DodgeIntrepid.Net Forums banner

1 - 15 of 15 Posts

·
Registered
Joined
·
4,980 Posts
Discussion Starter #1
Please Read the Following:

A very nasty virus is currently making it's rounds...I have received at least 10 emails containing the virus just in the past two days. www.car-truck was hit with it and caused a bunch of havoc with their site (see this link for their horror story http://www.car-truck.com/chryed/buzz/b072301.htm )

Read below and keep an eye on your emails that you receive. Remember, don't ever open an executable file from someone you don't know.
____________________________________________

If you receive an e.mail from someone which begins and ends with the phrases "Hi! How are you?" and "See you later. Thanks" and contains an attachments, DELETE IT IMMEDIATELY - DO NOT OPEN THE ATTACHMENT. Also please note that those key phrases could be in English or Spanish.


Email Text
I send you this file in order to have your advice
I hope you can help me with this file that I send
I hope you like the file that I sendo you
This is the file with the information that you ask for

This virus arrives as an email message with the following content:

Subject: The subject of the email will be random, and could be the same as the file name of the attachment in the email.
Attachment: The attachment will be a file taken from the sender's computer and will have the extension .bat, .com, .lnk or .pif added to it.
Message: The message body will be semi-random, but will always contain one of the following two lines (either English or Spanish) as the first and last sentences of the message.

Spanish Version:
First line: Hola como estas ?
Last line: Nos vemos pronto, gracias.

English Version:
First line: Hi! How are you?
Last line: See you later. Thanks
 

·
Registered
Joined
·
2,676 Posts
this thing still around?? it was sooo last week ;) i got it like 4 times on friday, but haven't again since then. even though i didn't know about the virus, I know enough not to open any attachments that end in .bat or .com from someone i don't know :)
 

·
Registered
Joined
·
4,980 Posts
Discussion Starter #3
LOL :) ...I've been getting it for a week too, but hey...don't want any of my 'trep buds to screw up their system. A bunch of people at my work were "smart" enough to open it and now alot of computers are going apesh*t. Seems like every other email I get is this stupid thing.
 

·
Registered
Joined
·
502 Posts
Actually, I think I got infected by it on my Windows 2000 machine at home. Here's some interesting stuff I found out:

It's name matches that as described on Car & Truck's website. mine has the name SirC32.exe

I noticed something was up when I came home from school one day and noticed that ALL of my 512 MB of RAM were used up. I ended up with a warning message saying my Virtual Memory was kicking in and would override system settings to keep my computer stable. Well, that's unacceptable. Period.

So I opened up Task Manager and found that program (SirC32.exe) running in the in background and the little biatch had a memory size of my entire RAM set plus the VMM. So I killed it (ended the process) and my RAM returned and everything works normally.

Also, I haven't receieved any emails from people saying I've been sending infected emails containing the virri. So I assume once I ended the program it could no longer funciton and send itself out.

In short...if you have Windows 2000 on your computer and you think you've been infected, open up Task Manager (Ctl-Alt-Del) and look in the Processes tab for a program named something with "SirC32" or something like that. You'll also notice it contains the largest memory size of any program in the list.

As for my situation, I'll wait and see when they come out with a fix for it. Until that time I just kill the program everytime I start up my computer.

Just my input for those of you not in the position to reformat your machines and are running W2k.
 

·
Registered
Joined
·
4,980 Posts
Discussion Starter #7
Funny...I post this so noone gets a virus...and I scan my computer just 15 minutes ago....

I have 5,647 files named AS LOVELETTR.VBS

lol :)

Needless to say, it's gone now...but jeez!!!
 

·
Registered
Joined
·
2,676 Posts
How did that happen??

Speaking of anti-virus, I just finally setup my anti-virus software to auto-update and scan my drives automatically once a week. I don't know why I never did this before :D I kept putting it off!
 

·
Registered
Joined
·
4,980 Posts
Discussion Starter #9
??? Wish I knew!

I know for sure I didn't get it from an email (unless my g/f opened one?) I use Outlook 6, and we have different contexts, so I don't read her mail...so she might have opened up something. Dont' know...no use worrying about it now though. :)
 

·
Registered
Joined
·
349 Posts
ATFCharger, even though you found the fix now, maybe there was something you could have done? I'm not as familiar with 2000 as I am with the home pc breeds but I'm thinking until you found a fix, you could have looked in the system registry... did a search for anything that had anything to do with sirc.exe. That could at least keep it from running upon boot. But either way, you have the fix now so it doesn't matter :)
 

·
Registered
Joined
·
4,739 Posts
This ****ing blows. This virus really starts to get busy while im out of town on business. I hope my exchange servers at the job updated themselves and detected this **** or else im gonna have fun cleaning this crap out. Ill find out tomorrow morning when i return.

Blah.... viruses suck (especially when you have ditsy ppl at my job that will click on anything they get).
 

·
Registered
Joined
·
502 Posts
Actually, I was not aware of the registry entry until I read some news articles on the virus. But by then, Symantec had a fix anyway. As far as I know I didn't send out anything to others.
 

·
Registered
Joined
·
4,739 Posts
Well this virus wiped out half the files on this one guy's PC here at my job. Had to reinstall windows.

Hopefully this will be minimal. I hate giving the help desk guys repeated work. LOL ;O)
 

·
Registered
Joined
·
4,980 Posts
Discussion Starter #15
Yeah, I got 3 today...it only seems to come on my hotmail account...not on my msn account...hmmmm...
 
1 - 15 of 15 Posts
Top