Posted by MikeC on Tuesday, August 19, 2003 at 5:00PM :
In Reply to: OT computer virus?? posted by Judd on Tuesday, August 19, 2003 at 12:47PM :
Judd,
I'm a network engineer that has been around computers for longer than I care to admit. Do yourself a favor-purchase Norton AV software. The "free" online scanners can only scan your system when you tell it to-Norton scans your all traffic coming in or out looking for a virus signature. You can find new shrink wrapped copies of Norton 2003 on Ebay for around 10 bucks or so, and the virus protection is good for a year before you have to resubscribe. Make sure allow it to live update itself at least one a week (more is better).
Or, you can pay someone like me a lot of money to clean up your computer after you get a virus. Hey, I might take a truck or two in trade!
W32.Sobig.F@mm is a mass-mailing, network-aware worm that sends itself to all the email addresses that it finds in the files with the following extensions:
.dbx
.eml
.hlp
.htm
.html
.mht
.wab
.txt
The worm utilizes it's own SMTP engine to propagate and will attempt to create a copy of itself on accessible network shares.
Email Routine Details
The email message has the following characteristics:
From: Spoofed address (which means that the sender in the "From" field is most likely not the real sender).
The worm may use the address admin@internet.com as the sender.
Subject:
Re: Details
Re: Approved
Re: Re: My details
Re: Thank you!
Re: That movie
Re: Wicked screensaver
Re: Your application
Thank you!
Your details
Body:
See the attached file for details
Please see the attached file for details.
Attachment:
your_document.pif
document_all.pif
thank_you.pif
your_details.pif
details.pif
document_9446.pif
application.pif
wicked_scr.scr
movie0045.pif
Symantec has recently upgraded this from a level 3 threat to a level 2 threat because of an increased number of submissions.
Hope this helps!
Follow Ups: