PDA

View Full Version : Strange email received today. Virus??



Apache
25th Jul 2002, 19:43
I got a strange email today from someone I don't know.
Sender - alex
sender email - alex@justadventure.com
Subject - some questions
Attachment - hieght.scr
file size - 91.8K
Now I don't know if this is a virus or what, but with all the people I help with dromed it almost seemed like it was directed towards to. That is until I saw the attachment. Anyone know what a scr file is? I didn't open it. I deleted the email right away and put that sender on my Blocked list. So if anyone gets this type of email. Be very very careful..Something just didn't smell right.

theBlackman
25th Jul 2002, 19:48
.SCR Is a SCREEN file. It may be a selfexe as is the Fish Screensaver from Aqua. It is the same kind of file as a screensaver or others like a streaming video.

The content can be almost anything you want.

ChristineS
25th Jul 2002, 19:50
Don't open it, sent it to your provider, just to be sure.

I have got an e-mail on july 5th subject "Some questions" from thiefnews@ttlg.com, I opend it and my computer crashes completly. My virenscanner identefied it as "Worm Klez E", but coudn't remove them. I had to format my computer.

so be carefully, mabe it's harmless, but if you open it, it's to late. :rolleyes:
Edit: it was also a scr-file

Apache
25th Jul 2002, 19:51
So not opening it was probally a good thing..:p

Stile451
25th Jul 2002, 19:53
From http://filext.com/


.SCR File type:

Faxview Fax
Screen Saver
Procomm Plus Screen Snapshot File
Script (various)
DOS DEBUG Input File (can be any extension but often .SCR)
LocoScript Screen Font File
Statistica Scrollsheet
Movie Master Screenplay (DOS software replaced by Hollywood Screenplay)
Sun Raster Graphic [XnView]

Could have been a lot of things, but was most likely either a script or a screensaver. Screensavers can be viruses.

edit: three replies while I was compiling this one:rolleyes:

theBlackman
25th Jul 2002, 19:54
Originally posted by ChristineS
Don't open it, sent it to your provider, just to be sure.

I have got an e-mail on july 5th subject "Some questions" from thiefnews@ttlg.com, I opend it and my computer crashes completly. My virenscanner identefied it as "Worm Klez E", but coudn't remove them. I had to format my computer.

so be carefully, mabe it's harmless, but if you open it, it's to late. :rolleyes:
Edit: it was also a scr-file

I don't open anything from someone I don't recognize. this includes things like "thiefnews@..." :eek:

PS Thanks for the link SALVAGE. :D

Apache
25th Jul 2002, 19:57
I guess I should have forwarded it to them. Wasn't thinking already deleted it. :rolleyes:

ChristineS
25th Jul 2002, 20:07
Originally posted by theBlackman
I don't open anything from someone I don't recognize. this includes things like "thiefnews@..." :eek:

yes, you're right, but I have submitted my fms to the circle and that is one of their adresses.
It's easy to forge an e-mail adress. But I haven't think about that someone sent me a virus :rolleyes:
I have wrote Elenkins from TTLG and inform him about, but never get an answer...

Apache
25th Jul 2002, 20:10
I pocked and around a realized i didn't clean out my deleted emails yet. Called Charter and got the abuse email address and forwarded right over to them..That will teach them to mess with a Taffer.:D

Grey Mouser
25th Jul 2002, 21:15
Hmm, I'd have to say it was almost certainly a virus Apache.

FYI for interested taffers, for several months the Eidos email server has been getting hit with an average of 300-500 virus emails a day, with various titles (including "some questions") and all with .scr attachments. Someone somewhere must think it amusing to have set up an auto-virus mailer to Eidos.

Our virus scanner deletes the attachments and replaces 'em with a text file notice that it was a virus, and to date no one at Eidos has infected their computer by opening the attachments...(hate to burst your bubble you loser virus sending chumps, we are a bit more clever than that, though we do award you a "B-" for effort and a "T" for Nice Try...)

If a Forums member receives something like what Apache received, my advice is to Delete it immediately and be sure to empty the deleted items folder. Cancel any attachments that try to open automatically and delete, delete, delete!

Keep in mind that if you have your email address viewable on the Forum, I beleive that some trolls target certain Eidos forum members as well. Be safe instead of sorry. ('course, a good low-level format now and then is a good idea...but on your terms not someone elses).

Huntress
25th Jul 2002, 21:40
Seems to me I read somewhere awhile back...that ppl were using the .scr attachments to emails to screw your system up with one. So you were lucky you decided to delete it...well after a fashion :) Unless it's from someone you know...at least fairly sure it came from that someone (?) and they told you what they were including...then your probably OK to open...but like everyone has said...if you don't know who or what...get rid of it fast, better safe than sorry I agree with too! Ta and Good Hunting!

