wont infect my machine but it does cause messages with long attachments to be sent to me.

For heaves sake, why do people still insist on opening emails with attachaments when they don't know who they are from or waht they are.

If you ever receive email from soemone or an address you don't know and it has an attachment then just delete it. Because fo some prople not bothering with anti virus software or just being too naive and opening every attachment we now have a serious problem with emails being sent and attached to them are the virus/worm and also some other documents off their computer.

Check your email software for viruses and DO NOT OPEN attachments from anyone if you don't know what it is ir have not specifically requested it. Better still, get yourselves a Mac and stop getting attacked by these PC viruses. :mad:

I got the Spanish version first. Unfortunately I opened the attachment as I have a Spanish friend who often sends me some cartoons in Spanish. Eventually cleared it with McAfee but to day another two attacks, one in Spanish and one in English. Both of them I blocked sender which deletes the entire message and the attachment without even opening the message.

From the VET Virus definition Encyclopedia
Win32.SirCam.137216
Win32.SirCam.137216 is an e-mail worm which sends itself as well as clean documents from an infected machine. The worm arrives in a message which may be either English or Spanish. The English messages appear like this:

Hi! How are you?
I send you this file in order to have your advice
See you later. Thanks

The middle is chosen from the following list. However, due to a bug in the worm's random number checking, the first line is always used:

I send you this file in order to have your advice
I hope you can help me with this file that I send
I hope you like the file that I sendo you
This is the file with the information that you ask for

The Spanish message looks like:

Hola como estas ?
Te mando este archivo para que me des tu punto de vista
Nos vemos pronto, gracias.

The middle line is from the following list, but once again only the first line is ever chosen:

Te mando este archivo para que me Des tu punto de vista
Espero me puedas ayudar con el archivo que te mando
Espero te guste este archivo que te mando
Este es El archivo con la información que me pediste

The attachment name is variable, but will have a double extension, for example "SCRIPT.DOC.PIF". The actual extension may be "PIF", "LNK", "BAT", "EXE" or "COM". The subject of the message matches the attachment name, except without the extensions. In the above example the subject would be "SCRIPT".

When run, the worm copies itself to "C:\RECYCLED\SirC32.exe" as well as "SCam32.exe" in the Windows System directory. It modifies two registry keys:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion \RunServices\Driver32="<Windows System>\SCam32.exe"
HKEY_CLASSES_ROOT\exefile\shell\open\command=""C:\recycled\SirC32.exe" "%1" %*"

The first key causes the worm to run when Windows starts. The second causes the worm to be run whenever any .EXE program is executed. The worm gets a list of .DOC, .XLS and .ZIP files in the "My Documents" folder. It appends one of these files to the end of itself and saves the result to the Recycled folder, adding the second extension to the filename as listed previously. This file is attached to the emails that the worm sends.

The worm may make several copies of itself with different DOC, XLS or ZIP files attached, depending upon what it finds in the "My Documents" folder. It continually sends these copies out to addresses it finds in the Windows address book and Internet cache files, and may send multiple copies to the same address.

The worm also spreads using Windows shared drives. If it finds a share with a "RECYCLED" directory it copies itself into that directory with the name "SirC32.exe". If it finds an "AUTOEXEC.BAT" file on the share it adds the following line to it:

@win \recycled\SirC32.exe

Finally, it looks for "\windows\rundll32.EXE" on the share and replaces it with the worm, renaming the original to "run32.exe". When the worm is executed from "rundll32.exe" it automatically executes the backup file "run32.exe".

The worm contains two payloads. One deletes all files and subdirectories on the hard drive which Windows is installed on (usually C :). The other writes a file called "SirCam.Sys" to the "Recycled" directory. Neither of these payloads are activated under normal circumstances due to the bug in the worm's random number checking. However, they may be activated if one of the worm's files is renamed or modified before being run.

Detection for this worm has been added to the following virus engine/virus signature combination. Install this update or later to ensure protection:

CA Anti-Virus Product Engine/Signature
InoculateIT 4.x 26.10
InoculateIT 6.0 23.44.10
InoculateIT Personal Edition 5.2/1344
VET 10.3/1344

Once again, looks like taking the trouble to get a good virus detector and installing Zone Alarm can help protect you from others.

Earlier today I looked at R&N and followed Crash Dive's advice to check files, fortunately none found. I have just read all the above posts and realise that I was sent the virus but because I did not recognise the sender I did not open it but sent it back to the sender using the "Reply" facility and asking the sender to identify themself before I would open their email. Needless to say I haven't had a reply. The email was sent by "newscafe5" and contained the phrases mentioned earlier in this thread. Thanks everyone, I might have been tempted to open it but your information stopped me. It has now been deleted without being opened and a search shows I am still clear. :eek:

Why do I never get any of these exciting new viruses? I want one, so I can be smug that I don't use Outlook and they never work on Netscape!

Send Clowns,

I have not actually received this one yet, I had an alert email from McAfee about it, and immediately updated my McAfee Activeshield, as well as posting this thread.

I have only ever had three viruses come in, all caught by Activeshield BEFORE I opened them.

If you like, next time I get one I will forward it???

:D

Best regards,

"lame"

Yep, its out there .....
We just recieved the following message from Air Vallee (Italy) .....

----- Original Message -----
From: <[email protected]>
To: <[email protected]>
Sent: Tuesday, July 24, 2001 12:00 AM
Subject: DO RES SAMPLE


Hi! How are you?

I send you this file in order to have your advice

See you later. Thanks

........

The attachment contained the virus.

With a previous client (and a message and file name - the same as title - that made logical sense) I nearly ignored the company rule to copy to external disc and scan - fortunately I decided on caution at the last moment. Current edition (updated 20JUL) of Norton Antivirus picked it up but was only able to quarantine (unable to fix).

Phew ... Nearly had to sack myself then !!!!

Bugger, it got me, it came disguised as a request for a student file. Thanks to the good advice on here, I think I've got rid of it by downloading that file thingy. First time around it said I had been unsuccessful in getting rid of the virus, second time around it worked (or said it did)
I dread to think how many of my confidential files have been disseminated. I only realised when one of them bounced back.

So thank you again to all of you clever computer people here on Pprune for showing the way to get rid of it and I promise I won't open strange attachments again!

McAfee updated this virus on July 23 to the HIGHEST level that they give to a virus, be VERY careful........

They estimate that over 3% of ALL computers are now infected.........

Received one this morning from HKG. Suspect it was forwarded from one of the guys from CX who don't like my views on their little "action".
Deleated unopened, as usual.
Think the word is starting to get around about these problems.
Don't open....unless you know positively know who it's from.

411A - your last line SHOULD read 'know what it is', not 'who it is from': the whole point about any assault is that it COULD come from an infected 'friend'

BOAC---
You are quite right.
I forwarded same to a friend of mine at the NSA, as the USA has criminal penalties for this sort of behavior.
HKG government concurs.
Maybe jail time will be the result. Hope so!!

McAfee are now saying that there are at least 4 variations of SirCam, and between them they have infected over 5% of all computers........

Also a newer one now, but only LOW risk, W32/Parrot@MM

Once again I read from some of the replies here that there are still people who are accepting the fact that an email may be from someone they know and have an attachment then it is OK to open it. DON'T.

I will reiterate here what I have been telling everyone who will take the time to read this: Never, ever, ever, EVER, E V E R, open ANY attachment to an email unless you have specifically requested it from someone you know. Only by sticking to that rule will you be certain that you will not get contaminated by this nasty virus.

Also, never, ever, EVER, reply, forward or send back the email with the attachment. The address show as who it is from may and most probably will not be the person who actually sent the virus to you. The virus is not sent deliberately or knowingly but works in the background of your PC and sends them when you are logged on. You may just be sending the virus to someone who is not yet infected and thus helping to spread it instead of trying to contain it.

I am receiving over 50 of these horrible little emails with attachments, some of them over a megabyte in size, every day. To stop my internet connection slowing down when my email software tries to download my email when I first log on I do the following:

If I have been offline for more than an hour or so then before I launch my email software I launch my browser and go to Mail2Web (http://www.mail2web.com) and from there I can log into my mail server and see all the messages waiting to be downloaded. It is very easy to spot all the ones with the virus as they are all over 100Kb in size. From the screen I can delete all the infected files and at the same time all the spam gets deleted. I do this for several accounts that I use.

Once I have deleted the messages I don't want I then launch my email software and only the mail I want is downloaded for reading.

After this, as I am often logged on for several hours it is not a major problem because my email software scans my email server for new mail every 5 minutes and a longer than normal download is not a problem as it goes on in the background. As soon as I see ANY email with an attachment then it is automatically deleted.

So, there you have it... Don't reply or resend any of the messages you receive with attachments, whether SirCam or whatever. Definitely DO NOT open any attachments. Just get into the habit of DELETING the whole email as soon as you receive it. Trust me, you will not be missing anything.

Unfortunately there will always be people who do not understand all this and there will be those too stupid to heed the information and those too inquisitive to not open an attachment so we will always have to be on our guard for thse viruses. The little gob*****s who write them need to be locked up but instead they will probably be recruited by the intelligence services of various countries and be paid handsomely to disrupt the 'enemies' IT infrastructure.

Just remember: NEVER, EVER, EVER, open ANY attachments unless you specifically requested it. Just trash the email and get on with your life.

Danny,

I agree with all you said, however even when you are expecting an email you must still be very careful.

I have only ever had three separate viruses reach my computer over the years, luckily all stopped by my MCAfee Activeshield before they did any harm.

One of them, several years ago now, was from a very reputable Hotel in Hong Kong. I had sent them an email asking for some details of the Hotel for a planned trip. When I received an email reply, with attachment, the next day I went to download the attachment, as I had asked for this information, and Activeshield warned me NOT to as it was infected.

So even an email that you are expecting, from a reputable source, can still be trouble.......

Best regards,

"lame"

Better still... get a Mac and you can't get infected with all those crappy PC viruses. :cool:

If you write to anyone requesting information tell them not to send it as an attachment but just type the details into the email. So much easier and less risky.

Anyone who buys a PC and runs any Microsoft software, including Windoze XX deserves everything they get. Anyone with a teeny bit of originality will go for something that isn't bog standard Microcrap and won't suffer the consequences of a second rate operating system and the multitudes of viruses and worms that are written every day by spotty oiks. It never ceases to amaze me how many people buy a PC running MS crapware just because everybody else does. Like lambs to the slaughter! :rolleyes:

Off soapbox!

Does this mean you don't like MS crapware then :D

Its obvious he does, really, he just doesn't want to seem too keen!

[ 28 July 2001: Message edited by: BOAC ]

Don't hold back Danny........

Have taken your advice, just been down the road and bought a Big Mac, also some French Fries and a Coke.

Now I am safe?

:D

Hey Lame, I hope you left some of the Big Macs for the rest of us, 'cos when the rush starts..............

Lame - have you checked the constituents of your Mac? You and BOAC should check the "Macdonalds, Fries and Mice" thread on page 2 of Jetblast BEFORE tucking in. I don't recommend it afterwards. :eek: :eek:

[ 28 July 2001: Message edited by: DX Wombat ]

[ 28 July 2001: Message edited by: DX Wombat ]

Norton found this one yesterday when I downloaded my email. It is #2 on the threat list behind Sircam. It sends messages to your unread mail. :eek:

W32.Badtrans.13312@mm
Discovered on: April 11, 2001
Last Updated on: June 21, 2001 at 07:40:49 AM PDT
Due to an increase in the number of submissions, W32.Badtrans.13312@mm has been upgraded to a Category 4 threat. It is a MAPI worm that replies to all unread messages in your email message folders and drops a backdoor Trojan.
Also Known As: W32/Badtrans-A, W32/Badtrans@MM, BadTrans, IWorm_Badtrans, I-Worm.Badtrans, TROJ_BADTRANS.A
Category: Worm

 Payload:
 Large scale e-mailing: It replies to all unread messages in the message folders within the default MAPI email program.
 Compromises security settings: It drops a backdoor Trojan.
Technical description:

When the worm is executed, it drops the backdoor Trojan Hkk32.exe into the \Windows folder and executes it. It then copies itself into the \Windows folder as inetd.exe, adds a run= line to the Win.ini file, and displays the following message: File data corrupt:
Probably due to bad data transmission or bad disk access.

The next time that the computer is restarted, the worm waits for five minutes and then uses MAPI to find all unread email messages and reply to all of them. The worm attaches itself to the message using one of the following file names:
Pics.ZIP.scr
images.pif
README.TXT.pif
New_Napster_Site.DOC.scr
news_doc.scr
hamster.ZIP.scr
YOU_are_FAT!.TXT.pif
searchURL.scr
SETUP.pif
Card.pif
Me_nude.AVI.pif
Sorry_about_yesterday.DOC.pif
s3msong.MP3.pif
docs.scr
Humor.TXT.pif
fun.pif

McAfee have this listed too, it is as you said a fairly old one, found on 11-4-2001 originating they say from New Zealand. They have it as a medium risk, nothing like as bad as Sircam.

Only W32/Parrot@MM is newer than Sircam, and it is low risk so far.

So, Wombat, you are saying that Mac's come with a mouse?

Apparently one did and it WAS the furry, deceased variety not a useful bit of computer equipment. Wish I could remember where I read about it. :eek: :eek: :eek:

Following is latest from Microsoft on Code Red............

The Microsoft Security Response Center, along with other
organizations listed below, is jointly publishing this alert that
ALL IIS ADMINISTRATORS ARE ASKED TO READ

A Very Real and Present Threat to the Internet:
July 31 Deadline For Action

Summary:

The Code Red Worm and mutations of the worm pose a
continued and serious threat to Internet users. Immediate action
is required to combat this threat. Users who have deployed
software that is vulnerable to the worm (Microsoft IIS
Versions 4.0 and 5.0) must install, if they have not done so
already, a vital security patch.

How Big Is The Problem?

On July 19, the Code Red worm infected more than 250,000 systems
in just 9 hours. The worm scans the Internet, identifies
vulnerable systems, and infects these systems by installing
itself. Each newly installed worm joins all the others causing
the rate of scanning to grow rapidly. This uncontrolled growth
in scanning directly decreases the speed of the Internet and
can cause sporadic but widespread outages among all types of
systems. Code Red is likely to start spreading again on
July 31st, 2001 8:00 PM EDT and has mutated so that it may be
even more dangerous. This spread has the potential to disrupt
business and personal use of the Internet for applications such
as electronic commerce, email and entertainment.

Who Must Act?

Every organization or person who has Windows NT or Windows 2000
systems AND the IIS web server software may be vulnerable.
IIS is installed automatically for many applications. If you
are not certain, follow the instructions attached to determine
whether you are running IIS 4.0 or 5.0. If you are using
Windows 95, Windows 98, or Windows Me, there is no action that
you need to take in response to this alert.

What To Do If You Are Vulnerable?

a. To rid your machine of the current worm, reboot your computer.
b. To protect your system from re-infection:
Install Microsoft's patch for the Code Red vulnerability problem:

- - Windows NT version 4.0:
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=30833

- - Windows 2000 Professional, Server and Advanced Server:
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=30800

Step-by-step instructions for these actions are posted at http://www.microsoft.com/technet/treeview/default.asp?
url=/technet/itsolutions/security/topics/codeptch.asp

Microsoft's description of the patch and its installation,
and the vulnerability it addresses is posted at: http://www.microsoft.com/technet/treeview/default.asp?
url=/technet/security/bulletin/MS01-033.asp

Because of the importance of this threat, this alert is
being made jointly by:

Microsoft
The National Infrastructure Protection Center
Federal Computer Incident Response Center (FedCIRC)
Information Technology Association of America (ITAA)
CERT Coordination Center
SANS Institute
Internet Security Systems
Internet Security Alliance

-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.3

iQEVAwUBO2Wpgo0ZSRQxA/UrAQFQeQgAgmva53MJdjGF4u4oFXcAJICgf+1YTd1n
IJ7XIPPjTFkc5/8Fqe0lbFY7ZeBNAvGGI276RPkebmTz1WAJ08MNe9uvMJAuyULw
nOU8sMIO7S0Z5Z65/UYow0ui2qLVdmioqf809RAydHPdj1GINU0yDNS1HwwfjZia
0wBN+GjyjbdMU6bgMadoMdRgvCwdx2Jzr8ExAnFeNtLxRjwct3mv23bCrln1 h80I
4awW0GPPd5iFzLIZX+QVh9/qkPdYm3SD1e8rs8GK69dub1AsVoKdXea+EHb3YckO
9XfuZdhxy6I+PnZJ8woSSNqtuZ2zKuS+q4kdPt0Abh0ToCbR4jK91A==
=a2a5
-----END PGP SIGNATURE-----

The PPRuNe server doesn't use a Microsoft operating system. If I installed any Microsoft software on it Danny would ask me to attend a "tea and biscuits" meeting... :eek: :D

[ 31 July 2001: Message edited by: PPRuNe Dispatcher ]

It is worth noting that this virus does NOT affect Win95,Win98 or WinMe.

Wanna bet there won't be a derivative of the virus that will infect ANY Microcrap OS within a very short period?

Anyone using ANY software produced by 'The Dark Side' will inevitably get attacked at regular intervals. They provide so many weak points in their software that hackers and other evildoers can't resist the chaos they can cause because of the vast majority of sheeplike followers of their operating system who never realised that there have always been better alternatives out there. :rolleyes:

Code Red may not infect Windoze 95, 98 or whatever but the Sircam virus does and I strongly advise anyone who hasn't checked yet to do so immediately as it is an extremely painful virus to deal with. I am currently receiving over 50 a day. I have to log into my mailbox with a browser and delete the damn things before I launch my email software and download the rest of my messages.

I don't open the attachments but some of you have got some bizzare tastes judging by the names on some of those files! :eek:

Good points there Danny. No doubt about it. It is true that others will find a way to overcome anything that is put in their way. That's the game isn't it? A computer is a one armed bandit to them. They have to try to beat it.

However, I have downloaded a brilliant little programme from McAffee for SirCam that not only cleans your system, but prevents any re-infection. Until............oh well for the time being -I have a Zip file of about 567mb I am happy to send to anyone who wants it.

Just e-mail me and I'll get it to you.

PPRuNe Pop
Administrator
[email protected]

Back to the top.........