|
rock.exe? (General Discussion)
rock.exe? // General Discussion
Apr 23, 2002, 1:40am
I got a strange email from "cof" that contained the file rock.exe. Not sure
if its a virus but it says its from cof at activeworlds.com but I know it
isn't. I checked the source and it said something along the lines of
chris at legalassistance.co.uk or something....
Not sure but since it was from someone that knows about COF and directed it
to me, others in AW could be affected.
Any info on rock.exe? Thanks.
--
Mayor 'tax
www.swcity.net
Apr 23, 2002, 1:43am
Most likely it's a virus, don't run it. This is a very bad e-mail cover up,
there's better ways of doing it. I smell script kiddies again ;)
--Bowen--
Have $3... want a website?
http://www.smartpenguin.com/affiliate.php?id=12
[View Quote]"syntax" <syntax at swcity.net> wrote in message
news:3cc4d7b5 at server1.Activeworlds.com...
> I got a strange email from "cof" that contained the file rock.exe. Not
sure
> if its a virus but it says its from cof at activeworlds.com but I know it
> isn't. I checked the source and it said something along the lines of
> chris at legalassistance.co.uk or something....
>
> Not sure but since it was from someone that knows about COF and directed
it
> to me, others in AW could be affected.
>
> Any info on rock.exe? Thanks.
> --
> Mayor 'tax
> www.swcity.net
>
>
>
|
Apr 23, 2002, 3:47am
lol of course I'm not gonna run it. :-P
I checked the source and popped it.
--
Mayor 'tax
www.swcity.net
[View Quote]"silenced" <nospam at privacy.com> wrote in message
news:3cc4d863 at server1.Activeworlds.com...
> Most likely it's a virus, don't run it. This is a very bad e-mail cover
up,
> there's better ways of doing it. I smell script kiddies again ;)
>
> --Bowen--
>
> Have $3... want a website?
> http://www.smartpenguin.com/affiliate.php?id=12
>
> "syntax" <syntax at swcity.net> wrote in message
> news:3cc4d7b5 at server1.Activeworlds.com...
> sure
> it
>
>
|
Apr 23, 2002, 9:38am
It might be the new virus going around.. what's the subject say?
--Bowen--
Have $3... want a website?
http://www.smartpenguin.com/affiliate.php?id=12
[View Quote]"syntax" <syntax at swcity.net> wrote in message
news:3cc4f555 at server1.Activeworlds.com...
> lol of course I'm not gonna run it. :-P
> I checked the source and popped it.
> --
> Mayor 'tax
> www.swcity.net
>
> "silenced" <nospam at privacy.com> wrote in message
> news:3cc4d863 at server1.Activeworlds.com...
> up,
directed
>
>
|
Apr 23, 2002, 2:43pm
give us complete headers please, so we can see who the freak was
KAH
[View Quote]"syntax" <syntax at swcity.net> wrote in message
news:3cc4d7b5 at server1.Activeworlds.com...
> I got a strange email from "cof" that contained the file rock.exe. Not
sure
> if its a virus but it says its from cof at activeworlds.com but I know it
> isn't. I checked the source and it said something along the lines of
> chris at legalassistance.co.uk or something....
>
> Not sure but since it was from someone that knows about COF and directed
it
> to me, others in AW could be affected.
>
> Any info on rock.exe? Thanks.
> --
> Mayor 'tax
> www.swcity.net
>
>
>
|
Apr 23, 2002, 7:13pm
Sure thing...just got another email from him today.
Return-Path: <chris at legalsupport.co.uk>
Received: from mx1b.mts.net ([205.200.16.58]) by msg1.mts.net
(Netscape Messaging Server 4.15) with ESMTP id GV192Y00.9M3 for
<sfris at mts.net>; Tue, 23 Apr 2002 13:08:58 -0500
Received: from mx.mailix.net (mx.mailix.net [216.148.221.135])
by mx1b.mts.net (8.11.4/8.11.3) with ESMTP id g3NI8vx23038
for <sfris at mts.net>; Tue, 23 Apr 2002 13:08:57 -0500 (CDT)
Received: from [212.69.192.6] (helo=smtp-relay1.noc.dsvr.net)
by mx.mailix.net with esmtp (Exim 3.33 #1)
id 1704ik-0008Vw-00
for syntax at swcity.net; Tue, 23 Apr 2002 11:08:54 -0700
Received: from [212.69.197.117] (helo=legalsupport.dsvr.co.uk)
by smtp-relay1.noc.dsvr.net with esmtp (Exim 3.34 #1)
id 1704ij-0002go-00
for syntax at swcity.net; Tue, 23 Apr 2002 19:08:53 +0100
Received: from Qmo (dsl-62-3-74-70.zen.co.uk [62.3.74.70])
by legalsupport.dsvr.co.uk (8.11.6/8.11.6) with SMTP id g3NI8lv14822
for <syntax at swcity.net>; Tue, 23 Apr 2002 19:08:47 +0100
Date: Tue, 23 Apr 2002 19:08:47 +0100
Message-Id: <200204231808.g3NI8lv14822 at legalsupport.dsvr.co.uk>
From: mistersdk <mistersdk at hotmail.com>
To: syntax at swcity.net
Subject: A special humour game
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary=Y242jmGMBnnM8u9KN605NC27gr837R
--Y242jmGMBnnM8u9KN605NC27gr837R
Content-Type: text/html;
Content-Transfer-Encoding: quoted-printable
<HTML><HEAD></HEAD><BODY>
<FONT>This is a special humour game<br>
This game is my first work.<br>
You're the first player.<br>
I hope you would like it.</FONT></BODY></HTML>
--Y242jmGMBnnM8u9KN605NC27gr837R
Content-Type: application/octet-stream;
name=kitty.exe
Content-Transfer-Encoding: base64
Content-ID: <IS7f7QZr>
(big mass of jumbled letters and numbers..you know..)
--Y242jmGMBnnM8u9KN605NC27gr837R
Content-Type: application/octet-stream;
name=nature[1].htm
Content-Transfer-Encoding: base64
Content-ID: <IS7f7QZr>
(jumble)
[View Quote]"kah" <kah at kahnews.cjb.net> wrote in message
news:3cc58f20$2 at server1.Activeworlds.com...
> give us complete headers please, so we can see who the freak was
>
> KAH
|
Apr 23, 2002, 7:15pm
LOL that just makes it seem more like a virus.
--Bowen--
Have $3... want a website?
http://www.smartpenguin.com/affiliate.php?id=12
[View Quote]"syntax" <syntax at swcity.net> wrote in message
news:3cc5ce5f at server1.Activeworlds.com...
> Sure thing...just got another email from him today.
>
>
> Return-Path: <chris at legalsupport.co.uk>
> Received: from mx1b.mts.net ([205.200.16.58]) by msg1.mts.net
> (Netscape Messaging Server 4.15) with ESMTP id GV192Y00.9M3 for
> <sfris at mts.net>; Tue, 23 Apr 2002 13:08:58 -0500
> Received: from mx.mailix.net (mx.mailix.net [216.148.221.135])
> by mx1b.mts.net (8.11.4/8.11.3) with ESMTP id g3NI8vx23038
> for <sfris at mts.net>; Tue, 23 Apr 2002 13:08:57 -0500 (CDT)
> Received: from [212.69.192.6] (helo=smtp-relay1.noc.dsvr.net)
> by mx.mailix.net with esmtp (Exim 3.33 #1)
> id 1704ik-0008Vw-00
> for syntax at swcity.net; Tue, 23 Apr 2002 11:08:54 -0700
> Received: from [212.69.197.117] (helo=legalsupport.dsvr.co.uk)
> by smtp-relay1.noc.dsvr.net with esmtp (Exim 3.34 #1)
> id 1704ij-0002go-00
> for syntax at swcity.net; Tue, 23 Apr 2002 19:08:53 +0100
> Received: from Qmo (dsl-62-3-74-70.zen.co.uk [62.3.74.70])
> by legalsupport.dsvr.co.uk (8.11.6/8.11.6) with SMTP id g3NI8lv14822
> for <syntax at swcity.net>; Tue, 23 Apr 2002 19:08:47 +0100
> Date: Tue, 23 Apr 2002 19:08:47 +0100
> Message-Id: <200204231808.g3NI8lv14822 at legalsupport.dsvr.co.uk>
> From: mistersdk <mistersdk at hotmail.com>
> To: syntax at swcity.net
> Subject: A special humour game
> MIME-Version: 1.0
> Content-Type: multipart/alternative;
> boundary=Y242jmGMBnnM8u9KN605NC27gr837R
>
> --Y242jmGMBnnM8u9KN605NC27gr837R
> Content-Type: text/html;
> Content-Transfer-Encoding: quoted-printable
>
> <HTML><HEAD></HEAD><BODY>
>
> <FONT>This is a special humour game<br>
> This game is my first work.<br>
> You're the first player.<br>
> I hope you would like it.</FONT></BODY></HTML>
>
> --Y242jmGMBnnM8u9KN605NC27gr837R
> Content-Type: application/octet-stream;
> name=kitty.exe
> Content-Transfer-Encoding: base64
> Content-ID: <IS7f7QZr>
>
> (big mass of jumbled letters and numbers..you know..)
