W32/SirCam@MM virus affecting PPRuNe users
Moderator
Thread Starter
Join Date: May 1998
Location: .
Posts: 250
Likes: 0
Received 0 Likes
on
0 Posts
W32/SirCam@MM virus affecting PPRuNe users
Folks, I'm sorry to say this but we might be having a problem with the above named virus.
The reason being that many of us PPRuNers have each others email address, and accordingly, as a group, many of us are simultaneously experiencing it.
To try and arrest its progress, could I ask that you all click on 'Start / Find / Files or Folders' and search for any files on the C: drive called Sirc32 - if you find some, then please do have a read of the following item in posted in the Computer/Internet Issues forum: BEWARE, YET ANOTHER NASTY VIRUS......
The reason being that many of us PPRuNers have each others email address, and accordingly, as a group, many of us are simultaneously experiencing it.
To try and arrest its progress, could I ask that you all click on 'Start / Find / Files or Folders' and search for any files on the C: drive called Sirc32 - if you find some, then please do have a read of the following item in posted in the Computer/Internet Issues forum: BEWARE, YET ANOTHER NASTY VIRUS......
Join Date: Jan 2001
Location: The Burrow, N53:48:02 W1:48:57, The Tin Tent - EGBS, EGBO
Posts: 2,297
Likes: 0
Received 0 Likes
on
0 Posts
Thanks for the warning. I've had a look and fortunately I'm OK. The anti-virus must be working. I'll pass the warning on to other friends.
Join Date: Jun 2001
Location: Surrounded by aluminum, and the great outdoors
Posts: 3,780
Likes: 0
Received 0 Likes
on
0 Posts
Turned up as an e-mail on good old yahoo...virus scanner caught it before i opened up....titled "volleyball" with the standard message text...then the virus in the attachment...
Join Date: Apr 2000
Location: 30 West
Age: 65
Posts: 926
Likes: 0
Received 0 Likes
on
0 Posts
Got a copy myself tonight from 'Jim' but deleted it OK. Something about a PT6 engine but had the normal question - Hi! how are you ?. Antivirus didn't pick it up though. Be careful !
Chief Tardis Technician
Join Date: Jan 2001
Location: Western Australia S31.715 E115.737
Age: 71
Posts: 554
Likes: 0
Received 0 Likes
on
0 Posts
Lame,
shouldn't that read "Ground check C/- No Fault found. Air test required"
(Any excuse to go flying)
Edited due to early morning spelling failure.
[ 23 July 2001: Message edited by: Avtrician ]
shouldn't that read "Ground check C/- No Fault found. Air test required"
(Any excuse to go flying)
Edited due to early morning spelling failure.
[ 23 July 2001: Message edited by: Avtrician ]
Join Date: Nov 2000
Location: Perm any one from 3 !
Posts: 310
Likes: 0
Received 0 Likes
on
0 Posts
Yep, its out there .....
We just recieved the following message from Air Vallee (Italy) .....
----- Original Message -----
From: <[email protected]>
To: <[email protected]>
Sent: Tuesday, July 24, 2001 12:00 AM
Subject: DO RES SAMPLE
Hi! How are you?
I send you this file in order to have your advice
See you later. Thanks
........
The attachment contained the virus.
With a previous client (and a message and file name - the same as title - that made logical sense) I nearly ignored the company rule to copy to external disc and scan - fortunately I decided on caution at the last moment. Current edition (updated 20JUL) of Norton Antivirus picked it up but was only able to quarantine (unable to fix).
Phew ... Nearly had to sack myself then !!!!
[ 24 July 2001: Message edited by: TimS ]
[ 24 July 2001: Message edited by: TimS ]
We just recieved the following message from Air Vallee (Italy) .....
----- Original Message -----
From: <[email protected]>
To: <[email protected]>
Sent: Tuesday, July 24, 2001 12:00 AM
Subject: DO RES SAMPLE
Hi! How are you?
I send you this file in order to have your advice
See you later. Thanks
........
The attachment contained the virus.
With a previous client (and a message and file name - the same as title - that made logical sense) I nearly ignored the company rule to copy to external disc and scan - fortunately I decided on caution at the last moment. Current edition (updated 20JUL) of Norton Antivirus picked it up but was only able to quarantine (unable to fix).
Phew ... Nearly had to sack myself then !!!!
[ 24 July 2001: Message edited by: TimS ]
[ 24 July 2001: Message edited by: TimS ]
Join Date: Jul 2000
Location: closer to ORL than to MCO
Posts: 20
Likes: 0
Received 0 Likes
on
0 Posts
Same as TimS. Didn't recongnise who the message was from, it appeared to be someone's name . . . seem to remember the subject was something like Do9 and it had a time signature of (GMT) +0700 (a time zone where I know no one).
The text was exactly the same (I did not open the message, only looked at it in message preview), and there was an attachment (which I did not open).
Trashed unread/unopened, and recycle bin emptied.
The text was exactly the same (I did not open the message, only looked at it in message preview), and there was an attachment (which I did not open).
Trashed unread/unopened, and recycle bin emptied.
Chief PPRuNe Pilot
Join Date: May 1996
Location: UK
Age: 68
Posts: 16,650
Likes: 0
Received 0 Likes
on
0 Posts
This is a plea to everyone who reads this. If you have my email address in your address book and I do not know you please remove it. You can always contact me through the links here.
Time for a bit of basic education:
Never, ever, ever, ever... EVER open an attachment in an email unless you specifically requested it and are expecting it!!!!! People who are too inquisitive are 99% likely to infest their system with a virus/worm. The latest one is particularly nasty because it not only emails itself to your entire address book but also attaches a randomly selected file from your personal private directories.
The attachments are several hundred kb in size and can rapidly cause your email service to shut you down as your mailbox becomes overloaded. Additionally the the virus will eventually delete your hard drive and may even cause irrepearable damage to your motherboard.
Anyone who has this virus and does not bother with virus protection software or is too lazy to be bothered will eventually suffer the consequences as their hard drive self destructs. At least we will be spared any more contamination from them until they reconfigure their drives and get back on line.
Personally I cannot be infected by these virus/worms as I use the MacOS, but, because I receive so many emails every day and now the numbers are doubling with infected emails from people who I have never even heard of but who, for some obscure reason, have my address in their address book. Because someone ignorantly sent a mass mailing including my address and didn't use the BCC field instead of the To or CC my address, and probably yours if you have ever received emails with long lists of recipients, is now in thousands of address books and many of those will be infected and are sending me large attachments and so clogging up your and my system.
I suggest to anyone who is receiving these emails to log into Mail2Web before they launch their email program and delete any emails that are more than about 100kb in size from their accounts. When they log in using their normal email software the infected mails won't be there and thus reduce the risk of inadvertantly opening an infected file.
Please remember.... NEVER, EVER, EVER, EVER open an attachment of any kind unless you specifically requested it and are expecting it. If you are the kind of person who for some unfathomable reason likes to send attachments of any kind with your email, tough! Get into the habit of asking someone first if they would like to receive whatever you have to send. This way we will eventually beat thsi particularly nasty virus.
[ 24 July 2001: Message edited by: Capt PPRuNe ]
Time for a bit of basic education:
Never, ever, ever, ever... EVER open an attachment in an email unless you specifically requested it and are expecting it!!!!! People who are too inquisitive are 99% likely to infest their system with a virus/worm. The latest one is particularly nasty because it not only emails itself to your entire address book but also attaches a randomly selected file from your personal private directories.
The attachments are several hundred kb in size and can rapidly cause your email service to shut you down as your mailbox becomes overloaded. Additionally the the virus will eventually delete your hard drive and may even cause irrepearable damage to your motherboard.
Anyone who has this virus and does not bother with virus protection software or is too lazy to be bothered will eventually suffer the consequences as their hard drive self destructs. At least we will be spared any more contamination from them until they reconfigure their drives and get back on line.
Personally I cannot be infected by these virus/worms as I use the MacOS, but, because I receive so many emails every day and now the numbers are doubling with infected emails from people who I have never even heard of but who, for some obscure reason, have my address in their address book. Because someone ignorantly sent a mass mailing including my address and didn't use the BCC field instead of the To or CC my address, and probably yours if you have ever received emails with long lists of recipients, is now in thousands of address books and many of those will be infected and are sending me large attachments and so clogging up your and my system.
I suggest to anyone who is receiving these emails to log into Mail2Web before they launch their email program and delete any emails that are more than about 100kb in size from their accounts. When they log in using their normal email software the infected mails won't be there and thus reduce the risk of inadvertantly opening an infected file.
Please remember.... NEVER, EVER, EVER, EVER open an attachment of any kind unless you specifically requested it and are expecting it. If you are the kind of person who for some unfathomable reason likes to send attachments of any kind with your email, tough! Get into the habit of asking someone first if they would like to receive whatever you have to send. This way we will eventually beat thsi particularly nasty virus.
[ 24 July 2001: Message edited by: Capt PPRuNe ]
Moderator
Thread Starter
Join Date: May 1998
Location: .
Posts: 250
Likes: 0
Received 0 Likes
on
0 Posts
Yep, heads up everbody !!
I've literally just recieved another dodgy email - complete with attachment - read as follows:
Now as per Danny's advice above - if you get any unsolicited emails, especially those with attachments, do NOT open them, repeat do NOT open them !!!!
So one and all, please make sure that your virus shields are up and current. Also, invest in some firewall software, as this will help to stop you from passing on virus's such as this one.
We owe it to each other to be vigilant.
Ps. WARNING !!! Do NOT send anthying back to the eamil address for DGillanders above, as this is almost 100% certainly not the email address of the sender of the virus - who ever sent that has covered their tracks - and we do not want PPRuNe to be associated with a 'denial of service' attack, OK ?!
I've literally just recieved another dodgy email - complete with attachment - read as follows:
From: D.Gillanders [[email protected]]
Sent: Tue - 24 July 2001 17:46
To: [email protected]
Subject: Fire Insurance
Hi! How are you?
I send you this file in order to have your advice
See you later. Thanks
Sent: Tue - 24 July 2001 17:46
To: [email protected]
Subject: Fire Insurance
Hi! How are you?
I send you this file in order to have your advice
See you later. Thanks
So one and all, please make sure that your virus shields are up and current. Also, invest in some firewall software, as this will help to stop you from passing on virus's such as this one.
We owe it to each other to be vigilant.
Ps. WARNING !!! Do NOT send anthying back to the eamil address for DGillanders above, as this is almost 100% certainly not the email address of the sender of the virus - who ever sent that has covered their tracks - and we do not want PPRuNe to be associated with a 'denial of service' attack, OK ?!
Join Date: May 2001
Location: England
Posts: 1,904
Likes: 0
Received 0 Likes
on
0 Posts
Yep, I received the first one about a week ago and have recieved 6 more since, from 7 different people I don't even know! 
The removal tool works great:
http://www.symantec.com/avcenter/ven...oval.tool.html
[ 24 July 2001: Message edited by: Superpilot ]
The removal tool works great:
http://www.symantec.com/avcenter/ven...oval.tool.html
[ 24 July 2001: Message edited by: Superpilot ]
Dir. PPRuNe Line Service
From the number of viruses I've received this week something has been confirmed :
Far too many people can't be bothered to install a virus checker and keep it updated.
I have, up until today, politely informed the sender (if their email address is valid and there are ways of checking) that they have a virus and need to remove it. But in the last 15 hours I've received over 30 copies of Magistr, SirCam and Snow White and haven't the time to inform each and every person who is infected. This is a shame as SirCam can delete all files in C: and Magistr can corrupt your bios which may mean a new motherboard.
So folks, please install a good virus checker, keep it turned on, and keep it up to date.
---Mik
Far too many people can't be bothered to install a virus checker and keep it updated.
I have, up until today, politely informed the sender (if their email address is valid and there are ways of checking) that they have a virus and need to remove it. But in the last 15 hours I've received over 30 copies of Magistr, SirCam and Snow White and haven't the time to inform each and every person who is infected. This is a shame as SirCam can delete all files in C: and Magistr can corrupt your bios which may mean a new motherboard.
So folks, please install a good virus checker, keep it turned on, and keep it up to date.
---Mik
One piece of advice that I've always thought was rather bizarre is the recommendation not to open attachments sent to you by people you don't know. This is rather silly since it's corollary would appear to be - it's OK to open attachments from people you do know. This is obviously absurd since many of these virus/worm-type-things spread using email addresses obtained from the personal address book. Or they get email addresses from messages in the inbox. So if you do receive one it's highly likely to come from someone you know (or someone you once sent an email to)!
Capt PPRuNe's advice is much more sensible – don't open an attachment of any kind unless you specifically requested it and are expecting it.
Now there are certain types of files that are always safe to view but it’s not always easy to tell these apart from the risky kind. Email clients may hide file extensions – and macro functionality may have been incorporated into a file type that previously was incapable of carrying an executable payload. I mean who would have thought 10 years ago that text files generated by a word processor could contain executable content? Unless you’re positive that you can identify which file types can and cannot carry a nasty payload, it’s probably best to treat all attachments with suspicion.
[ 25 July 2001: Message edited by: stagger ]
Capt PPRuNe's advice is much more sensible – don't open an attachment of any kind unless you specifically requested it and are expecting it.
Now there are certain types of files that are always safe to view but it’s not always easy to tell these apart from the risky kind. Email clients may hide file extensions – and macro functionality may have been incorporated into a file type that previously was incapable of carrying an executable payload. I mean who would have thought 10 years ago that text files generated by a word processor could contain executable content? Unless you’re positive that you can identify which file types can and cannot carry a nasty payload, it’s probably best to treat all attachments with suspicion.
[ 25 July 2001: Message edited by: stagger ]
