I sent a nice email from 2 of my email addresses to that shang3 ?? at msn.com address simply asking what is going on. I got a reply to both addresses that had a short comment to read the attachment.The header was forged with my email address. This is the email


http://www.geocities.com/zz6a/fraud/


Up to now I have had no indication my email boxes are sending any attachments or anything bazaar.

Virus Characteristics:
This mass mailing worm attempts to send itself using Microsoft Outlook by replying to unread email messages. It also drops a remote access trojan (detected as Backdoor-NK.svr with the 4134 DATs; detected heuristically as New Backdoor prior to the 4134 DAT release).
When run, the worm displays a message box entitled, "Install error" which reads, "File data corrupt: probably due to a bad data transmission or bad disk access." A copy is saved into the WINDOWS directory as INETD.EXE and an entry is entered into the WIN.INI file to run INETD.EXE at startup. KERN32.EXE (a backdoor trojan), and HKSDLL.DLL (a keylogger DLL detected as DUNpws.av) are written to the WINDOWS SYSTEM directory, and a registry entry is created to load the trojan upon system startup.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\
RunOnce\kernel32=kern32.exe

Note: Under WinNT/2K, an additional registry key value is entered instead of a WIN.INI entry:

HKEY_USERS\Software\Microsoft\Windows NT\
CurrentVersion\Windows\RUN=%WinDir%\INETD.EXE

Once running, the trojan attempts to mail the victim's IP Address to the author. Once this information is obtained, the author can connect to the infected system via the Internet and steal personal information such as usernames, and passwords. In addition, the trojan also contains a keylogger program which is capable of capturing other vital information such as credit card and bank account numbers and passwords.

The next time Windows is loaded, the worm attempts to email itself by replying to unread messages in Microsoft Outlook folders. The worm will be attached to these messages using one of the following filenames (note that some of these filenames are also associated with other threats, such as W95/MTX.gen@M):

Card.pif
docs.scr
fun.pif
hamster.ZIP.scr
Humor.TXT.pif
images.pif
New_Napster_Site.DOC.scr
news_doc.scr
Me_nude.AVI.pif
Pics.ZIP.scr
README.TXT.pif
s3msong.MP3.pif
searchURL.scr
SETUP.pif
Sorry_about_yesterday.DOC.pif
YOU_are_FAT!.TXT.pif

The message body may contain the text:
Take a look to the attachment.

oh credit for the above goes to mcafee.com ;)

I've been saying some not very nice things about tacidblue-tacidhost but for the most part its been simply questioning what is going on with the place.I must have been there 3 months and 95% downtime and its up and down and up and down with the same excuses of getting booted off some place.The difference now there seems to be no news as to what is going on. Email? Post in a messageboard?


I'm wondering about this virus thing.I'm not smart enough to know how to make one nor how to deal with them except have anti-virus software in the computer. Odd this happens same time as I'm dealing with tacid.



Now let me re-think events. I used 2 web-based email accounts to ask tacid a question via that shane3@msn.com address or whatever it is. I think I sent nice emails. I used yahoo email and the email service at justice.com. I did a cc: to my email address at msn and also think a cc: to a webtv email address. MSN is my isp and use Outlook Express for email.(vs. hotmail) Come to think of it the Outlook Express has been acting odd odd. I log on and get a collection of new emails that just say something has been rejected by some other email address.Maybe 5-6 of them. I could not figure what its about and just delete them.I have noticed odd behavior as to sending of an email from Outlook Express.Sometimes I send one it indicates numerous are being sent.I have one setting for pop3 from webtv email and it seems to be sucking mail out of webtv address when I don't prompt it. Otherwise is rarely use my Outlook Express email address.


Not being very smart if this IS infested with something solutions? I start searching my c drive for the above files? (last post) Possibly just quit using Outlook Express for now? Is this something I am supposed to solve? If my isp is msn this is not their responsibility to help?

I'm sure my anti-virus software the company will just tell me..sorry...you did not buy the 2002 edition !!! ??? (I never get prompted for upgrades)



So excuse my rambling in a webhosting messageboard.


Sure is odd though this begins the same time as the tacidblue-tacidhost problem. The owner/operator there if they are smart enough have to understand all the chronic problems has to equal getting customers angry?--and expect to have to deal with frustrated people?



---- enuff

I ran a Norton scan of my c-drive...5135 files..says nothing found. I did a 'live update' but thats the free stuff norton offers. I seem to notice nothing wrong with my computer BUT Outlook Express I went there and 2 more bounced emails I never sent.They say as the following;




This is an automatically generated Delivery Status Notification.

Delivery to the following recipients failed.


postmaster@smtp.email.msn.com






I guess I stay away from Outlook Express.Otherwise I never opened one of those attachments.

what shang probably doesn't know(if he is the one doing this) is that with each e-mail header is included a timestamp, which includes the IP, and the IP itself. Call your ISP, whoever it is, and complain. Also forward the e-mail with the virus attachment to mcafee(sp). If this thing spreads fast, the person involved gets in more trouble.

From just a quick skim of this thread, it may be someone went ahead and dropped a virus on poor old Shang, without thinking of the consequences of it then mailing itself out to others.

Without knowing for sure it *may* be him trying to do that to you, and not caring about the consequences of it being passed on...

Or it may just be a coincidence.

As well as updating your virus definitions, you might want to wander over to the anti-virus makers site, and check for a few fix programs. Not all worms get picked up by anti-virus software and need a small program downloaded. KAK-fix for example. I usually keep a small collection of them on disk I run through every now and then just to be on the safe side (as well as keeping my vir.def's updated as much as possible.

Greg Moore