>
> --Y242jmGMBnnM8u9KN605NC27gr837R
> Content-Type: application/octet-stream;
> name=nature[1].htm
> Content-Transfer-Encoding: base64
> Content-ID: <IS7f7QZr>
>
> (jumble)
>
>
>
> "kah" <kah at kahnews.cjb.net> wrote in message
> news:3cc58f20$2 at server1.Activeworlds.com...
>
>
|
Apr 23, 2002, 7:42pm
Hello Gang,
Here's the info you seek about rock.exe. Its a nasty one.
http://home.earthlink.net/~doniteli/index15-51.htm
Cheers,
Kit
[View Quote]
> I got a strange email from "cof" that contained the file rock.exe. Not sure
> if its a virus but it says its from cof at activeworlds.com but I know it
> isn't. I checked the source and it said something along the lines of
> chris at legalassistance.co.uk or something....
>
> Not sure but since it was from someone that knows about COF and directed it
> to me, others in AW could be affected.
>
> Any info on rock.exe? Thanks.
> --
> Mayor 'tax
> www.swcity.net
Apr 23, 2002, 7:56pm
It uses an exploit (a security hole) that allows the attachment to be
executed when viewing the message with Microsoft Outlook Express or Outlook
(without Service Packs installed). This method is similar to the one used by
Nimda or Kak worms.
If he's read it.. he's already been infected (that is if he doesn't have the
service packs).
--Bowen--
Have $3... want a website?
http://www.smartpenguin.com/affiliate.php?id=12
[View Quote]"kit" <dominicl at clear.net.nz> wrote in message
news:3CC5D36B.A50FE6B9 at clear.net.nz...
> Hello Gang,
>
> Here's the info you seek about rock.exe. Its a nasty one.
> http://home.earthlink.net/~doniteli/index15-51.htm
>
> Cheers,
> Kit
>
> syntax wrote:
>
sure
it
>
|
Apr 23, 2002, 8:06pm
Just reread that whole crapload.. it told your computer to execute the
attachment kitty.exe
Without the service packs installed (as said earlier) your computer is
probably infected as we speak.. run your normal antivirus after you update
it's virus list and head on over to antivirus.com and use the free net scan
(to ensure the most up to date virus list is being used). It's always good
to scan with more then one antivirus program :). Below is what's telling it
to execute the file:
"Content-Type: application/octet-stream;
name=kitty.exe"
--Bowen--
Have $3... want a website?
http://www.smartpenguin.com/affiliate.php?id=12
[View Quote]"syntax" <syntax at swcity.net> wrote in message
news:3cc5ce5f at server1.Activeworlds.com...
> Sure thing...just got another email from him today.
>
>
> Return-Path: <chris at legalsupport.co.uk>
> Received: from mx1b.mts.net ([205.200.16.58]) by msg1.mts.net
> (Netscape Messaging Server 4.15) with ESMTP id GV192Y00.9M3 for
> <sfris at mts.net>; Tue, 23 Apr 2002 13:08:58 -0500
> Received: from mx.mailix.net (mx.mailix.net [216.148.221.135])
> by mx1b.mts.net (8.11.4/8.11.3) with ESMTP id g3NI8vx23038
> for <sfris at mts.net>; Tue, 23 Apr 2002 13:08:57 -0500 (CDT)
> Received: from [212.69.192.6] (helo=smtp-relay1.noc.dsvr.net)
> by mx.mailix.net with esmtp (Exim 3.33 #1)
> id 1704ik-0008Vw-00
> for syntax at swcity.net; Tue, 23 Apr 2002 11:08:54 -0700
> Received: from [212.69.197.117] (helo=legalsupport.dsvr.co.uk)
> by smtp-relay1.noc.dsvr.net with esmtp (Exim 3.34 #1)
> id 1704ij-0002go-00
> for syntax at swcity.net; Tue, 23 Apr 2002 19:08:53 +0100
> Received: from Qmo (dsl-62-3-74-70.zen.co.uk [62.3.74.70])
> by legalsupport.dsvr.co.uk (8.11.6/8.11.6) with SMTP id g3NI8lv14822
> for <syntax at swcity.net>; Tue, 23 Apr 2002 19:08:47 +0100
> Date: Tue, 23 Apr 2002 19:08:47 +0100
> Message-Id: <200204231808.g3NI8lv14822 at legalsupport.dsvr.co.uk>
> From: mistersdk <mistersdk at hotmail.com>
> To: syntax at swcity.net
> Subject: A special humour game
> MIME-Version: 1.0
> Content-Type: multipart/alternative;
> boundary=Y242jmGMBnnM8u9KN605NC27gr837R
>
> --Y242jmGMBnnM8u9KN605NC27gr837R
> Content-Type: text/html;
> Content-Transfer-Encoding: quoted-printable
>
> <HTML><HEAD></HEAD><BODY>
>
> <FONT>This is a special humour game<br>
> This game is my first work.<br>
> You're the first player.<br>
> I hope you would like it.</FONT></BODY></HTML>
>
> --Y242jmGMBnnM8u9KN605NC27gr837R
> Content-Type: application/octet-stream;
> name=kitty.exe
> Content-Transfer-Encoding: base64
> Content-ID: <IS7f7QZr>
>
> (big mass of jumbled letters and numbers..you know..)
>
> --Y242jmGMBnnM8u9KN605NC27gr837R
> Content-Type: application/octet-stream;
> name=nature[1].htm
> Content-Transfer-Encoding: base64
> Content-ID: <IS7f7QZr>
>
> (jumble)
>
>
>
> "kah" <kah at kahnews.cjb.net> wrote in message
> news:3cc58f20$2 at server1.Activeworlds.com...
>
>
|
Apr 23, 2002, 8:09pm
Since the patch is only avaliable for 5.x and i have 6 then im all set for
that sort of thing. An e-mail scanning capable virus-scanner is also a good
thing becuase it will catch the virus before you even open it and get rid of
it. I also have mine scan outgoing so that if somethign tries to automaticly
send a virus to everyone on my adress book for example it will detect it and
block those.
If you have 5.x of internetexplorer/outlookexpress then apply that patch.
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
A message from Zeo Toxion
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
[View Quote]"silenced" <nospam at privacy.com> wrote in message
news:3cc5d8a4$1 at server1.Activeworlds.com...
> It uses an exploit (a security hole) that allows the attachment to be
> executed when viewing the message with Microsoft Outlook Express or
Outlook
> (without Service Packs installed). This method is similar to the one used
by
> Nimda or Kak worms.
>
> If he's read it.. he's already been infected (that is if he doesn't have
the
> service packs).
>
> --Bowen--
>
> Have $3... want a website?
> http://www.smartpenguin.com/affiliate.php?id=12
>
> "kit" <dominicl at clear.net.nz> wrote in message
> news:3CC5D36B.A50FE6B9 at clear.net.nz...
> sure
directed
> it
>
>
|
Apr 23, 2002, 8:19pm
Well, most good viruses don't use outlook, they connect to a known SMTP
server, such as AOL's and use it to propagate E-mail to addresses it grabbed
from your address book. But it's always good just in case :). That's the
part where firewalls come in handy! Just a side note, BlackIce isn't a good
firewall for that either ;).. it only protects incoming transmissions, not
outgoing.
--Bowen--
Have $3... want a website?
http://www.smartpenguin.com/affiliate.php?id=12
[View Quote]"zeo toxion" <cozmo at activeworlds.com> wrote in message
news:3cc5dbb0 at server1.Activeworlds.com...
> Since the patch is only avaliable for 5.x and i have 6 then im all set for
> that sort of thing. An e-mail scanning capable virus-scanner is also a
good
> thing becuase it will catch the virus before you even open it and get rid
of
> it. I also have mine scan outgoing so that if somethign tries to
automaticly
> send a virus to everyone on my adress book for example it will detect it
and
> block those.
>
> If you have 5.x of internetexplorer/outlookexpress then apply that patch.
>
> --
> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
> A message from Zeo Toxion
> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
>
> "silenced" <nospam at privacy.com> wrote in message
> news:3cc5d8a4$1 at server1.Activeworlds.com...
> Outlook
used
> by
> the
Not
it
of
> directed
>
>
|
Apr 24, 2002, 2:33pm
the good mail-scanning AV acts as a proxy... the way Norton AV works is that
if it detects on RETR command on a POP3 connection (I guess it uses the
remote port to identify it) it launches it's mailscanner. same thing for
outgoing, if it detects a DATA command it scans the content before it relays
it to the server (doesn't work well if you're connected to the server as
localhost lol), so it's completely independent of the clients.
KAH
[View Quote]"silenced" <nospam at privacy.com> wrote in message
news:3cc5de0a$1 at server1.Activeworlds.com...
> Well, most good viruses don't use outlook, they connect to a known SMTP
> server, such as AOL's and use it to propagate E-mail to addresses it
grabbed
> from your address book. But it's always good just in case :). That's the
> part where firewalls come in handy! Just a side note, BlackIce isn't a
good
> firewall for that either ;).. it only protects incoming transmissions, not
> outgoing.
>
> --Bowen--
>
> Have $3... want a website?
> http://www.smartpenguin.com/affiliate.php?id=12
>
> "zeo toxion" <cozmo at activeworlds.com> wrote in message
> news:3cc5dbb0 at server1.Activeworlds.com...
for
> good
rid
> of
> automaticly
> and
patch.
> used
have
> Not
know
> it
> of
>
>
|
Apr 24, 2002, 2:57pm
[View Quote]"silenced" <nospam at privacy.com> wrote in message
news:3cc5db00$1 at server1.Activeworlds.com...
> "Content-Type: application/octet-stream;
> name=kitty.exe"
|
No, all that "tells" your computer is what kind of data is coming next. If
your email reader automatically executes it, that's not the fault of the
content-type setting.
-Agent1
Apr 24, 2002, 5:00pm
Well with OE it usually does execute it.. sorry I wasn't at all awake that
day ;) Though you were not going to post anymore?
--Bowen--
Have $3... want a website?
http://www.smartpenguin.com/affiliate.php?id=12
[View Quote]"agent1" <Agent1 at my.activeworlds.com> wrote in message
news:3cc6e3f0$1 at server1.Activeworlds.com...
>
> "silenced" <nospam at privacy.com> wrote in message
> news:3cc5db00$1 at server1.Activeworlds.com...
>
> No, all that "tells" your computer is what kind of data is coming next. If
> your email reader automatically executes it, that's not the fault of the
> content-type setting.
>
> -Agent1
>
>
|
Apr 24, 2002, 5:01pm
Did I say SMTP? What the hell was I smoking? LoL again I'll say I wasn't
at all awake that much yesterday.
--Bowen--
Have $3... want a website?
http://www.smartpenguin.com/affiliate.php?id=12
[View Quote]"kah" <kah at kahnews.cjb.net> wrote in message
news:3cc6de5b$1 at server1.Activeworlds.com...
> the good mail-scanning AV acts as a proxy... the way Norton AV works is
that
> if it detects on RETR command on a POP3 connection (I guess it uses the
> remote port to identify it) it launches it's mailscanner. same thing for
> outgoing, if it detects a DATA command it scans the content before it
relays
> it to the server (doesn't work well if you're connected to the server as
> localhost lol), so it's completely independent of the clients.
>
> KAH
>
> "silenced" <nospam at privacy.com> wrote in message
> news:3cc5de0a$1 at server1.Activeworlds.com...
> grabbed
the
> good
not
> for
> rid
it
> patch.
be
> have
rock.exe.
> know
lines
>
>
|
Apr 24, 2002, 7:20pm
Don't worry my sons, I have my preview windows off and all critical updates
installed.
--
Mayor 'tax
www.swcity.net
[View Quote]"silenced" <nospam at privacy.com> wrote in message
news:3cc5d8a4$1 at server1.Activeworlds.com...
> It uses an exploit (a security hole) that allows the attachment to be
> executed when viewing the message with Microsoft Outlook Express or
Outlook
> (without Service Packs installed). This method is similar to the one used
by
> Nimda or Kak worms.
>
> If he's read it.. he's already been infected (that is if he doesn't have
the
> service packs).
>
> --Bowen--
>
> Have $3... want a website?
> http://www.smartpenguin.com/affiliate.php?id=12
>
> "kit" <dominicl at clear.net.nz> wrote in message
> news:3CC5D36B.A50FE6B9 at clear.net.nz...
> sure
directed
> it
>
>
|
Apr 24, 2002, 7:24pm
Kick butt, good job ;). Symantec has something on their website that checks
for that just in case, might want to give it a run through.
--Bowen--
Have $3... want a website?
http://www.smartpenguin.com/affiliate.php?id=12
[View Quote]"syntax" <syntax at swcity.net> wrote in message
news:3cc72187 at server1.Activeworlds.com...
> Don't worry my sons, I have my preview windows off and all critical
updates
> installed.
> --
> Mayor 'tax
> www.swcity.net
>
> "silenced" <nospam at privacy.com> wrote in message
> news:3cc5d8a4$1 at server1.Activeworlds.com...
> Outlook
used
> by
> the
Not
it
of
> directed
>
>
|
Apr 24, 2002, 7:25pm
Yep, that's the one. Thanks for the info. ;-)
--
Mayor 'tax
www.swcity.net
[View Quote]"kit" <dominicl at clear.net.nz> wrote in message
news:3CC5D36B.A50FE6B9 at clear.net.nz...
> Hello Gang,
>
> Here's the info you seek about rock.exe. Its a nasty one.
> http://home.earthlink.net/~doniteli/index15-51.htm
>
> Cheers,
> Kit
>
> syntax wrote:
>
sure
it
>
|
Apr 24, 2002, 7:33pm
Hmm....I looked through my registry and everything and there is no trace of
a virus anywhere. (looking on that site that Kit gave us)
BUT...SW Comit and OniLink...two AW friends of mine, got e-mails from me
with subjects saying "sos!" which is part of the virus. Is it possible that
it can send itself automatically? O_o
--
Mayor 'tax
www.swcity.net
[View Quote]"silenced" <nospam at privacy.com> wrote in message
news:3cc72277$1 at server1.Activeworlds.com...
> Kick butt, good job ;). Symantec has something on their website that
checks
> for that just in case, might want to give it a run through.
>
> --Bowen--
>
> Have $3... want a website?
> http://www.smartpenguin.com/affiliate.php?id=12
>
> "syntax" <syntax at swcity.net> wrote in message
> news:3cc72187 at server1.Activeworlds.com...
> updates
> used
have
> Not
know
> it
> of
>
>
|
Apr 24, 2002, 7:35pm
Yup, that's one of the things that viruses try to do. They always try to
send themselves to other people in a hope that it can spread. I really
don't understand why people make viruses.. they do no good and make no
sense.
--Bowen--
Have $3... want a website?
http://www.smartpenguin.com/affiliate.php?id=12
[View Quote]"syntax" <syntax at swcity.net> wrote in message
news:3cc72491 at server1.Activeworlds.com...
> Hmm....I looked through my registry and everything and there is no trace
of
> a virus anywhere. (looking on that site that Kit gave us)
>
> BUT...SW Comit and OniLink...two AW friends of mine, got e-mails from me
> with subjects saying "sos!" which is part of the virus. Is it possible
that
> it can send itself automatically? O_o
> --
> Mayor 'tax
> www.swcity.net
>
>
> "silenced" <nospam at privacy.com> wrote in message
> news:3cc72277$1 at server1.Activeworlds.com...
> checks
be
> have
rock.exe.
> know
lines
>
>
|
Apr 24, 2002, 7:38pm
I meant is it possible that a virus can send itself without being executed?
Seems weird but I have no trace of the virus on my computer...nothing in
registry or anything..no WINK#####.exe files or anything. But it did get
sent to SW Comit and OniLink from me.
--
Mayor 'tax
www.swcity.net
[View Quote]"silenced" <nospam at privacy.com> wrote in message
news:3cc72522 at server1.Activeworlds.com...
> Yup, that's one of the things that viruses try to do. They always try to
> send themselves to other people in a hope that it can spread. I really
> don't understand why people make viruses.. they do no good and make no
> sense.
>
> --Bowen--
>
> Have $3... want a website?
> http://www.smartpenguin.com/affiliate.php?id=12
>
> "syntax" <syntax at swcity.net> wrote in message
> news:3cc72491 at server1.Activeworlds.com...
> of
> that
> be
or
one
doesn't
> rock.exe.
> lines
and
>
>
|
Apr 24, 2002, 7:42pm
Hmm it's possible.. I'm not sure, maybe it was modified since it's release
and that version of the page is not up to date with what it can actually do?
--Bowen--
Have $3... want a website?
http://www.smartpenguin.com/affiliate.php?id=12
[View Quote]"syntax" <syntax at swcity.net> wrote in message
news:3cc725e8 at server1.Activeworlds.com...
> I meant is it possible that a virus can send itself without being
executed?
> Seems weird but I have no trace of the virus on my computer...nothing in
> registry or anything..no WINK#####.exe files or anything. But it did get
> sent to SW Comit and OniLink from me.
> --
> Mayor 'tax
> www.swcity.net
>
> "silenced" <nospam at privacy.com> wrote in message
> news:3cc72522 at server1.Activeworlds.com...
to
trace
me
possible
that
critical
to
> or
> one
> doesn't
I
> and
>
>
|
Apr 25, 2002, 12:04am
It could be from someone else. Just becuase they may happen to of been in
your adress book (by which viruses get email adresses to send themselves to)
doesn't nesecarily mean it was you.
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
A message from Zeo Toxion
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
[View Quote]"syntax" <syntax at swcity.net> wrote in message
news:3cc725e8 at server1.Activeworlds.com...
> I meant is it possible that a virus can send itself without being
executed?
> Seems weird but I have no trace of the virus on my computer...nothing in
> registry or anything..no WINK#####.exe files or anything. But it did get
> sent to SW Comit and OniLink from me.
> --
> Mayor 'tax
> www.swcity.net
>
> "silenced" <nospam at privacy.com> wrote in message
> news:3cc72522 at server1.Activeworlds.com...
to
trace
me
possible
that
critical
to
> or
> one
> doesn't
I
> and
>
>
|
Apr 25, 2002, 1:31am
This is the same virus that Quiz Bot (OW Support) sent information about to
the teamies in OuterWorlds. Here's the message with more information about
it:
From: "Quiz Bot (NTL)"
Subject: Virus Info, Please Read : IMPORTANT !!!!!!
Date: Tue, 23 Apr 2002 23:48:49 +0100
Hello all,
Sorry for the necessity of sending this out, but due to recent events,
Likeness has asked me to send it you all.
There is very nasty email worm doing the rounds known as KLEZ
There are several variants out there each with distinct behaviours, subject
lines etc
and some also drop nasty viruses eg ELKERN as part of their payload
More info can be found here
http://www.europe.f-secure.com/v-descs/klez.shtml
That link also contains at the foot of the page a link to a removal tool,
which includes a readme file.
Please read it in full and familiarise your self with the possible subject
lines, and attached filenames.
If you see any of these subject lines in your email, even from somebody you
know, treat it as highly contagious and radioactive !!!!!! and delete at
once.
Better still update your AV tools to the latest dat files and keep them
uptodate, and for those that havent got an AV product try
http://www.grisoft.com its free.
Please be aware that no matter how good your AV protection there is always a
window of opportunity between a total brand spanking new virus being
released upon the internet and the AV companies coming up with detection and
or fixes/removals. So there is no substitution for practising good old
fashioned safe sex for pc's.
That means not using preview windows, not opening suspicious enticing emails
even those apparantly from people you know until you've done some
investigation, such as viewing details or source to examine for tell tale
clues you can use in an AV vendors database search, and querying the
apparant sender to test the veracity of the email before opening it.
Regards and Hope this helps slow the spreading through OW
Quiz Bot
Support Team Member
---
Obviously not something you want to be opening ;-)
Shorah
115213
[View Quote]"syntax" <syntax at swcity.net> wrote in message
news:3cc4d7b5 at server1.Activeworlds.com...
> I got a strange email from "cof" that contained the file rock.exe. Not
sure
> if its a virus but it says its from cof at activeworlds.com but I know it
> isn't. I checked the source and it said something along the lines of
> chris at legalassistance.co.uk or something....
>
> Not sure but since it was from someone that knows about COF and directed
it
> to me, others in AW could be affected.
>
> Any info on rock.exe? Thanks.
> --
> Mayor 'tax
> www.swcity.net
>
>
>
|
|