Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

E MAIL VIRUS. THIS IS REAL!
self ^ | sept. 18th, 2001 | rockfish59

Posted on 09/18/2001 10:04:31 AM PDT by rockfish59

this is real, folks! my e mail is infected right now and i will be working on a way to fix it. any help or suggestions would be appreciated. the e mail says this:

Hi! How are you?

I send you this file in order to have your advice.

See you later.

the same letter is going to jim robinson in my name. when he first contacted me i didn't know what he was talking about. last night it sent a steady stream to him. he said they were coming every 5 minutes or so and went from about 11:40pm to 2:15am.


TOPICS: Miscellaneous
KEYWORDS:
i believe someone on this forum sent it out. probably some commie who doesn't like us. definately watch your e's from now on.
1 posted on 09/18/2001 10:04:31 AM PDT by rockfish59
[ Post Reply | Private Reply | View Replies]

To: rockfish59
This would be the SirCam virus. Go to your virus scan provider and look for information on how to remove it there.
2 posted on 09/18/2001 10:08:51 AM PDT by garyb
[ Post Reply | Private Reply | To 1 | View Replies]

Comment #3 Removed by Moderator

To: garyb
Yeah, it's the sircam. We received dozens a few weeks ago. My partner is a techie and has been diligent about running norton full time with frequent updates.
4 posted on 09/18/2001 10:12:54 AM PDT by GalvestonGal.com
[ Post Reply | Private Reply | To 2 | View Replies]

To: rockfish59
Rockfish, you have been infected by the SirCam virus. It infects Outlook Express extremely well and turns into it's own server to send copies of itself to everyone in your mail address or any address it can find. It snags any document on your hard to mail as part of the virus so your entire HD is compromised until you fix it. If you have a copy of Norton or MacAffee, just run the anti-virus scan and follow the program's direction. If not, go to a site like www.symantec.com and they should have a freeware fix for SirCam.
5 posted on 09/18/2001 10:13:36 AM PDT by Ophiucus
[ Post Reply | Private Reply | To 1 | View Replies]

To: rockfish59
CNBC - is talking about it right now - it is a worm similar to Code Red.

The file is "Readme.Exe" - don't click on it!

6 posted on 09/18/2001 10:13:54 AM PDT by Positive
[ Post Reply | Private Reply | To 1 | View Replies]

To: rockfish59
Hehehe. In all seriousness I get at least 20 of those a day.
7 posted on 09/18/2001 10:14:21 AM PDT by Registered
[ Post Reply | Private Reply | To 1 | View Replies]

To: rockfish59
Relax. This is an email virus that apeared about 6 weeks ago and caused a lot of bother but had been more or less suppressed, although it has occasionally reappeared.

What it does is put a file on your computer that secretly sends out emails. So if you openned the files that were attached to the email, then you are infected. If not, you need to contact the person whose computer the files came from and tell them they are infected.

To get rid of the infection, go to or call one of the virus corporation websites and do a search for "I send you this file" etc. That should get you instruction on how to fix it, althoguh you should only be online for as long as it takes to get the info because as long as you are online the virus will be sending email.

Of course, if you didn't open the attached file, you are probably fine and can just delete the message.
8 posted on 09/18/2001 10:15:00 AM PDT by mckreck
[ Post Reply | Private Reply | To 1 | View Replies]

To: rockfish59
Go here and download the Sircam removal tool. Make sure you have no antivirus program running in the background, or it will not remove all the necessary files. Just download it and save it on your desktop, and click on it to run the program. http://www.symantec.com/avcenter/tools.list.html
9 posted on 09/18/2001 10:16:49 AM PDT by Kimlee
[ Post Reply | Private Reply | To 1 | View Replies]

To: rockfish59
did you click on it and open it?

If not then you are safe.

REMEMBER: You cannot get a virus simply by receiving an e-mail message. They are always contained in an attachment. It is only when you open the attachment that you are in trouble.

I got this same e-mail too- first virus I have ever gotten this way, and I suspect it is from some disruptor at FR.

Have you ever included your e-mail address in a post or reply? I did often, and I am not worried... once again- only if you open the attachement are you in trouble- if you did not open it, then just delete that e-mail message- I got the same one last week.

10 posted on 09/18/2001 10:17:45 AM PDT by Mr. K
[ Post Reply | Private Reply | To 1 | View Replies]

To: Positive
It actually can be any number of file names that it sends out and adds its' own extension to the end of it. Therefore, the file name changes every time. But the text of the email is always the "Hi how are you" crap.
11 posted on 09/18/2001 10:18:31 AM PDT by Registered
[ Post Reply | Private Reply | To 6 | View Replies]

To: Registered
I was only repeating what the "expert" interviewed on CNBC said.

It is being repeated just now.

12 posted on 09/18/2001 10:21:07 AM PDT by Positive
[ Post Reply | Private Reply | To 11 | View Replies]

To: rockfish59
I think you have the "sircam" virus
Instructions for manual cleaning of Win32.SirCam.137216 infection.
1. Delete the registry value "Driver32" in
"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices".
2. Delete the registry key:
"HKEY_LOCAL_MACHINE\Software\SirCam"
and its sub keys.
3. Change the value "(Default)" in
"HKEY_CLASSES_ROOT\exefile\shell\open\command"
to its original state (usually "%1" %*).
4. Delete the files: Recycled\Sirc32.exe, Windows\System\SCam32.exe.
5. Scan with action to cure.
6. In systems where rundll32.EXE was detected and renamed,
search for the file run32.exe and rename this file rundll32.EXE.
7. Reboot and remove files with .AVB or .AV0 extensions
After completing this procedure, we recommend that users password protect shares (to avoid reinfection after reconnecting to the network).
I got this from a search for sircam at the site
http://ca.com/virusinfo/encyclopedia/
13 posted on 09/18/2001 10:21:49 AM PDT by the_alfalfanator
[ Post Reply | Private Reply | To 1 | View Replies]

To: Registered
Just read that the FBI is investigating this now.
14 posted on 09/18/2001 10:24:44 AM PDT by The Energizer
[ Post Reply | Private Reply | To 11 | View Replies]

To: rockfish59
From now on DO NOT open any attachment (ever) that has .exe or .vbl as an extension. I don't know what .vbl is, but a while back there was a worm or virus buried in it. .exe means "execute" something - maybe a little cartoon etc. - you don't know what its doing in the background.

Couple years ago I had "Chernobyl" - had infected better than 350 files. Even after killing it the computer's operation slowed down to a snail's pace. I finally had to reload Windows to fix it.

Important: Once you've fixed THIS problem, go out and get a quality anti-virus pgm and configure it to automatically scan the emails you receive.
Recently, my Norton caught 3 magistr infected emails - during the last 6-weeks or so.

15 posted on 09/18/2001 10:24:59 AM PDT by GVNR
[ Post Reply | Private Reply | To 1 | View Replies]

To: rockfish59
If you want to try a really good anti-virus program, here is the one that I use.

It will remove ANY virus that has infected your computer.

You can try it for 60 days free of charge.

eTrust EZ Antivirus


16 posted on 09/18/2001 10:25:09 AM PDT by spiker (spiker@ev1.net)
[ Post Reply | Private Reply | To 1 | View Replies]

To: rockfish59
I hve received hundereds of these from all over. It shows me that there are a lot of people who have no clue when the open mail....
17 posted on 09/18/2001 10:26:06 AM PDT by Mr.E
[ Post Reply | Private Reply | To 1 | View Replies]

To: Snow Bunny,Carolinamom,LadyX,CHIEF negotiator,Scuttlebutt,razorback-bert,michigander,Fred Mertz
Check HERE IMMEDIATELY for information.
18 posted on 09/18/2001 10:26:14 AM PDT by ofMagog
[ Post Reply | Private Reply | To 9 | View Replies]

To: rockfish59
BTTT
19 posted on 09/18/2001 10:29:40 AM PDT by ofMagog
[ Post Reply | Private Reply | To 1 | View Replies]

To: rockfish59
Greetings from typical democrats.
20 posted on 09/18/2001 10:31:42 AM PDT by MHGinTN
[ Post Reply | Private Reply | To 1 | View Replies]

BTTT
21 posted on 09/18/2001 10:36:15 AM PDT by ofMagog
[ Post Reply | Private Reply | To 18 | View Replies]

To: * * * IMPORTANT INFORMATION * * *
Click HERE FOR MORE INFORMATION
22 posted on 09/18/2001 10:48:06 AM PDT by ofMagog
[ Post Reply | Private Reply | To 21 | View Replies]

To: - VIRUS SPREADING RAPIDLY -
BTTT
23 posted on 09/18/2001 10:53:30 AM PDT by ofMagog
[ Post Reply | Private Reply | To 22 | View Replies]

To: ofMagog
Thank you so much ofMagog dear friend. This kind of thing really scares me, I am not that professional at computers.

Good to see you. We have been busy getting packages ready to send back to N.Y. to my husbands family and friends.

24 posted on 09/18/2001 10:56:52 AM PDT by Snow Bunny
[ Post Reply | Private Reply | To 18 | View Replies]

To: ofMagog
Thanks for the links; your first one seemed over-subscribed/flooded. I'll try this one.
25 posted on 09/18/2001 10:58:44 AM PDT by Fred Mertz
[ Post Reply | Private Reply | To 22 | View Replies]

To: rockfish59
I'm telling you guys, go Macintosh...I've never had a virus
and most of the viruses out there affect PCs but not Macs.
26 posted on 09/18/2001 11:01:13 AM PDT by sonserae
[ Post Reply | Private Reply | To 1 | View Replies]

To: sonserae
I'm telling you guys, go Macintosh...I've never had a virus and most of the viruses out there affect PCs but not Macs

Yep, a Mac is the best virus protection program on the market. I've been using 'em for 11 years, and I've never had a problem with a virus.

I got my parents on a Mac a few years ago, and every few weeks my mother calls in a panic -- "So-and-so says I might have a virus! What should I do?"

I just smile calmly and say, "Nothing."
27 posted on 09/18/2001 11:11:38 AM PDT by sonjay
[ Post Reply | Private Reply | To 26 | View Replies]

To: rockfish59
Another good thing to have would be a program such as Zone Alarm. They have two versions -- ZA Pro, which you have to buy, or the original, free version. Both versions can be set up so that they ask you if you want to allow a program to connect to the Internet before allowing it. For example, you would allow Internet Explorer or Netscape Navigator, but not "virus.exe" or whatever. While it wouldn't be a permanent fix it would help to keep your system from infecting others while getting anti-virus stuff. However, this wouldn't help if the virus takes over, say, Outlook, unless you go into the program list and block Outlook.
28 posted on 09/18/2001 11:11:57 AM PDT by patricktschetter
[ Post Reply | Private Reply | To 1 | View Replies]

To: rockfish59
I get that "Hi! How are you?" e-mail quite a bit. For awhile I was getting at least 2 dozen such e-mails per day. Now it is down to just a couple per week. Best thing for folks out there to do is IMMEDIATELY delete it WITHOUT opening it and then delete it from your Deleted Items box.
29 posted on 09/18/2001 11:15:41 AM PDT by PJ-Comix
[ Post Reply | Private Reply | To 1 | View Replies]

To: The Energizer
How many of these do you get? If you need some I can spare a few for a fellow Michigander ;-) Share the wealth...so to speak.
30 posted on 09/18/2001 11:31:54 AM PDT by Registered
[ Post Reply | Private Reply | To 14 | View Replies]

To: sonserae, sonjay
Well, of course, but then who'd go to the trouble of writing a virus for the 57 users of macs?

;-)

My iMAC wife says same as you.
Kinda like the early VW bug owners -- a cult, dangerous one at that.

31 posted on 09/18/2001 11:33:00 AM PDT by ofMagog
[ Post Reply | Private Reply | To 26 | View Replies]

To: rockfish59
I was hit by this a couple of weeks ago. I made a major mistake of opening an attachment from someone I did not know. Do not remove any files by running the Anti virus scanner. A friend did this which removes the offending files but does nothing regarding the registry. This causes certain applications to not run i.e. file manager, ftp ... etc makeing the recovery process more difficult. The solution in this case is you must use another computer to download the fix and run it from a floppy. Instead, download the fix from Symantec's web site and run the program after having read the instructions. It took me 20 minutes to fix my system and several hours on the phone and email warning friends to avoid attachments sent from me. The silver lining in all this is a great scenerio in a novel I'm writing. I'm now using a similar situation in my story. In it, the conspiracy being rought by the bad guys is exposed by the accidental emailing of sensitive documents to patriots through the exposure of this type of virus.
32 posted on 09/18/2001 12:12:42 PM PDT by tang-soo (skaggs@pipeline.com)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Ophiucus

My dear brother and sister FReepers,

At this, of all times in my lifetime, I would like nothing more than to be able to read these threads and reply to them.  I have much I would like to say.

BUT, I cannot!

Why?

Because I am trying hard to raise the finances needed to keep FreeRepublic up and running so that we can continue to share valuable information and respond to it.

I beg you, if you have not yet donated to FreeRepublic this quarter,  do so now!

I realize you are giving to lots of Relief efforts and I encourage you to do so.  But we need to help FR too.  Where would we be right now without it?

If you have no money, please come and bump the Fundraiser Thread.

I would really like to reach our goal quickly so that I and the rest of the dedicated FReepers who are working the Fundraiser Threads can participate in what is undeniably the most important time in FreeRepublic's history.

FreeRepublic Fundraiser --WE WILL STAND UNITED!!!-- We NEED YOUR HELP AND PATRIOTIC POSTS! <--click here

Support FreeRepublic! Support the U.S.A. <--click here

33 posted on 09/18/2001 12:44:30 PM PDT by 2ndMostConservativeBrdMember
[ Post Reply | Private Reply | To 5 | View Replies]

To: rockfish59
I received the same message for about 4 Mondays in a row then it stopped. I guess I'll be expecting incoming, but not on the scale that Saddam, Osama, et al will be receiving.
34 posted on 09/18/2001 12:49:13 PM PDT by b4its2late
[ Post Reply | Private Reply | To 1 | View Replies]

To: rockfish59
Set up a dummy account in you address book that will place itself first in the book. Do not put in any email address. When the virus attempts to send out your address books accounts, it will be stopped by the first, dummy account with an error message.

35 posted on 09/18/2001 1:05:43 PM PDT by William Terrell
[ Post Reply | Private Reply | To 1 | View Replies]

To: b4its2late
thanks for all the replies. i am working on it and it IS the 'sircam'. i guess the commie/rat wanted to get jim mad at me and also get on his nerves. that's why i posted here so no one else would have 'their' mail sent to him. guess this is petty compared to the real world. now i can't WAIT for the first strike against 'has-bin laden'!
36 posted on 09/18/2001 1:11:06 PM PDT by rockfish59
[ Post Reply | Private Reply | To 34 | View Replies]

To: rockfish59
hmmmm, the weird part is i never sent an e mail to jim and he wasn't in my address book.
37 posted on 09/18/2001 1:15:56 PM PDT by rockfish59
[ Post Reply | Private Reply | To 36 | View Replies]

To: rockfish59

'Nimda' Computer Worm Hits Worldwide

By Duncan Martell

SAN FRANCISCO (Reuters) - A damaging new computer worm was spreading like wildfire across the Internet on Tuesday, hitting both home PC users and commercial servers, in an outbreak that could prove more widespread and costly than the Code Red viruses, computer security experts said.

Known as ``Nimda,'' which spells admin backwards, the worm spreads by sending infected e-mails and also appears able to infect Web sites, so when a user visits a compromised Web site, the browser -- if it has not been patched -- can spread the worm to a PC, analysts said.

So far, it appears that Nimda arrives in e-mail without a subject line and containing an attachment titled ``readme.exe,'' experts said.

Internet security experts have warned of the potential for an increase in virus activity after last week's attacks on the World Trade Center and Pentagon (news - web sites), but U.S. Attorney General John Ashcroft (news - web sites) said there was no sign the outbreak was linked to those events.

``There is no evidence at this time which links this infection to the terrorist attacks of last week,'' Ashcroft told a news briefing.

The worm may have started as early as Monday and was showing signs of overloading traffic on the Internet, Ashcroft said, saying that Nimda proved ``heavier'' than the Code Red worm that caused an estimated $2.6 billion in clean-up costs on Internet-linked computers after outbreaks in July and August.

``Compared to Code Red, it may well be bigger simply because it can affect home users as well,'' said Graham Cluley, senior technical consultant for Sophos Antivirus.

If Microsoft Corp.'s (Nasdaq:MSFT - news) Outlook e-mail program has not been patched with an update that became available in March, the recipient does not even need to open the attachment to activate the virus -- opening the e-mail itself is sufficient -- said Vincent Weafer, senior director of Symantec Corp.'s (Nasdaq:SYMC - news) Symantec Security Response unit.

Other e-mail programs, such as Eudora or International Business Machine Corp.'s Lotus Notes, require the recipient to open the attachment for the virus to replicate, he said.

So far, the malicious program does not appear capable of erasing files or data, but Nimda has shown itself capable of slowing down computer operations as it replicates, experts said.

``In terms of data destruction, we haven't seen anything,'' Weafer said.

Experts said Nimda had appeared in the United States, Europe and Latin America and was likely to spread to other regions as well.

``It seems to be very widespread and (moves) at an incredibly quick rate,'' Cluley said. ``The reason it's become so widespread is because it not only travels via e-mail but it contaminates Web sites as well.''

The worm exploits an already detected vulnerability in Microsoft's Internet Information Server Web software running on Windows NT or 2000 machines, the same breach that the Code Red viruses exploited, experts said.

Once Nimda infects a machine, it tries to replicate in three ways. It has its own e-mail engine and will try to send itself out using addresses stored in e-mail programs. It also scans IIS servers looking for the known vulnerability and attacks those servers. Finally, it looks for shared disk drives and tries to replicate itself to those devices, Symantec's Weafer said.

Experts urged companies and users to update antivirus software and to download the software patches, noting the principal reason the worm had spread so quickly was that people and companies had not downloaded the free software patches.

Patches are available for both the IIS vulnerability and Web browsers at http://www.microsoft.com/security.

38 posted on 09/18/2001 1:17:54 PM PDT by Dog Gone
[ Post Reply | Private Reply | To 36 | View Replies]

To: tang-soo
I am not very computer savvy.......BUT I never open any attachments from people I don't know.
And I get rid of mail without openning it by right clicking my mouse and hit 'delete'.......works for me!
39 posted on 09/18/2001 1:21:49 PM PDT by mickie
[ Post Reply | Private Reply | To 32 | View Replies]

To: rockfish59
probably some commie who doesn't like us

Uh, yeah, I bet that's it. Do you work in Computer Customer Support somewhere?

40 posted on 09/18/2001 2:18:50 PM PDT by TankerKC
[ Post Reply | Private Reply | To 1 | View Replies]

To: TankerKC
nope. i have a measly little computer. found out it was the 'I-Worm' virus. it is gone now thanks to AVG. amazing how fast it located it. unfortunately, i wasn't able to punch some sumbitch in the nose for passing it on. damned commie/libs! thanks for all the help/advice guys!! {:^)
41 posted on 09/18/2001 10:05:56 PM PDT by rockfish59
[ Post Reply | Private Reply | To 40 | View Replies]

To: Dog Gone
bttt
42 posted on 09/19/2001 7:21:15 AM PDT by b4its2late
[ Post Reply | Private Reply | To 38 | View Replies]

To: rockfish59
this is real, folks! my e mail is infected right now
Posted on 09/18/2001 10:04:31 PDT by rockfish59
thanks for all the replies. i am working on it and it IS the 'sircam'.
Posted on 09/18/2001 13:11:06 PDT by rockfish59
Gentelman... Good job
You know of, course I will expect better next time!
"B Team's up next"
Lets clean up and take a break...I've got the first round.
73's
43 posted on 09/20/2001 12:31:09 AM PDT by Stand_Up
[ Post Reply | Private Reply | To 1 | View Replies]

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson