Bienvenue sur JeuxOnLine - MMO, MMORPG et MOBA !
Les sites de JeuxOnLine...
 

Panneau de contrôle

Recherche | Retour aux forums

JOL Archives

vB Archives des forums MMO/MMORPG > Forums divers > La Taverne > [Important] : Attention VIRUS en circulation

[Important] : Attention VIRUS en circulation

Par Daynos le 24/7/2001 à 18:42:00 (#175604)

Attention, surveillez vos emails, et détruisez AVANT d'ouvir le fichier joint les email dont le contenu est :

Hi! How are you? See you later. Thanks

Le sujet de l'email est aléatoire.

Pour plus d'information, voici la lettre d'information officielle d'AVP Antivirus, réputé pour être l'un des meilleurs du marché.

CENTRALCOMMAND.COM Newsletter

Without us, there's no defense.

You are receiving this newsletter because you subscribed to the
CENTRALCOMMAND.COM newsletter at http://www.centralcommand.com. This is
an open-subscription mailing list. If you do not want to receive this
newsletter please see the bottom of this message for instructions on how
to remove your e-mail address from this mailing list.

Virus Protection for the Real World.

If you suspect a virus infection you can download a free time limted,
fully functional trial version of AntiVirus eXpert antivirus
software from http://www.centralcommand.com

Visit CENTRALCOMMAND.COM online http://www.centralcommand.com


Central Command is re-releasing this URGENT virus warning due to
increased levels of infection reports from I-Worm.Sircam.A. This
virus is spreading globally at an alarming rate.

AntiVirus eXpert has been updated for this worm since early last
week. Please update AntiVirus eXpert if you have not already done
so.


I-Worm.Sircam.A


Name: I-Worm.Sircam.A
Aliases: W32.Sircam.Worm@mm, W32/SirCam@mm
Type: Internet Worm (mass mailer)
Risk: High

Description:

I-Worm.Sircam.A is an Internet worm that is spreading itself
through e-mail.

The worm arrives through e-mail in the following format:

Subject: (The subject line will be random)

Body: Hi! How are you? See you later. Thanks

Attachment: (Same as Subject: line + containing a double extension,
ie. COM.EXE)

*Note: It might be possible that it will contain additional text
in between the two lines listed above

When the user opens the attachment, the worm adds the following
keys into the registry:

HKCR\exefile\shell\open\command\Default="c:\recycled\SirC32.exe"
"%1" %*

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\Driver32
=c:\windows\system\SCam32.exe

The first registry key enables the worm to copy the SirC32.exe file
to the folder C:\Recycled\ which allows the worm to run after each
*.exe file is executed. The second key stores the filename
Scam32.exe into the C:\Windows\System folder, which allows the worm
to execute automatically.

Worm.Sircam.A also uses its own special SMTP routine to send
unsolicited email messages to those addresses obtained from a
search within the Windows address book, as well as, from the users
Temporary Internet folder.

*There is also a duplicate of this worm in the Spanish language.

The body format of the Spanish e-mail message would contain the
lines:

Hola coma estas ?
Nos vemos pronto, gracias

Central Command, Inc. respects your online privacy. You at anytime
can easily remove your e-mail address from the Central Command mailing
list by sending an e-mail message To: news-request@cclistserver.com
and in the body of the message include the following replacing
"e-mail@domain.com" with your e-mail address.

unsubscribe news e-mail@domain.com

You will receive a confirmation message about your successful
removal from News.

IF YOU ARE NOT ABLE TO REMOVE YOUR E-MAIL ADDRESS USING THE ABOVE
METHOD PLEASE SEND AN E-MAIL MESSAGE TO REMOVE@CENTRALCOMMAND.COM
AND REQUEST TO BE REMOVED MANUALLY.

Central Command, PerfectSupport, EVRT, Emergency Virus Response
Team, Virus Protection for the Real World, Without us, there's
no defense. are trademarks of Central Command Inc. AntiVirus eXpert
is a trademark of Softwin SRL, Romania. All other trademarks, trade
name and product names are property of their respective owners.
Copyright (C) 2000, 2001 Central Command Inc. All rights reserved.

Par makina le 24/7/2001 à 19:04:00 (#175605)

Bah merci :)

Par Homer le Grand le 25/7/2001 à 19:25:00 (#175606)

un autre ou le même : extrait d'un mail interne d'une boîte d'un pote :
"Nous avons reçu ce matin un email verolé du nom de wscam.

Ce virus est tout nouveau (2 jours d'apres une
société de securité) et très dangereux, il envoie
des emails verolés à tout votre carnet d'adresse en
attachant des fichiers de votre dossier mes
documents.
Il arrive dans la boite de reception avec comme
expediteur quelqu'un que vous connaissez et le
message est en anglais ou espagnol :

Hi you
Just waiting for a response
Bye..."


très méchant : rebooter deviens impossible !

Par Banjo le 25/7/2001 à 19:52:00 (#175607)

*merde il veut enpêcher la propagation de mon virus*
merci de nous prévenir de tout ces méchants virus".

JOL Archives 1.0.1
@ JOL / JeuxOnLine