Seems someone from the WHT forums have sent out a emailwith a virus ... the attachments in the email are "SEARCHURL.MP3.PIF" Anyone that has sent out any recent deals to certain people in the request section be careful.

The email comes with the subject of RE: ______ and if you already got it or think you do since none of my Anti-Virus program were able to find it.

This is how you can check to see if you have it.

Press ALT+CTRL+DEL check for a KERNEL32.EXE .. .the EXE part is what gives it away sicne windows does not need no such file to run. If you do find it kill the process by click on End Task or End process. After you have killed it do a search on your local hard drive for the file it would most likely be found in :/Windows/System or :/windows/system32 after you delete this you should be rid of the virus.

It seems what the virus does is replys to every email in your mailbox(s) and sends random emails to people in your address book. I hope no one else got it and I was the ony lucky one to get it :D Hope this helps anyone.

Originally posted by JMolina
Seems someone from the WHT forums have sent out a emailwith a virus ... the attachments in the email are "SEARCHURL.MP3.PIF It's the BadTrans worm. The attachment name varies, but that one follows the pattern and the presence of kernel32.exe confirms it. It's a newly discovered worm, so you'd have to have updated your antivirus program just within the past few days in order to catch it.

NAV has it listed here: http://securityresponse.symantec.com/avcenter/venc/data/w32.badtrans.b@mm.html

In addition to deleting that file, there's a registry entry that should be removed. In addition to sending emails, by the way, the worm installs a keystroke logging trojan.

Originally posted by JMolina
Seems someone from the WHT forums have sent out a emailwith a virus ... the attachments in the email are "SEARCHURL.MP3.PIF" Anyone that has sent out any recent deals to certain people in the request section be careful.

It seems what the virus does is replys to every email in your mailbox(s) and sends random emails to people in your address book. I hope no one else got it and I was the ony lucky one to get it :D Hope this helps anyone.

Same thing I posted about here: http://www.webhostingtalk.com/showthread.php?s=&threadid=27135

You have to realize that many people are going to be infected and many unknowing emails are going to be sent out. You are probably in the address books of many people (both forum members and non-forum members), so be on the lookout, even from people you know and trust. They may have infected themselves.

Yes I understand all of that. Usually my Anti-Virus Program kilsl the virus before anythign else but this time since it was a new one I guess it skipped it ... I am updating all my Anti-Virus programs on all my boxes since it seems this was sent out thru out the network of emails i use.

I just hope no one else has gotten it.

Like I posted in the thread mentioned above, I am willing to help anyone work with their systems to defang certain attachments. It really is a nice thing to do for yourself and to protect your clients.

I got an attachment via email today, so I saved it to my harddrive to do a virus scan on it.

What do you know? Darn thing infected my computer with the win32/magistr.29188 worm.

How? I don't know.

All I know is that it infected alot of my other files very quickly and it also turned off my firewall.

JMolina,

Thanks for bringing this to our attention. :stickout

The joys of Squirrel Mail. I just delete most attachments I recieve and they never get downloaded to my computer unless I know exctly what it is. I don't even use an email client anymore. It's great.

Asia: Welcome ;)

driverdave: I am thinkin of changing Email clients, since OutLook and Outlook Express are about the target of most email viruses. Anyone know a client that can handle IMAP and Mutli POP3 accounts that is Free or Nearly close to it?

Anyone?

I just got this in my email.


===========
File: New_Napster_Site.MP3.pif (29020 bytes) DL Time (TCP/IP): < 1 minute
Sent from the Internet (Details)
==============

:angry:

I just got it to. Does it cause any bad effects to your computer?

From JMolina's post, I don't think so. :cool:

I hope not because for some reason I don't even have an anti-virus on my PC (well I do but I just don't have it activated)

I forgot to mention to one I got would take up all my CPU and bring it down to 0.03% left for idle use. This was being taken all up by kernel32.exe. So it might just eat up all your CPU and send itself out ... any other damage not that I know of, when I peeked in the kernel32.exe coding it didn't show any distructive codes just email commands.

jmolina. i recommend:
http://www.pocomail.com/

i've known the creator since the beginning of poco and have been a beta tester & happy user since the beginning.

I am curious as to how many hosts out there actually run Anti-Virus scanning on all e-mails as part of your e-mail service. We're considering offering this as an add-on service to our clients?

rgds

Originally posted by netsolutions
I just got it to. Does it cause any bad effects to your computer? An attachment named new_napster_site.* is likely to carry either the above-mentioned BadTrans worm, or MTX or one of its variants. So, yes, if the attachment is executed it will have "bad effects."

Originally posted by JMolina
I am thinkin of changing Email clients, since OutLook and Outlook Express are about the target of most email viruses. Anyone know a client that can handle IMAP and Mutli POP3 accounts that is Free or Nearly close to it? The Bat (http://www.ritlabs.com/the_bat/). I recently switched to it from Eudora because of a few clear advantages. It's not "Free," it's "Nearly close to it" ($35). Because it doesn't use the Windows address book or use IE as the html message viewer, things like BadTrans and Magistr can't cause any problems.

If you are using Outlook, you should install this patch to IE which will close one of the well-known exploits taken advantage of by these worms and viruses: http://www.microsoft.com/windows/ie/downloads/critical/q290108/default.asp

I got the e-mail in question. I traced it down to an old e-mail I sent to someone back in August ( i keep all my e-mails for years). The party in question I think is the ad serving company that asked for bids on 2000 megs of bandwidth.

I sure that the parties e-mail address list was hacked, I sent them an e-mail as a warning that there system might be virus infected.

For those that run outlook. change the following.

1) open outlook and go to tools
2) the click on options
3) then click on security
4) then click on zones
5) look at your zone settings for internet
6) adjust them so that active x will not work without confirmation
7) adjust them so that java scripts will not work without confirmation
8) hit apply

This little set up has prevented me from downloading a huge amount of viruses. Simple cure.

Also please be aware that there are web pages that will try to autoload keylogger scripts.

another thing you may want to look at is your boot registry settings.
to see them quickly. go to the following
start , programs, accessories, system tools, click on program system information, then tools, the system configuration utilities.
the last tab gives you the boot registry items and they can be turned off.

anything that looks funny copy the name of the file and do a google search. that is where I find most of the new virus names.

Now another quick measure that will help is Zonealarm. It will ask you if you want a specific application talking to the internet. you can easyly stop an application from talking to the "net".

-Sqposter / Michael

jmolina:

You may want to look into Pegasus Mail.
http://www.pmail.com

Fantastic free program that is very advanced and has been around for ages...

TheBat imap and multiple pop3s i use it :)

Originally posted by Eat Crow
jmolina:

You may want to look into Pegasus Mail.
http://www.pmail.com

Fantastic free program that is very advanced and has been around for ages... I used it ... but it's to confusing setting up mutli pop3 accounts and the IMAP feautre doesn't cache my mail form the IMAP server so if I have 400 emails (read/unread) it has to download the list over and over ... kind of annoying.

I am going to try the other mentioned .. thanks everyone ...