Elenkis
25th Jul 2002, 22:41
That will teach them to mess with a Taffer.

Not likely. No one sent you the virus intentionally, it would have come from an innocent victim who got infected. Not only that but it is highly unlikely it even came from the address it pretends it came from.

The latest batch of virii doing the rounds online are a lot more clever than they used to be. Once a user gets infected then the virus searches the drive for random email addresses to send itself to, but also finds an address to send itself from.
So for example betty@aol.com could be a regular Thief fan who lurks on all the boards and visits all the Thief fansites... Betty gets infected by the virus one day and it randomly picks Apache's addy out of her internet history to spread it to him. At the same time it also randomly picks thiefnews@ttlg.com as the Sent From address. So even though when Apache gets the email it will say that it came from thiefnews@ttlg.com, it really came from Betty.

This means that the virus could have come from anyone who has ever visited these forums or your website (or any other site that has your email address), and we really have no way of knowing who. I receive this virus at least a dozen times a day, often from the address of taffers in this or other forums. So just ignore the address it claims to have come from, it isn't real.

Grey Mouser, this also makes it unlikely that anyone is specifically targeting Eidos. You just receive so many of them because Eidos is so popular - remember that just about anyone who visits the Eidos website will have the address stored in their cache ready for the klez virus to randomly pick out :(

For the record thiefnews@ttlg.com is just a forwarding address, it is not a real POP account and we cannot send mail from it. So if you get any mail from that address you know why...

-Elenkis
www.ttlg.com

ChowYunFat
25th Jul 2002, 23:13
This isn't really a virus story, but I just thought I would mention it. When I first subscribed to the new forum, I received three batches of emails on three consecutive days with identical obscene subject lines but with all different email addresses. One batch consisted of about 25-30 mails--all with the same subject--while the others had fewer. I forwarded them all to aol but don't know what they'll do about it.

I almost posted on the board about it at the time since I figured it might be a result of posting on this board but decided to forget about it when it didn't recur. Did anyone else get something like this?

On an unrelated topic, I've also been getting numerous emails lately that include my real last name in the subject line (usually treating it as a first name). How does something like that happen?

Grey Mouser
26th Jul 2002, 00:05
Originally posted by Elenkis




Grey Mouser, this also makes it unlikely that anyone is specifically targeting Eidos. You just receive so many of them because Eidos is so popular - remember that just about anyone who visits the Eidos website will have the address stored in their cache ready for the klez virus to randomly pick out :(



-Elenkis
www.ttlg.com

Yeah I kinda think it would be a waste of someone's time to specifically target Eidos, but the regularity with which the virus emails arrive (every three minutes or so...exactly) seemed to indicate a concious effort on sombodies part. If it were just random KLEZ mailings from a large number of different address books I would think that they would arrive in bunches, rather than like clockwork. Yes? No?

Could just be my rampant unchecked paranoia...but the curious timing of some virii sent specifically to several volunteer Eidos Moderators a few weeks back also triggered my sense of coincidence.

Thorin Oakenshield
26th Jul 2002, 00:17
Give me the Spotty Gimp responsible and a BF stick:eek:
I'll bring tears to their eyes:D
Then you all can que up behind me for your turn:p ;)

Fafhrd
26th Jul 2002, 01:40
I'll never understand what posesses people to open something that someone just sends them (you can't tell me they DON'T know at this point in the life of the internet). I never even open things from people I KNOW unless I asked them to send me something, and usually the better way to get the file is thru icq or aim or such.

oh well, this is one reason why I never give out my prime email adds. to boards and such, only things like hotmail or yahoo.

then again, I tend to check my school emails with pine anyway, usually thru linux to boot (take THAT virii that target windoze users). You couldn't pay me to use outlook or such (I just talked my sister out of using outlook a couple weeks back).

Vanguard
26th Jul 2002, 03:41
I thought that posting your email address didn't actually list your email address but instead the sender had to use this forum's web form to send their message "blind" (i.e., they don't know what is the real email address of the recipient). The only way they would get the real email address was if you replied to their message. (The old forum wan't this way, however, and anyone could see your real email address if you enabled it.)

Of course, you do some of the tricks that I've seen in newsgroups. One is to add an "x" at the end of your username, like tafferx@domain.com, and then mention in your signature to remove the trailing "x" for your real email address. This will screw up trollers scrounging for email addresses that then insert them into the spam lists; when they send, it's a bogus email address (they don't bother reading the contents and their troller program won't know to remove the "x"). However, this is used a lot so I'd recommend a different character, like "K" for tafferK@domain.com and be sure your signature says to remove the "K".

