A new and very nasty virus called the "Sircam.exe" virus was launched upon us on July 17th. It is circulated by email with various subject and sender lines. In one of them, the subject line will say "help" and another one comes from a supposed company called "dmconsulting" The virus can best be detected by the fact that when you open the email, no actual message is apparent, but there are two attachments. You click on the first attachment and some message will pop up which prompts you to click on the second which is the actual virus. You can detect it by checking your autoexec.bat file in the root directory of your C:\ drive. The autoexec.bat file will have the line or multiple lines which say C:\Sirc32.exe That is the line(s) which activates the virus each time you boot up. It runs as a service and infects your registry too. You will also see the Sirc32.exe file listed in your c:\recycled\ directory. The easy way to kill this virus is to go to the Norton website and download a special tool they have which kills all the virus and cleans your registry all automatically. Lots of folks rely on McAfee for their virus protection. I would not do that. McAfee has always been a pretty weak sister compared to Norton in my opinion and McAfee did not detect this virus either. It took Norton to find and kill it. Most of you would not have the problems we had killing off the virus because you are not working with large server farms full of high capacity hard drives. In my case, we had to shut down all the computers and isolate them from the network and then turn the Norton tool loose on all of the computers at the same time.(as much as possible.) Since it works as a service, it spreads itself throughout the network very rapidly. It didn't actually ruin any programs or files, but it is a lot like the old Michael Angelo virus in that it activates on the 16th of October(again) and then it will wipe out everything on the system(s). Michael Angelo activated on the birthday of Michael Angelo which was some time in the spring. So be careful with this one. It's likely to take a good 24 hours total time to get this one killed off completely, but all the main systems are up and running now.
Here is another virus email I got this morning Subject: JH-House documents to Tim Hilborn Date: Sat, 21 Jul 2001 12:20:02 -0400 From: "Richard Herfurth"<richardh55@home.com> To: bbauer1@netzero.net Part 1.1 Type: Plain Text (text/plain) Encoding: quoted-printable JH-House documents to Tim Hilborn.doc.pif Name: JH-House documents to Tim Hilborn.doc.pif Type: Shortcut to MS-DOS Program (application/x-unknown-content-type-pif file) Encoding: base64 Notice how the programs have the double dots in them as in (dot)doc(dot)pif Anything that has the two dots in the file name, don't open, delete quickly. Hold down the shift key and then hit the delete key.
Thanks Bill, I've got 16 of those emails already and I've got the McAfee alert email message (I subscribe to their virus alerts mailing list - I currently have Norton AntiVirus installed on my puter though) I just deleted the emails, and in my case the infected email came from addresses that I didn't recognize. **VIRUS ALERT - W32/SirCam@MM (Sir Cam Virus)** ------------------------------------------------------------ [This message is brought to you as a subscriber to the McAfee.com Dispatch. To unsubscribe, please follow the instructions at the bottom of the page.] McAfee.com has seen a large and growing number of consumer computers infected with W32/SirCam@MM. This is a HIGH RISK VIRUS FOR CONSUMERS. The infected email can come from addresses that you recognize. Attached is a file with two different extensions. The file name itself varies. The email message can appear as follows: Subject: [filename (random)] Body: [content varies] Hi! How are you? I send you this file in order to have your advice or I hope you can help me with this file that I send or I hope you like the file that I sendo you or This is the file with the information that you ask for See you later. Thanks --- the same message may be received in Spanish --- Hola como estas ? Te mando este archivo para que me des tu punto de vista or Espero me puedas ayudar con el archivo que te mando or Espero te guste este archivo que te mando or Este es el archivo con la información que me pediste Nos vemos pronto, gracias. The virus searches for .GIF, .JPG, .JPEG, .MPEG, .MOV, .MPG, .PDF, .PNG, .PS, and .ZIP files in the MY DOCUMENTS folder and attempts to send copies of these documents to email recipients found in the Windows Address Book and addresses found in cached files. For detection and removal instructions for the Sir Cam Virus, click here. -> http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=2371
I think the right thing to do would be to send an email to the party who sent it to you telling them they are infected with the virus. I just sent one to richardh55@home.com who sent the last one to me. The reason I am going to do this is that many people who are infected and sending out emails to whomever may well not know they are infected since the virus looks for other people to send the virus to unknown to the person it infects and thereby spreading the virus around the world. If everybody that's infected would send out such an email then the virus might be more easily stopped.
