URGENT!!!! [email protected] with subject: Message. SWEN VIRUS (OT)

  • Thread starter Thread starter vsj
  • Start date Start date
V

vsj

Ping: freedaszady%40adelphia.netdom

I have been deletind ANY e-mail of 143kb that is not from someone I know
personally. Actually, I would probably do it then too.
Click to expand...

I was shocked to get it from "yahoo", since 95% of all the others were
in reference to MSoft, but the size is what tipped me to it, too.

I wondered, since AVG is supposed to be checking my incoming and
outgoing mail, why didn't it automatically catch all these infected
mails instead of me having to save to my hard drive then manually
check?
 
vsj said:
Ping: freedaszady%40adelphia.netdom



I was shocked to get it from "yahoo", since 95% of all the others were
in reference to MSoft, but the size is what tipped me to it, too.

I wondered, since AVG is supposed to be checking my incoming and
outgoing mail, why didn't it automatically catch all these infected
mails instead of me having to save to my hard drive then manually
check?
Click to expand...

Too new.
Them little boys been working hard to bypass normal safeguards-some even
disable anti virus/firewall programs.Someone is paying them good money
to do it.
BTW:
Does anyone know if it is safe to open an email attachment(virus/worm)
with a hexeditor?
wws
 
:
: : > Ping: freedaszady%40adelphia.netdom

: BTW:
: Does anyone know if it is safe to open an email attachment(virus/worm)
: with a hexeditor?
: wws

That's an excellent BTW. I'm waiting for responses.
What do you use for a hex editor?

Dugie

lose .HAIR to email
 
Right now I use hexascope-just to look.
I'll have to turn off AVG and Zonealarm,they seem to have gutted
them-1byte in size now.:(
 
: BTW:
: Does anyone know if it is safe to open an email attachment(virus/worm)
: with a hexeditor?
: wws

That's an excellent BTW. I'm waiting for responses.
What do you use for a hex editor?

Dugie
Click to expand...
Oh, my, Dugie, I don't even attempt it. Guess you can call me paranoid. lol.
 
Them little boys been working hard to bypass normal safeguards-some even
disable anti virus/firewall programs.Someone is paying them good money
to do it.
BTW:
Does anyone know if it is safe to open an email attachment(virus/worm)
with a hexeditor?
wws
Click to expand...

Any editor that will handle files of that size would be safe, but
it's the pits trying to read anything.

Several free programs can weed out just the readable data. Try
Bintext which will pull all the text from any file in a form
you can make some sense out of.

http://members.home.com/rkeir/bintext.html

BoB
For the duration of Swen, my address is inoperative.
 
BoB said:
Any editor that will handle files of that size would be safe, but
it's the pits trying to read anything.

Several free programs can weed out just the readable data. Try
Bintext which will pull all the text from any file in a form
you can make some sense out of.

http://members.home.com/rkeir/bintext.html

BoB
For the duration of Swen, my address is inoperative.
Click to expand...
Excerpt from swenA,detecting AVG:

File pos Mem pos ID Text
======== ======= == ====

000104D8 004104D8 0 cfinet
000104E0 004104E0 0 cfind
000104E8 004104E8 0 cfiaudit
000104F4 004104F4 0 cfiadmin
00010500 00410500 0 ccshtdwn
0001050C 0041050C 0 ccapp
00010514 00410514 0 bootwarn
00010520 00410520 0 blackice
0001052C 0041052C 0 blackd
00010534 00410534 0 avwupd32
00010540 00410540 0 avwin95
00010548 00410548 0 avsched32
00010560 00410560 0 avkserv
00010570 00410570 0 avgctrl
00010578 00410578 0 avgcc32
00010580 00410580 0 ave32
00010588 00410588 0 avconsol
00010594 00410594 0 autodown
000105A0 004105A0 0 apvxdwin
000105AC 004105AC 0 aplica32
000105B8 004105B8 0 anti-trojan
000105C4 004105C4 0 ackwin32
000105D8 004105D8 0 \StringFileInfo\%s\OriginalFilename
000105FC 004105FC 0 %04X%04X
00010608 00410608 0 \VarFileInfo\Translation
00010624 00410624 0 Try to pull my legs?
00010640 00410640 0 IsDebuggerPresent
00010654 00410654 0 Process32Next
00010664 00410664 0 Process32First
00010674 00410674 0 CreateToolhelp32Snapshot
00010690 00410690 0 kernel32.dll
000106A0 004106A0 0 GetModuleFileNameExA
000106B8 004106B8 0 EnumProcessModules
000106CC 004106CC 0 EnumProcesses
000106DC 004106DC 0 psapi.dll
000106F8 004106F8 0 HEAD %s
00010704 00410704 0 RCPT TO: <%s>
00010728 00410728 0 MAIL FROM: <%s>
00010740 00410740 0 HELO %s
00010750 00410750 0 \germs1.dbv
0001075C 0041075C 0 \germs0.dbv
00010768 00410768 0 CUSTOM
0001077F 0041077F 0 Content-Transfer-Encoding: base64
000107A2 004107A2 0 Content-Disposition: attachment
000107D0 004107D0 0 %s\%s
000107E0 004107E0 0 ; name="
000107EC 004107EC 0 msdownload
000107F8 004107F8 0 compressed
00010806 00410806 0 Content-Type: application/x-
00010838 00410838 0 6447821
00010842 00410842 0 Content-Type: image/gif
0001085B 0041085B 0 Content-Transfer-Encoding: base64
0001087E 0041087E 0 Content-ID: <
0001088C 0041088C 0 5897421
000108A4 004108A4 0 <BR><BR>
000108B2 004108B2 0 Content-Type: text/html
000108CB 004108CB 0 Content-Transfer-Encoding: quoted-printable
00010904 00410904 0 Copyright %i Microsoft Corporation.
00010936 00410936 0 Content-Type: text/plain
00010950 00410950 0 Content-Transfer-Encoding: quoted-printable
 
Back
Top