Myystique
26th Jul 2002, 05:39
Actually I have just spent about 10 hours trying to delete a virus and remove all the damage that its done - I can't reformat #1 because I don't know how and #2 - I hadn't backed up anything except photos... well I did back up FMs today just in case lol ... anyway does anyone know what a walkinge.exe is? and where I can get it . I guess I deleted it and its causing all sorts of nasty problems. -- I would cry but I am way to tired... and yes I am whining !!!! Evil people who send virus's should be shot - or at the least black jacked by every taffer here! :mad:

DJC
26th Jul 2002, 05:43
Originally posted by ChowYunFat
On an unrelated topic, I've also been getting numerous emails lately that include my real last name in the subject line (usually treating it as a first name). How does something like that happen?

If your last name is included in your email address then many "spam robots" (Programs that scour the 'net for email addresses) then it will often be included in the subject line. For example, just last night I got a email with the subject "dave, increase your bust size overnight!". Now, as much as I would love to have a big bust (.:rolleyes:.), it took the "dave" from my ttlg email "dave@ttlg.com" and I got a similar one about pre-approved credit cards for a country I neither live in nor visited (:D) with the subject line "dcornish, you have been preapproved!" to my work email address which includes "dcornish"


GM, the Klez virus (or whatever it is) is extremely rampant in the wild at the moment .<p><img src="http://www.sophos.com/images/eng/topten/top10viruses_june2002.gif"><p>As you can see, in June it was responsible for 67% of all virus attacks reported to <a href="http://www.sophos.com">Sophos Antivirus</a>. I personally have received it over 40 times in the last month through various email addresses, I seriously doubt anyone is targeting Eidos on purpose.
:)
£/$/€ 0.02

Tin Star
26th Jul 2002, 07:07
That sounds just like the one I got earlier in the week Apach.Same address and everything,I never open any e-mail unless I know who it is from.

Tin Star

Belboz
26th Jul 2002, 07:16
I got an email from the company that I got my virus checker from, it said that the 'Klez virus' not only buggers your system up, it also sends itself to everyone in you email address book, it also signs everyone in your email address book, to the last fifty websites you visited, if they have a mailing list. So for eveyone who has being getting spam that seams a bit odd, as in something you wouldn't sign yourself up to. Blame it on someone who is infected with the Klez virus, and has your email.

Recently I was constantly being spamed from an american militery web site, with the Klez virus attached, so I emailed the webmaster of the site to tell them they had a virus. And so I stoped getting the spamming virus, now I get spams about, what you are going to do with your life once you leave the army.

Lytha
26th Jul 2002, 12:21
LOL, Belboz...

Yep, these worms/virusses are sent without the people even knowing that they are infected. Poor (stupid) guys without a virusscanner and a dumb email program that auto-opens the attachments, I guess. And once infected and using the matching email program, it goes <b>*boom*</b> and starts spreading child worms to every email adress it can find on the HD of the poor guy.

Most of the time, these infected people are seriously down and depressed once they notice what had happened... One seemed to be in tears when he replied to my "err, you've a worm/virus there"-reply to 20 baby worms that he had sent me.

Hehe... I received a lot of these worms when I had contacted a email-ring of medicine students once. All of the sudden, I got emails from all of them; I can't recall the name of the worm, but all of them were infected. Ah yeah... (prejudices of computer illiterate medicine students become alive)...



Greymouser, Apache,

as the others told you - the worms/virusses are most probably nothing personal against Eidos (I receive a lot of these too, and I hope that there aren't as many people around in the world that hate me.)

It only gets personal when there's a spammer using <i>your</i> email adress as fake sender when he is spamming you. Now <i>that</i> is making me <b><i><u>MAD !!!</u></i></b> I just *hope* he was using this fake method for all of the poor recipients of his spam, and not *mine* for all his &$§§%... oops, getting carried away again. Spammers make me mad.


Btw: http://www.spamcop.net

And get an email program that does not automatically open attachments (Pegasus comes into mind)

And keep your virusscanner updated.

Huntress
26th Jul 2002, 20:41
to take care of attachments opening or not when you click on a particular email too...I have it set to only open those from personal friends of mine automatically...and if it comes from my old email address (which I don't really get much anymore) I have them sent directly to the delete box or other emails from certain URL's that I don't want to see at all (spam stuff). So there is a workaround those kinds...of course you need to open the first one to ban that URL in the first place...but it does work for repeats from that site. Just an idea to consider :) Ta and Good Hunting!

ChristineS
30th Jul 2002, 21:42
I have got a new e-mail with a virus-attachment today. I have move it to my provider. But the sender was really funny, one of the firms that make Antivirusprogramms....:p
I have my virusscanner from them.... :D

TRoosevelt_26
30th Jul 2002, 22:31
I got the same virus (yes, got it) about two weeks ago (in an .scr file), and went to Symantec to get it off.

And I've been sent the same virus dozens of times with "Question" in the heading, etc., so it would appear that some idiot is sending approximately eighty-six copies to everyone on the face of the earth. :mad: