e-mail weirdness.. Can someone help?

[TheMan]

Hello,

I am getting weird e-mails (got like 20 in the last hour). They say

---------------------------
Hi! How are you?

I send you this file in order to have your advice

See you later. Thanks
---------------------------

Then I got one e-mail asking me what the file was as if I sent it to him ??
Anyone else getting this ?? Can anyone tell me what this is and how I can stp this.

THX

TheMan

[TheMan]

I am actually getting e-mails saying mail couldnt be delivered? I am not sending anyone e-mail though ??? I don't like the way things are looking... help anyone please.

TheMan

[Wizzo]

It's a new virus, we are talking with a few people effected...

[boneprone]

Im getting the same thing..

But fuck I opened it!! Wanna see what it says?

[Gemini]

Block the address/es. It could be an attempt to hit you with a virus or a virus itself trying to propogate itself. Then have a beer and watch TV.

[TheMan]

oh shit and I got it ? ;(

Fuck man... what can I do to stop this ?? ahhhhhhhhh! This is gonna drive me crazy and now it has done something to where people are gonna think I sent it ?

TheMan

[boneprone]

I fucking opened it.. this is what happened, and what I saw.

Fuck, here we go again!


Image File Header

Signature: 00004550

Machine: Intel 386

Number of Sections: 0008

Time Date Stamp: 2a425e19

Symbols Pointer: 00000000

Number of Symbols: 00000000

Size of Optional Header 00e0

Characteristics: File is executable (i.e. no unresolved external references).

Line numbers stripped from file.

Local symbols stripped from file.

Low bytes of machine word are reversed.

32 bit word machine.

High bytes of machine word are reversed.





Image Optional Header

Magic: 010b

Linker Version: 2.25

Size of Code: 0001a800

Size of Initialized Data: 00006c00

Size of Uninitialized Data: 00000000

Address of Entry Point: 0001a9a4

Base of Code: 00001000

Base of Data: 0001c000

Image Base: 00400000

Section Alignment: 00001000

File Alignment: 00000200

Operating System Version: 1.00

Image Version: 0.00

Subsystem Version: 4.00

Reserved1: 00000000

Size of Image: 00028000

Size of Headers: 00000400

Checksum: 00000000

Subsystem: Image runs in the Windows GUI subsystem.

DLL Characteristics: 0000

Size of Stack Reserve: 00100000

Size of Stack Commit: 00004000

Size of Heap Reserve: 00100000

Size of Heap Commit: 00001000

Loader Flags: 00000000

Size of Data Directory: 00000010

Import Directory Virtual Address: 0001f000

Import Directory Size: 000011ae

Resource Directory

Virtual Address: 00026000

Resource Directory Size: 00001800

Base Relocation Table

Virtual Address: 00023000

Base Relocation Table Size: 00002038

TLS Directory Virtual Address: 00022000

TLS Directory Size: 00000018





Import Table

kernel32.dll

Ordinal Function Name

0000 GetCurrentThreadId

0000 DeleteCriticalSection

0000 LeaveCriticalSection

0000 EnterCriticalSection

0000 InitializeCriticalSection

0000 VirtualFree

0000 VirtualAlloc

0000 LocalFree

0000 LocalAlloc

0000 VirtualQuery

0000 WideCharToMultiByte

0000 MultiByteToWideChar

0000 lstrlenA

0000 lstrcpynA

0000 lstrcpyA

0000 LoadLibraryExA

0000 GetThreadLocale

0000 GetStartupInfoA

0000 GetProcAddress

0000 GetModuleHandleA

0000 GetModuleFileNameA

0000 GetLocaleInfoA

0000 GetLastError

0000 GetCommandLineA

0000 FreeLibrary

0000 FindFirstFileA

0000 FindClose

0000 ExitProcess

0000 WriteFile

0000 UnhandledExceptionFilter

0000 SetFilePointer

0000 SetEndOfFile

0000 RtlUnwind

0000 ReadFile

0000 RaiseException

0000 GetStdHandle

0000 GetFileSize

0000 GetSystemTime

0000 GetFileType

0000 CreateFileA

0000 CloseHandle



user32.dll

Ordinal Function Name

0000 GetKeyboardType

0000 LoadStringA

0000 MessageBoxA

0000 CharNextA



advapi32.dll

Ordinal Function Name

0000 RegQueryValueExA

0000 RegOpenKeyExA

0000 RegCloseKey



oleaut32.dll

Ordinal Function Name

0000 VariantChangeTypeEx

0000 VariantCopyInd

0000 VariantClear

0000 SysStringLen

0000 SysFreeString

0000 SysReAllocStringLen

0000 SysAllocStringLen



kernel32.dll

Ordinal Function Name

0000 TlsSetValue

0000 TlsGetValue

0000 LocalAlloc

0000 GetModuleHandleA

0000 GetModuleFileNameA



advapi32.dll

Ordinal Function Name

0000 RegSetValueExA

0000 RegQueryValueExA

0000 RegOpenKeyExA

0000 RegFlushKey

0000 RegCreateKeyExA

0000 RegCloseKey

0000 GetUserNameA



kernel32.dll

Ordinal Function Name

0000 WriteFile

0000 WinExec

0000 WaitForSingleObject

0000 VirtualQuery

0000 VerLanguageNameA

0000 Sleep

0000 SetThreadPriority

0000 SetPriorityClass

0000 SetFilePointer

0000 SetFileAttributesA

0000 SetEndOfFile

0000 RemoveDirectoryA

0000 ReadFile

0000 MulDiv

0000 LoadLibraryA

0000 LeaveCriticalSection

0000 InitializeCriticalSection

0000 GlobalUnlock

0000 GlobalReAlloc

0000 GlobalHandle

0000 GlobalLock

0000 GlobalFree

0000 GlobalFindAtomA

0000 GlobalDeleteAtom

0000 GlobalAlloc

0000 GlobalAddAtomA

0000 GetWindowsDirectoryA

0000 GetVersionExA

0000 GetUserDefaultLangID

0000 GetTimeZoneInformation

0000 GetThreadLocale

0000 GetTempPathA

0000 GetSystemDirectoryA

0000 GetShortPathNameA

0000 GetProcAddress

0000 GetModuleHandleA

0000 GetModuleFileNameA

0000 GetLocaleInfoA

0000 GetLocalTime

0000 GetLastError

0000 GetDiskFreeSpaceA

0000 GetDateFormatA

0000 GetCurrentThreadId

0000 GetCurrentThread

0000 GetCurrentProcessId

0000 GetCurrentProcess

0000 GetCurrentDirectoryA

0000 GetComputerNameA

0000 GetCPInfo

0000 GetACP

0000 FormatMessageA

0000 FindNextFileA

0000 FindFirstFileA

0000 FindClose

0000 FileTimeToLocalFileTime

0000 FileTimeToDosDateTime

0000 EnumCalendarInfoA

0000 EnterCriticalSection

0000 DeleteFileA

0000 DeleteCriticalSection

0000 CreateFileA

0000 CreateEventA

0000 CopyFileA

0000 CompareStringA

0000 CloseHandle



mpr.dll

Ordinal Function Name

0000 WNetOpenEnumA

0000 WNetEnumResourceA



gdi32.dll

Ordinal Function Name

0000 UnrealizeObject

0000 StretchBlt

0000 SetTextColor

0000 SetROP2

0000 SetBkMode

0000 SetBkColor

0000 SelectPalette

0000 SelectObject

0000 RealizePalette

0000 MoveToEx

0000 GetTextMetricsA

0000 GetSystemPaletteEntries

0000 GetStockObject

0000 GetObjectA

0000 GetDeviceCaps

0000 GetDIBits

0000 GetCurrentPositionEx

0000 GetBitmapBits

0000 DeleteObject

0000 DeleteDC

0000 CreatePenIndirect

0000 CreatePalette

0000 CreateFontIndirectA

0000 CreateDIBitmap

0000 CreateCompatibleDC

0000 CreateCompatibleBitmap

0000 CreateBrushIndirect

0000 CreateBitmap



user32.dll

Ordinal Function Name

0000 ReleaseDC

0000 MessageBoxA

0000 LoadStringA

0000 LoadIconA

0000 GetSystemMetrics

0000 GetSysColor

0000 GetIconInfo

0000 GetDC

0000 DrawIconEx

0000 DestroyWindow

0000 DestroyIcon

0000 CreateIcon



shell32.dll

Ordinal Function Name

0000 ExtractIconA



wsock32.dll

Ordinal Function Name

0000 WSAStartup

0000 WSAGetLastError

0000 gethostname

0000 getservbyname

0000 getprotobynumber

0000 gethostbyname

0000 socket

0000 send

0000 select

0000 recv

0000 ioctlsocket

0000 inet_addr

0000 htons

0000 getsockname

0000 getpeername

0000 connect

0000 closesocket



wininet.dll

Ordinal Function Name

0000 InternetGetConnectedState



Section Table

Section name: CODE

Virtual Size: 0001a790

Virtual Address: 00001000

Size of raw data: 0001a800

Pointer to Raw Data: 00000400

Pointer to Relocations: 00000000

Pointer to Line Numbers: 00000000

Number of Relocations: 0000

Number of Line Numbers: 0000

Characteristics: Section contains code

Section is executable

Section is readable



Section name: DATA

Virtual Size: 00001c94

Virtual Address: 0001c000

Size of raw data: 00001e00

Pointer to Raw Data: 0001ac00

Pointer to Relocations: 00000000

Pointer to Line Numbers: 00000000

Number of Relocations: 0000

Number of Line Numbers: 0000

Characteristics: Section contains initialized data

Section is readable

Section is writeable



Section name: BSS

Virtual Size: 00000f25

Virtual Address: 0001e000

Size of raw data: 00000000

Pointer to Raw Data: 0001ca00

Pointer to Relocations: 00000000

Pointer to Line Numbers: 00000000

Number of Relocations: 0000

Number of Line Numbers: 0000

Characteristics: Section is readable

Section is writeable



Section name: .idata

Virtual Size: 000011ae

Virtual Address: 0001f000

Size of raw data: 00001200

Pointer to Raw Data: 0001ca00

Pointer to Relocations: 00000000

Pointer to Line Numbers: 00000000

Number of Relocations: 0000

Number of Line Numbers: 0000

Characteristics: Section contains initialized data

Section is readable

Section is writeable



Section name: .tls

Virtual Size: 0000000c

Virtual Address: 00021000

Size of raw data: 00000000

Pointer to Raw Data: 0001dc00

Pointer to Relocations: 00000000

Pointer to Line Numbers: 00000000

Number of Relocations: 0000

Number of Line Numbers: 0000

Characteristics: Section is readable

Section is writeable



Section name: .rdata

Virtual Size: 00000018

Virtual Address: 00022000

Size of raw data: 00000200

Pointer to Raw Data: 0001dc00

Pointer to Relocations: 00000000

Pointer to Line Numbers: 00000000

Number of Relocations: 0000

Number of Line Numbers: 0000

Characteristics: Section contains initialized data

Section is shareable

Section is readable



Section name: .reloc

Virtual Size: 00002038

Virtual Address: 00023000

Size of raw data: 00002200

Pointer to Raw Data: 0001de00

Pointer to Relocations: 00000000

Pointer to Line Numbers: 00000000

Number of Relocations: 0000

Number of Line Numbers: 0000

Characteristics: Section contains initialized data

Section is shareable

Section is readable



Section name: .rsrc

Virtual Size: 00001800

Virtual Address: 00026000

Size of raw data: 00001800

Pointer to Raw Data: 00020000

Pointer to Relocations: 00000000

Pointer to Line Numbers: 00000000

Number of Relocations: 0000

Number of Line Numbers: 0000

Characteristics: Section contains initialized data

Section is shareable

Section is readable



Header Information

Signature: 5a4d

Last Page Size: 0050

Total Pages in File: 0002

Relocation Items: 0000

Paragraphs in Header: 0004

Minimum Extra Paragraphs: 000f

Maximum Extra Paragraphs: ffff

Initial Stack Segment: 0000

Initial Stack Pointer: 00b8

Complemented Checksum: 0000

Initial Instruction Pointer: 0000

Initial Code Segment: 0000

Relocation Table Offset: 0040

Overlay Number: 001a

Reserved: 0000 0000 0000 0000

0000 0000 0000 0000

0000 0000 0000 0000

0000 0000 0000 0000

Offset to New Header: 00000100

Memory Needed: 1K

[Gemini]

Most are set up to work on Outlook, so hopefully you don't use it! If you have no addies in that program you won't pass it but now ya gotta go and BUY Norton Antivirus like you should have been running in the first place.

[TheMan]

I am running norton virus
it didnt catch it ?

TheMan

[Gemini]

WoW! That puppy does everything but give them a cab ride to your house and a key to your door. Better get the chasity belt out for the Mrs. tonight Bone. lol

[Gemini]

Do you keep Norton updated every week? Hmmm?

Better go to http://www.symantec.com/avcenter/index.html and keep an eye on that site to get a fix as soon as it comes out. Might also want to take the time to scan from there as well. They have an online virus scan on that page towards the bottom. I can't send the addy cuz the site has to scan your system going in to it to be accurate.

-------------------------------
I should be getting paid by Peter Norton and getting the Big Dollars!

[Minte]

http://vil.mcafee.com/dispVirus.asp?virus_k=99069

W32/Badtrans@MM

Sound a lot like this virus,i just got it cleaned out
good luck

[Techie Media]

Shittttttt I got it to.. and I update norton everyday... and it actually picked up emails from my contact list in outlook express and sent it to some people. I think Wizzo, Tanker and who knows who else...Fuck Bros Iam sorry, But it didnt start with me..
What a day...

------------------
Smile and Be Happy

Lightning Free Hosting
Girls Host
Gay Free Hosting

[boneprone]

Yep, I run and update Norton and Mcafee everyday, and it didnt catch it either.

[Techie Media]

Gem, babe, good idea, Iam on my way now to do the system check online at Norton, even though I update like everyday....fuck..
Today was like 1 big headache..

[TheWatcher]

I have a virus that sound familiar... It makes copies of the e-mails i recieve and sends a e-mail to the server it came from.. and it expands... ugh =o)

[boneprone]

I did the check on-line and nothing.. We are the first victums, and there is no cure for this virus.

[Gemini]

Lots of stealth embedding worms use to be able to hide from virus scans if that scanner is on the same hard drive. Norton takes some time to run but you will find things that yours may not see if you have anything at all. Never hurts if you are dealing with a system full of important files.

And watch your registries. lol

[Gemini]

Norton will have a free fix online first. And they are quick about it too. They have a link to send them a copy of the virus, so send them the mail however they want you to do it and watch their dust! lol

[TheMan]

Well I got ME so I just restored my computer back to a certain point.

Worked like a charm

TheMan