Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: Got strange virus/worm/trojan

  1. #1
    Senior Member
    Join Date
    Feb 2002
    Posts
    253

    Got strange virus/worm/trojan

    On 3/9, a 34KB email appeared in my hotmail Inbox. The sender was Shavon and the Subject was This your ph_oto^?

    I fowarded it to a comcast a/c and d/l into the Inbox of an OE 6.0 and saw that the 23.7KB attachment was named p_usb.zip and the message was Is this your photo? I cant belive it made it onto the internet ! BTW, the email scanning feature on NAV2003( defs 3/8) didn't detect is as evilware.

    Later on 3/9, I sent the email from the hotmail a/c to an MSN a/c, which didn't detect anything.
    Using another computer, I d/l the email using OE6.0, again protected by NAV2003 (defs 3/8).
    NAV picked up nothing. A few days later, the 3/10 defs didn't detect is then I d/l it.

    I haven't tried to open the attachment and am trying to figure out what it is. Any suggestions ? BTW, I don't have a computer that is never connected to the internet.

  2. #2
    Junior Member
    Join Date
    Sep 2003
    Posts
    12
    You know what... This reallly pisses me off.......

    I usually only use web based, for the past couple years anyway, but a couple days ago I logged into my hotmail account, opened up one msg and I think that's how my win.ini boot.ini and sys.ini got erased. Oh man... You should use webbased, not near as quality but at least it's a bit more secure. I would guess a LOT more secure. What do you think?

  3. #3
    Senior Member
    Join Date
    Feb 2002
    Posts
    253

    Web-based mail

    I've had a bunch of web-based email accounts for some time,
    but rarely used them until 2001 & 2002, when I was unable to
    get to my computer. Hotmail, Yahoo & BigRed.net were my only means of communication. . I now mainly use the web-based accounts,
    .NET Passport, to prune my MSN a/c of spam, but I communicate
    with Hotmail & Yahoo every now and then.
    I never considered the security aspect.

  4. #4
    Member
    Join Date
    Nov 2003
    Posts
    88
    bucket:
    I remember reciving something like this about a year ago or so. My AV didn't recognize it either so I ran it on my test computer and if I remember correctly it ended up being some type of sex-dialer that just installed itself everywhere.
    A subject title of 'This your ph_oto^?' for me really rings a massive bell that its big time spam. So I would say don't bother opening it, just hit the delete button.

    Do you have a non-Windows computer? Because if you do then you could open it up on you other box, as 99% (don't quote me on that figure) of spyware tends to be for Windows based systems and therefore can't run on a non-Windows computer.
    -HDD

  5. #5
    Senior Member
    Join Date
    Feb 2002
    Posts
    1,210
    attach it here and let us look at it.

    edit: on second thought.. maybe attaching it isn't such a good idea..
    some folks looking through your profile might click it and wouldn't know.
    upload it somewhere or send me a pm and I'll give you my email address.

  6. #6
    Senior Member
    Join Date
    Feb 2002
    Posts
    1,210
    bucket.. I got your email via my yahoo address and yahoo which uses norton (i believe) picked it up right away as being Trojan.Download.Inor.B

    your definitions are up to date ? strange it wasn't found..

    click here for your reading pleasure, lol

  7. #7
    Senior Member
    Join Date
    Feb 2002
    Posts
    253
    Thanks a lot for the info.
    My defs are dated 3/10/2004 & NAV2003's email scanning was enabled.
    Another thing - the infected email had 20 {names/email addys} in the header.
    I've never seen that before.

  8. #8
    Junior Member
    Join Date
    Mar 2004
    Posts
    9
    It probably is a homemade virus, which would explain why your antivirus programs won't pick it up. Just delete it. You know it's not yours, and you don't reconize the email, so why open it? It's only a risk.

  9. #9
    Senior Member
    Join Date
    Feb 2002
    Posts
    253
    Parr0t,

    I'm just curious. That's all.
    Descriptionwise, this is what it resembles:

    http://de.trendmicro-europe.com/ente...e=TROJ_CIDRA.D

    I just can't figure out why 2 copies of NAV 2003 with 3/8 defs failed to detect it.
    Whether it is Trojan.Downloader.Inor.b or the older Troj.Cidra.d, NAV 2003 should have gone off. But neither copy did. Why, he wonders.

    If I had to guess, I'd say that I picked up a brand new variation of something.
    Looks like I'll never know (audible sigh).

  10. #10
    Junior Member
    Join Date
    Mar 2004
    Posts
    9
    You know, if the person who made the virus took the newest version of it and modified it ever so slightly, therefore making it homemade and different than the other one, it would not be detected by the antivirus program. And even if they DIDN'T take and modify a different virus, they could've just made one from scratch. And the program wouldn't be able to detect it.

    Just a thought.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •