DodgeIntrepid.Net Forums banner


1375 Views 14 Replies 6 Participants Last post by  DMAG
Please Read the Following:

A very nasty virus is currently making it's rounds...I have received at least 10 emails containing the virus just in the past two days. was hit with it and caused a bunch of havoc with their site (see this link for their horror story )

Read below and keep an eye on your emails that you receive. Remember, don't ever open an executable file from someone you don't know.

If you receive an e.mail from someone which begins and ends with the phrases "Hi! How are you?" and "See you later. Thanks" and contains an attachments, DELETE IT IMMEDIATELY - DO NOT OPEN THE ATTACHMENT. Also please note that those key phrases could be in English or Spanish.

Email Text
I send you this file in order to have your advice
I hope you can help me with this file that I send
I hope you like the file that I sendo you
This is the file with the information that you ask for

This virus arrives as an email message with the following content:

Subject: The subject of the email will be random, and could be the same as the file name of the attachment in the email.
Attachment: The attachment will be a file taken from the sender's computer and will have the extension .bat, .com, .lnk or .pif added to it.
Message: The message body will be semi-random, but will always contain one of the following two lines (either English or Spanish) as the first and last sentences of the message.

Spanish Version:
First line: Hola como estas ?
Last line: Nos vemos pronto, gracias.

English Version:
First line: Hi! How are you?
Last line: See you later. Thanks
See less See more
1 - 3 of 15 Posts
Actually, I think I got infected by it on my Windows 2000 machine at home. Here's some interesting stuff I found out:

It's name matches that as described on Car & Truck's website. mine has the name SirC32.exe

I noticed something was up when I came home from school one day and noticed that ALL of my 512 MB of RAM were used up. I ended up with a warning message saying my Virtual Memory was kicking in and would override system settings to keep my computer stable. Well, that's unacceptable. Period.

So I opened up Task Manager and found that program (SirC32.exe) running in the in background and the little biatch had a memory size of my entire RAM set plus the VMM. So I killed it (ended the process) and my RAM returned and everything works normally.

Also, I haven't receieved any emails from people saying I've been sending infected emails containing the virri. So I assume once I ended the program it could no longer funciton and send itself out.

In short...if you have Windows 2000 on your computer and you think you've been infected, open up Task Manager (Ctl-Alt-Del) and look in the Processes tab for a program named something with "SirC32" or something like that. You'll also notice it contains the largest memory size of any program in the list.

As for my situation, I'll wait and see when they come out with a fix for it. Until that time I just kill the program everytime I start up my computer.

Just my input for those of you not in the position to reformat your machines and are running W2k.
See less See more
Did I mention I always take the hard way out? has a removal tool, just got works. No more infuction.

Actually, I was not aware of the registry entry until I read some news articles on the virus. But by then, Symantec had a fix anyway. As far as I know I didn't send out anything to others.
1 - 3 of 15 Posts