hey bro, do you own the email address structuregts [at] hotmail [dot] com because if you do you have a virus. We have contacted eachother once before so i know my email is most likly in your address book. I recieved an email from structuregts [at] hotmail [dot] with the subject Re: Sample. it has an attachment called word_doc.zip
I know you didnt intentionally send the virus, alot of people have it now and have no clue. just letting you know if that is your email addy then you are infected with this worm. its just a headsup, i only think this is your address because it sounds like something you would use. anyways, hope all is well, you know my AIM, if you need help with the virus AIM me and i will help you out bro.
ATTENTION structure 240!!!
-
NIGHTfall_240sx
- Posts: 3521
- Joined: Sun Apr 06, 2003 9:33 am
- Car: Nissan S14 [notchtop SR] SOLD
-
NIGHTfall_240sx
- Posts: 3521
- Joined: Sun Apr 06, 2003 9:33 am
- Car: Nissan S14 [notchtop SR] SOLD
-
NIGHTfall_240sx
- Posts: 3521
- Joined: Sun Apr 06, 2003 9:33 am
- Car: Nissan S14 [notchtop SR] SOLD
-
NIGHTfall_240sx
- Posts: 3521
- Joined: Sun Apr 06, 2003 9:33 am
- Car: Nissan S14 [notchtop SR] SOLD
-
Structure240sx
- Posts: 5615
- Joined: Sun Oct 06, 2002 5:04 pm
-
IveBeenBad
- Posts: 1138
- Joined: Sun Jan 12, 2003 11:53 am
- Car: 1990 Nissan 240SX Fastback STOCK BIOTCH
-
NIGHTfall_240sx
- Posts: 3521
- Joined: Sun Apr 06, 2003 9:33 am
- Car: Nissan S14 [notchtop SR] SOLD
THE FIX IS HERE
Info on the Virus/Worm
Name: Win32.Netsky.D@mm Aliases: W32/Netsky.d@MM Type: Mass Mailer Size: 17424 bytes (packed) Detected: 1. March 2004 In the wild: Yes
SymptomsPresence of the following file in Windows directory (%WINDIR%) winlogon.exe
Presence of the following entry in HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Run registry key: ICQ Net = winlogon.exe -stealth
Technical descriptionThis variant of the NetSky worm (.D) spreads only via e-mail (in contrast with previous versions, which spread through some P2P applications as well), sending itself to e-mail addresses found in the infected computer.
The worm arrives in the following e-mail format:
Subject - randomly chosen from the following strings: Re: Re: Document Re: Re: Thanks! Re: Thanks! Re: Your document Re: Here is the document Re: Your picture Re: Re: Message Re: Hi Re: Hello Re: Re: Re: Your document Re: Here Re: Your music Re: Your software Re: Approved Re: Details Re: Excel file Re: Word file Re: My details Re: Your details Re: Your bill Re: Your text Re: Your archive Re: Your letter Re: Your product Re: Your website
Body - randomly chosen from the following strings: Your document is attached. Here is the file. See the attached file for details. Please have a look at the attached file. Please read the attached file. Your file is attached.
Attached filename (and extension) - randomly chosen from the following strings: your_document.pif your_document.pif document.pif message_part2.pif your_document.pif document_full.pif your_picture.pif message_details.pif your_file.pif your_picture.pif document_4351.pif yours.pif mp3music.pif application.pif all_document.pif my_details.pif document_excel.pif document_word.pif my_details.pif your_details.pif your_bill.pif your_text.pif your_archive.pif your_letter.pif your_product.pif your_website.pif
When the user double-clicks the e-mail attachment, the worm does the following:
- copies itself to Windows directory (%WINDIR%) as winlogon.exe;
- adds the following entry to HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Run registry key: ICQ net = winlogon.exe -stealth, (so it will be executed each time Windows starts up);
- disables some antivirus software and other known worms (such as Win32.Mydoom.A@mm and Win32.Mydoom.B@mm) by deleting relevant registry keys;
- scans the infected computers for e-mail addresses in files whose extension is one of the following: .eml .txt .php .pl .htm .html .vbs .rtf .uin .asp .wab .doc .adb .tbb .dbx .sht .oft .msg .shtm .cgi .dhtm
- creates and sends e-mails to these addresses with the above described format:
- On 01 mar. 2004, between 6:00 and 9:00 am (local time, not GMT) the worm generates in the computers speaker sounds with random tones and durations.
This variant (.D) uses an improved routine for sending itself through e-mail, allowing it to be sent several times faster than previous variants (.A - .C).
The worm avoids sending itself to addresses containing at least one of the following strings: icrosoft antivi ymantec spam avp f-secur itdefender orman cafee aspersky f-pro orton fbi abuse messagelabs skynet
Info on the Virus/Worm
Name: Win32.Netsky.D@mm Aliases: W32/Netsky.d@MM Type: Mass Mailer Size: 17424 bytes (packed) Detected: 1. March 2004 In the wild: Yes
SymptomsPresence of the following file in Windows directory (%WINDIR%) winlogon.exe
Presence of the following entry in HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Run registry key: ICQ Net = winlogon.exe -stealth
Technical descriptionThis variant of the NetSky worm (.D) spreads only via e-mail (in contrast with previous versions, which spread through some P2P applications as well), sending itself to e-mail addresses found in the infected computer.
The worm arrives in the following e-mail format:
Subject - randomly chosen from the following strings: Re: Re: Document Re: Re: Thanks! Re: Thanks! Re: Your document Re: Here is the document Re: Your picture Re: Re: Message Re: Hi Re: Hello Re: Re: Re: Your document Re: Here Re: Your music Re: Your software Re: Approved Re: Details Re: Excel file Re: Word file Re: My details Re: Your details Re: Your bill Re: Your text Re: Your archive Re: Your letter Re: Your product Re: Your website
Body - randomly chosen from the following strings: Your document is attached. Here is the file. See the attached file for details. Please have a look at the attached file. Please read the attached file. Your file is attached.
Attached filename (and extension) - randomly chosen from the following strings: your_document.pif your_document.pif document.pif message_part2.pif your_document.pif document_full.pif your_picture.pif message_details.pif your_file.pif your_picture.pif document_4351.pif yours.pif mp3music.pif application.pif all_document.pif my_details.pif document_excel.pif document_word.pif my_details.pif your_details.pif your_bill.pif your_text.pif your_archive.pif your_letter.pif your_product.pif your_website.pif
When the user double-clicks the e-mail attachment, the worm does the following:
- copies itself to Windows directory (%WINDIR%) as winlogon.exe;
- adds the following entry to HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Run registry key: ICQ net = winlogon.exe -stealth, (so it will be executed each time Windows starts up);
- disables some antivirus software and other known worms (such as Win32.Mydoom.A@mm and Win32.Mydoom.B@mm) by deleting relevant registry keys;
- scans the infected computers for e-mail addresses in files whose extension is one of the following: .eml .txt .php .pl .htm .html .vbs .rtf .uin .asp .wab .doc .adb .tbb .dbx .sht .oft .msg .shtm .cgi .dhtm
- creates and sends e-mails to these addresses with the above described format:
- On 01 mar. 2004, between 6:00 and 9:00 am (local time, not GMT) the worm generates in the computers speaker sounds with random tones and durations.
This variant (.D) uses an improved routine for sending itself through e-mail, allowing it to be sent several times faster than previous variants (.A - .C).
The worm avoids sending itself to addresses containing at least one of the following strings: icrosoft antivi ymantec spam avp f-secur itdefender orman cafee aspersky f-pro orton fbi abuse messagelabs skynet