Skip to comments.
Bizarre computer virus - any help appreciated
Posted on 11/16/2001 1:10:46 PM PST by my_pointy_head_is_sharp
I was hit with a major computer virus today. It's so bizarre, that it's going to be difficult to explain what happened.
An email from Mail Delivery Subsystem was sent to me as return email, one with "permanent fatal errors". The returned email was addressed to ME at my old ISP address. In other words, it looked like I was sending myself an email at my old address. But since I'm no longer there, the email was returned to me.
The email had an attachment. The attachment was an unsent email that I had on my files. It was just a note I had written to myself, and kept on my computer, in the form of an email. The attachment had 4 addresses on it: support at my current ISP; a friend of mine; an ebay person (from long ago); and me at my old ISP address.
Essentially, what happened is, an email on my computer was plucked at random, and sent to 4 addresses also plucked at random. Fortunately, the email was not of an embarrassing nature.
I instantly did the Housecalls Scan and found 12 viruses: PE MAGISTR.B. The infected files are: C:\WINDOWS\COMMAND\SULF; STA; UNZI; ZIP.E; UNZI. And C:\WINDOWS\OPTIONS\CABS; CABS; CABS; CABS; CABS; CABS; CABS. They were uncleanable, so I deleted them.
Questions: Any ideas on where this came from? Does anybody else have it? Did I delete anything crucial?Coincidentally, I received 6 emails (all the same) from my current ISP yesterday. Any connection?
Thank you for your help.
TOPICS: Miscellaneous; Your Opinion/Questions
KEYWORDS:
Navigation: use the links below to view more comments.
first 1-20, 21-40, 41-60, 61-75 next last
To: my_pointy_head_is_sharp; Utah Girl; Bitwhacker; kd5cts
Can you guys help??
2
posted on
11/16/2001 1:10:54 PM PST
by
Dog
To: Dog
Thanks! I don't know who else could be pinged.
To: my_pointy_head_is_sharp
magistr.b is a pretty well-known outlook virus. mcafee or symantec should clear it up for you, though the real solution is to banish microsoft products from your machine. there are a multitude of variations, btw. for more information, look
here.
dep
4
posted on
11/16/2001 1:10:56 PM PST
by
dep
To: my_pointy_head_is_sharp
Hi my_pointy_head_is_sharp,
I just went through this it was a nightmare of unbelievable fustration.
this virus was sending everyone in my address book pieces of files i had in my puter.
my husband had to do a complete recovery of our whole system it took days and we lost just about everything on our harddrive that wasnt backed up to file ,which was quite a lot of digital photos and all my old soreloserman stuff from the election and tons of onther files.
Norton Anti virus told us it was a virus called MAGIK whatever that means.
so after getting the system back up and running we bought the new norton systemworks so hopefully we won't have this problem again.
my girlfriend sent me the infected file and from there it just spreads ,i called everyone in my address book that i phone #'s for to warn them.
i wish you the best in getting this fixed.
Suzyq5558
5
posted on
11/16/2001 1:10:56 PM PST
by
suzyq5558
To: Dog
Go here for the info on the virus: http://securityresponse.symantec.com/avcenter/venc/data/w32.magistr.39921@mm.html
To: my_pointy_head_is_sharp
I had a similar virus invasion in June/July/August.
First, I opened an attachment and got the SirCam virus. I thought I had gotten rid of it. Then I noticed my email program kept trying to send an invisible email each time I opened it (even though "I" was not sending out any email).
I remembered getting a strange email (text) and the strange things happened after that. I found 2 invisible dll's that I deleted, due to my system getting very sluggist. But the invisible email sending continued.
I did several virus scans of my system, and they showed nothing. I eventually had to reformat my Windows drive and reinstall everything.
Now, I run one of two pre-email programs to see what email is on the server. I can preview and delete anything suspicious before downloading legitimate email. One of the preview email programs is
MailWasher. The other is
Pop3 Mail Scan. They are worth checking out.
7
posted on
11/16/2001 1:10:57 PM PST
by
TomGuy
Comment #8 Removed by Moderator
To: my_pointy_head_is_sharp
OOOPS!! the virus is magistr.b not magik .sorry bout that,
Suzyq5558
9
posted on
11/16/2001 1:10:57 PM PST
by
suzyq5558
To: dep
Imagistr.b is a pretty well-known outlook virus I looked at the Source Code of all my recent Received emails, and haven't found anything. Isn't the name of the virus usually present in the Source Code of the infected email?
To: dep
Thanks for the link. It said: "If the e-mail's attachment is executed, Magistr.B infects the system and sends copies of itself, often with a randomly selected file from the victim's computer, to the victim's address book."
Oh, great! This means that by opening the attachment, I set it in motion! A slight twist is that, in my situation, it didn't send it to anyone in my address book, just to random addresses in Outlook Express.
To: suzyq5558
Your situation was much worse than mine! What a nightmare for you! I'm wondering if, now that I have deleted the infected files, if it is over.
To: TomGuy
Then I noticed my email program kept trying to send an invisible email each time I opened it I don't understand what you mean by that.
To: my_pointy_head_is_sharp
I sure hope so.
when my hubby ran the virus scan more and more files kept coming up as infected, Hubby just looked at me and sighed shaking his head he told me that my puter had just died a horrible death from computer HIV.
I was miserable for a week without my puter :)
Suzyq5558
To: my_pointy_head_is_sharp
Oh, great! This means that by opening the attachment, I set it in motion! this is the way all outlook virus infections work. some of that msft ease of use we hear so much about.
dep
15
posted on
11/16/2001 1:11:15 PM PST
by
dep
To: my_pointy_head_is_sharp
Then I noticed my email program kept trying to send an invisible email each time I opened it I don't understand what you mean by that.
When I noticed strange things going on with my email, I disabled the "send" capabilities. Afterward, I noticed the email program would attempt to "send" out an email (but would fail--returning an error message). It would dump the "sent" email into the sent-directory, then delete it. All this happened in split-second, and there was no visible email that I could view.
I deleted all the subdirectories under Outlook Express to watch what was going on. The culprit-sender would create a send file, attempt to send it, dump the "sent" file into the sent-directory, then delete it.
I managed to view the text portions of the raw data file, which appeared to be garbage, but did have contents of recent files or webpages I had opened on my computer recently. Thus, I figured it was somehow gathering up recent files on my pc and attempting to send them out to whoever????
It is difficult to explain exactly what all was going on. Just trust me. It creates and sends out some kind of invisible (to you) email to someone or some-many.
Regretfully, my only solution was a complete re-format and re-install, as no virus checker "found" the virus.
16
posted on
11/16/2001 1:11:22 PM PST
by
TomGuy
To: my_pointy_head_is_sharp
As others have diagnosed, you've got one of the fairly recent viruses (worms) that uses your e-mail program to perpetuate itself. Some of these worms do other nasty things to your system as well. Get it cleaned off as soon as possible.
I had to clear one of these off of my system recently. The only antivirus program that found it was Norton Antivirus (by Symantec) *WITH* the most recent virus data files. An old copy of Norton or other program may very well miss a new virus unless it gets updated. And just buying a brand new copy of an antivirus program off the store shelf is not enough, you will want to download the most recent update for it after you install it.
17
posted on
11/16/2001 1:11:25 PM PST
by
Harp
To: Harp
A neighbor of mine got an email that said "YOU MAY HAVE A VIRUS!" and told him to look for a few files and erase them.
Those files were his Registry and the backup registry...and yes, he did erase them. R-E-A-L smart...
18
posted on
11/16/2001 1:11:37 PM PST
by
Poohbah
To: my_pointy_head_is_sharp
Don't open file attachements,
Don't open file attachements,
Don't open file attachements!
Not from anyone, not ever!
19
posted on
11/16/2001 1:11:38 PM PST
by
BJungNan
To: TomGuy
That's a bit clearer. Thanks.
I've just spent the past nearly 3 hours doing Scan Disk. No errors were found. Does that mean I'm out of the woods? I've already noticed one weird thing. My Explorer icon is no longer able to connect me to the Internet when I log on. I have to use the ISP logo, which connects me; then I can use the Explorer icon to open my homepage. It's a two-step process now, whereas before it was one.
Navigation: use the links below to view more comments.
first 1-20, 21-40, 41-60, 61-75 next last
Disclaimer:
Opinions posted on Free Republic are those of the individual
posters and do not necessarily represent the opinion of Free Republic or its
management. All materials posted herein are protected by copyright law and the
exemption for fair use of copyrighted works.
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson