Home |
Search |
Today's Posts |
|
Metalworking (rec.crafts.metalworking) Discuss various aspects of working with metal, such as machining, welding, metal joining, screwing, casting, hardening/tempering, blacksmithing/forging, spinning and hammer work, sheet metal work. |
Reply |
|
LinkBack | Thread Tools | Display Modes |
#1
|
|||
|
|||
Warning VIRUS (was: Fw: Do not release, its the internal rls!)
In article , wrote:
Warning. I took a look at this thing (carefully, on a *non* Windows system), and found: 1) Html with a iframe tag. 2) A base64-encoded zipfile, in which was: 3) A file which contained more html, with yet another iframe tag, and 4) A final file named "torvil.exe". 5) Torvil.exe includes the string: "This program must be run under Win32" so it isn't an MS-DOS executable. 6) Except for a very few diagnostic messages (unable to access the needed dll and such), all other strings are apparently at least minimally encrypted, except for .dll names and function call names. Nothing to print to the user in operation is visible. With all of that, the odds are probably 99:1 that it is a virus. And it certainly does not belong here. So -- if you have looked at the preceding message with a Windows system and OE, please run a virus scan on your system. (And note that this may be too new to show up in the virus signature files, so it won't be identified until after the next update. Good Luck, DoN. -- Email: | Voice (all times): (703) 938-4564 (too) near Washington D.C. | http://www.d-and-d.com/dnichols/DoN.html --- Black Holes are where God is dividing by zero --- |
#2
|
|||
|
|||
My antivirus site (eTrust) has the lollowing:
Total Results [2] Name Last Modified Aliases Win32.Torvil.B 12 Jan 2004 W32/Torvil-mm (Wildlist), Win32/P2P.Unknown.Worm, W32/Torvil@MM (McAfee), W32/Torvil.A (F-Secure), I-Worm.Torvil.c (Kaspersky), WORM_TORVIL.B (Trend), W32.HLLW.Torvel.B@mm (Symantec) Win32.Torvil.D 23 Oct 2003 Win32/Torvil.D.Worm , W32/Torvil@MM (McAfee), I-Worm.Torvil.d (Kaspersky), W32.HLLW.Torvil@mm (Symantec), W32/Torvil.A (F-Secure) John. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ "DoN. Nichols" wrote in message ... In article , wrote: Warning. I took a look at this thing (carefully, on a *non* Windows system), and found: 1) Html with a iframe tag. 2) A base64-encoded zipfile, in which was: 3) A file which contained more html, with yet another iframe tag, and 4) A final file named "torvil.exe". 5) Torvil.exe includes the string: "This program must be run under Win32" so it isn't an MS-DOS executable. 6) Except for a very few diagnostic messages (unable to access the needed dll and such), all other strings are apparently at least minimally encrypted, except for .dll names and function call names. Nothing to print to the user in operation is visible. With all of that, the odds are probably 99:1 that it is a virus. And it certainly does not belong here. So -- if you have looked at the preceding message with a Windows system and OE, please run a virus scan on your system. (And note that this may be too new to show up in the virus signature files, so it won't be identified until after the next update. Good Luck, DoN. -- Email: | Voice (all times): (703) 938-4564 (too) near Washington D.C. | http://www.d-and-d.com/dnichols/DoN.html --- Black Holes are where God is dividing by zero --- |
#3
|
|||
|
|||
|
#5
|
|||
|
|||
On Sun, 6 Feb 2005 12:49:55 -0600, the inscrutable "Tim Williams"
spake: "Larry Jaques" wrote in message .. . I got stuck with OE when I moved to Starband, but I immediately turned off the preview feature which would have automatically loaded every virus as it came in. I really don't get it, you missing critical updates or settings? Like I Not that I'm aware of. I run the Windows Update every month or two and let it further ruin my machine with the latest M$ hacks. sigh One of these days I'm going to buy another hard drive and set the old computer up with Mandrake on it... said elsewhere, OE doens't autorun anything. I've clicked on hundreds of viruses with no effect (I use preview pane because I'm lazy like that). AFAIK, OE does open messages by default when the preview option is turned on. That, in turn, can launch virii and/or worms. I choose to avoid that. -------------------------------------------- Proud (occasional) maker of Hungarian Paper Towels. http://www.diversify.com Comprehensive Website Design ================================================== ==== |
#6
|
|||
|
|||
"Tim Williams" wrote:
"Larry Jaques" wrote: I got stuck with OE when I moved to Starband, but I immediately turned off the preview feature which would have automatically loaded every virus as it came in. I really don't get it, you missing critical updates or settings? Like I said elsewhere, OE doens't autorun anything. I've clicked on hundreds of viruses with no effect (I use preview pane because I'm lazy like that). He likely had his security settings too low. Regarding OE, I've been using it for almost five years now, and have *never* been infected through it. It works just fine for my purposes, is safe and secure, and is easy to use.. I've never been one to make more work for myself when it's not necessary, so OE is what I use. YMMV. Jom |
#7
|
|||
|
|||
In article ,
Tim Williams wrote: "DoN. Nichols" wrote in message ... So -- if you have looked at the preceding message with a Windows system and OE, please run a virus scan on your system. Don't forget people, that OE doesn't run attachments automatically (except images, which are convieniently embedded in-line, and aren't executables anyway so don't count) and most certainly is NOT smart enough to know what a ZIP file is, let alone how to open it. Okay!? But the "iframe" HTML tag can pass it off to another program. An early example of this trick was (supposed) audio files (.wav), which it did not explicitly pass to a program to play files. It instead just attempted to *run* the file, depending on the system to recognize the type and feed it to the appropriate program to play it. The file, in reality, had an filename something like name-of-song.wav.exe or name-of-song.wav.scr which *are* executables, so when it tried to run it to play it, it really *ran* it. Enjoy, DoN. -- Email: | Voice (all times): (703) 938-4564 (too) near Washington D.C. | http://www.d-and-d.com/dnichols/DoN.html --- Black Holes are where God is dividing by zero --- |
#8
|
|||
|
|||
On Sun, 6 Feb 2005 19:57:42 -0800, Jon Danniken wrote:
"Tim Williams" wrote: "Larry Jaques" wrote: I got stuck with OE when I moved to Starband, but I immediately turned off the preview feature which would have automatically loaded every virus as it came in. I really don't get it, you missing critical updates or settings? Like I said elsewhere, OE doens't autorun anything. I've clicked on hundreds of viruses with no effect (I use preview pane because I'm lazy like that). He likely had his security settings too low. Regarding OE, I've been using it for almost five years now, and have *never* been infected through it. It works just fine for my purposes, is safe and secure, and is easy to use.. I missed the start of this, but does it help knowing that any virus that claims to be from a specific person, is nearly guaranteed to _not_ have come from that person? All you know if it say sit's from Tim, is that it's from someone with Tim in their address book. |
#9
|
|||
|
|||
On Mon, 7 Feb 2005 13:31:19 -0600, Tim Williams wrote:
"Dave Hinz" wrote in message ... All you know if it say sit's from Tim, is that it's from someone with Tim in their address book. Ha! I think I've even had viruses sent to me by "myself" before... Yup. I get 'em (in my spam/virus filter bucket) all the time, and I'm fairly sure that none of my Unix systems have a virus (all things considered...) Dave |
Reply |
Thread Tools | Search this Thread |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Forum | |||
Virus Warning | Woodturning | |||
Drilling through internal solid walls........... | UK diy | |||
THIS ATTACHMENT CONTAINS A VIRUS | Woodturning | |||
"Damp" internal wall - initial measurements made. Any ideas? | UK diy | |||
W.C Internal Overflow | UK diy |