Apparently a new virus named SirCam was unleashed recently. My virus scan program did not detect it in the email but it did detect the .exe file it copied onto my system. It apprently emails itself to folks in your address book, but it was sent to people that I have never heard of from my computer. Here is a URL: http://news.cnet.com/news/0-1003-200-6647394.html?tag=mn_hd ------------------
This virus is annoying as hell. I've received it over 50 times since Saturday. I didn't open any of the files, but I wonder what kind of goodies were in them. ------------------ http://www.swirve.com ... more fun than a barrel full of monkeys and midgets.
After verifying the attachment I received did not contain a virus, I stupidly opened it anyway. It place a file named scam32.exe onto my machine and set up the registry to run that program upon every startup. I removed the file and cleaned the registry. This is the first virus I have ever inflicted upon myself and potentially upon others. It even sent itself to Jeff, even though he IS NOT in my contact list, so I don't know where it gets its send to file. ------------------
I don't even open attachments without carefully scruntinizing them anymore. This one is very annoying. ------------------ humble, but hungry.
This virus hides in the recycle bin and most virus scans exclude scanning the recycle bin. The virus takes your rundll32.exe file and deletes it making it impossible to run certain executable files. I have cleaning methods for the computer savvy, but they're at work. I cleaned this virus from 10+ machines. It propagated over our open network. Very nasty. My computer at home is down right now, or I'd ask you to email me and I'd send you instructions. You can use the McAfee or Norton website for cleaning instructions but one critical step in cleaning is to rename your regedit file from regedit.exe to regedit.com before making your registry changes. This is a nasty virus and it also tries to send out copies of itself attaching itself to image files from your PC so when your friends get email from you it looks like a legitimate image... the virus originated from prodigy.net.mx... it's a mexican virus... ching-gow! rH ------------------ Updated: The Psychedelic Groove House of Rockets Basketball Love! join the club! Rockets Psychedelic Groove House Club on Yahoo! Stop annoying X10 ads! This link will set a cookie on your system that will disable X10 ads for one year!
I must have caught it before it completely propogated itself. It did not make it into my recycle bin, nor did it write the part dealing with the recylce bin into the registry. It did create the scam32.exe file and its registry entry which I have deleted. It also did not touch my run32dll file. It is interesting that it uses address it finds in your internet cache directory in addition to address book entries. ------------------
bo, check your rundll32 file.. if it's bigger than 24K, it could be a problem. The virus makes that file 124K... very suspicious... also check your autoexec.bat file... it puts a file at the bottom that has an @ symbol and 32 something.... rH ------------------ Updated: The Psychedelic Groove House of Rockets Basketball Love! join the club! Rockets Psychedelic Groove House Club on Yahoo! Stop annoying X10 ads! This link will set a cookie on your system that will disable X10 ads for one year!
Thanks for the advice RockHead, but I had already checked rundll32 and verified that it was correct (24K) against a known good version of the file. In addition, there is nothing in autoexec.bat or config.sys. ------------------
If you do get this virus and you want to see who you mailed stuff to, go to C:\Windows\System and search for a file named sc**.dll where ** is 2 random digits. This is the email file that the SirCam virus generated based on a combination of your Windows Address Book (WAB) file as well as stuff stored in your Internet Cache directory. ------------------
