Beagle infection ?

  • Thread starter Thread starter Simon Cussonnet
  • Start date Start date
S

Simon Cussonnet

subject = Hi, Re:, Hello, Thanks, ...
Message body = :), :))
Attachment= price.exe, price.scr, joke.exe, joke.com, joke.scr

OS : Win98SE
OE & IE : Ver 5.5 SP2

I receive them on almost all my mail boxes, sent either by another guy, my
daughter or by one of my own addresses.

I did a search on Internet focussing on W32.Bagle.xx where xx may differ
from site to site, depending on the variants.
Anyway, the mechanism is quite common, at least I think so. Several program
are surveying themselves. When one process is killed, it's recreated by the
other running programs. The way to eliminate it is to boot into protected
mode in order to perform the housekeeping.

The problem is that I can't manage to find any running process launched by
the runxx keys, win.ini, autoexec.bat or config.sys as it should be.

The deduction I made is that my addresses were spoofed by someone.
But this doesn't make me very, very, comfortable.

I hate virus killers. I prefer to understand the process and to investigate
manually prior to going straight on to the cure.

Any suggestion ?
Thanks in advance
 
Simon said:
subject = Hi, Re:, Hello, Thanks, ...
Message body = :), :))
Attachment= price.exe, price.scr, joke.exe, joke.com, joke.scr

OS : Win98SE
OE & IE : Ver 5.5 SP2

I receive them on almost all my mail boxes, sent either by another guy, my
daughter or by one of my own addresses.

I did a search on Internet focussing on W32.Bagle.xx where xx may differ
from site to site, depending on the variants.
Anyway, the mechanism is quite common, at least I think so. Several program
are surveying themselves. When one process is killed, it's recreated by the
other running programs. The way to eliminate it is to boot into protected
mode in order to perform the housekeeping.

The problem is that I can't manage to find any running process launched by
the runxx keys, win.ini, autoexec.bat or config.sys as it should be.

The deduction I made is that my addresses were spoofed by someone.
But this doesn't make me very, very, comfortable.

I hate virus killers. I prefer to understand the process and to investigate
manually prior to going straight on to the cure.

Any suggestion ?
Thanks in advance
Click to expand...
Process Explorer-
http://www.sysinternals.com/ntw2k/freeware/procexp.shtml
HijackThis produces a very useful log-
http://www.majorgeeks.com/download3155.html
-max


--
To help you stay safe see: http://www.geocities.com/maxpro4u/madmax.html
Virus cleaning +fixes see: http://www.geocities.com/maxpro4u/TechPros
Change nomail.afraid.org to neo.rr.com so you can reply by e-mail
(nomail.afraid.org has been set up specifically for
use in Usenet. Feel free to use it yourself.)
 
Thanks.
I went to the likns below.
Nothing more than already found.
No message with virus today.
For the moment, people in my address book don't report any mail sent with
these characteristics.
May be a false alert I focussed on due to the abondance of similar messages.

Wait and see.
 
Back
Top