Re: IFrame.Exploit virus
Hello Mrten, On Fri, 19 Apr 2002 18:25:00 +0200 GMT your local time, which was Friday, April 19, 2002, 11:25:00 PM (GMT+0700) my local time, Mrten wrote: Om 18:09 op vrijdag 19 april 2002, David van Zuijlekom: Hi Jean-Luc, Cab't you disable Norton, then delete the email and re-activate Norton? I guess I could I am just worried that doing this it could do some damages in my machine. A virus can't do a thing without your interaction. If you don't execute it nothing can happen. So you can safely disable Norton and delete the file. err! do not delete the file or you'll be losing all messages in your inbox! Why? never had problems deleting a file from an inbox -- Best regards, tracer Using theBAT 1.60c mail to : [EMAIL PROTECTED] C.C.S. Associates FAX (USA): (208) 460-3753 pgp 6.5.3 : 0x909D9B10 Current Ver: 1.60c FAQ: http://faq.thebat.dutaint.com Unsubscribe: mailto:[EMAIL PROTECTED] Archives : http://tbudl.thebat.dutaint.com Moderators : mailto:[EMAIL PROTECTED] TBTech List: mailto:[EMAIL PROTECTED]
Re: IFrame.Exploit virus
Hello Corobori, On Fri, 19 Apr 2002 11:57:52 -0400 GMT your local time, which was Friday, April 19, 2002, 10:57:52 PM (GMT+0700) my local time, Corobori wrote: Hello Gerard, Friday, April 19, 2002, 11:30:57 AM, you wrote: G Hi Jean-Luc, Cab't you disable Norton, then delete the email and G re-activate Norton? I guess I could I am just worried that doing this it could do some damages in my machine. Even on Norton's website they don't describe what the IFrame.Exploit virus does ! NAV says: No additional information and Likelihood: Rate If I remember correctly its a potential security hole possible to fix via MS update. Warning doesnt mean you are infected, but means you COULD get infected on the wrong webpage if the AV wasnt running... -- Best regards, tracer Using theBAT 1.60c mail to : [EMAIL PROTECTED] C.C.S. Associates FAX (USA): (208) 460-3753 pgp 6.5.3 : 0x909D9B10 Current Ver: 1.60c FAQ: http://faq.thebat.dutaint.com Unsubscribe: mailto:[EMAIL PROTECTED] Archives : http://tbudl.thebat.dutaint.com Moderators : mailto:[EMAIL PROTECTED] TBTech List: mailto:[EMAIL PROTECTED]
Re: Corrupted attachements
Good morning tracer, It was foretold that on 21-4-2002 @ 07:30:03 GMT+0700 (which was 2:30:03 where I live) tracer wrote and spread these wise comments on Corrupted attachements: snipped a bit t What format are they?? t Shouldnt matter but on the other hand try saving to hard disk, just in t case your cdrom writer or cd has a problem... CD problem :-( -- Best regards, Lucmailto:[EMAIL PROTECTED] --- Powered by The Bat! version 1.60c with Windows 2000 (build 2195), version 5.0 and using the best browser: Opera. When a thing has been said and said well, have no scruple. Take it and copy it. Anatole France (1844-1924). Current Ver: 1.60c FAQ: http://faq.thebat.dutaint.com Unsubscribe: mailto:[EMAIL PROTECTED] Archives : http://tbudl.thebat.dutaint.com Moderators : mailto:[EMAIL PROTECTED] TBTech List: mailto:[EMAIL PROTECTED]
Re: error message from email
Hello Paul, On Friday, April 19, 2002 at 7:55:18 PM you wrote (at least in part): PC I'm not sure what happened here. I know I replied to a message that PC was sent to me, I'm looking in my sent folder and the message says it PC was sent to [EMAIL PROTECTED] , yet here is the error message I PC received: PC The original message was received at Fri, 19 Apr 2002 12:50:54 -0500 (CDT) PC from IDENT:[EMAIL PROTECTED] [212.56.195.233] PC- The following addresses had permanent fatal errors - PC [EMAIL PROTECTED] PC (reason: 541 Failure: this address is blacklisted) Seems there's an forwarding of mails directed to '[EMAIL PROTECTED]' to '[EMAIL PROTECTED]' set up on RITs mail server. I'd suggest you write a note to '[EMAIL PROTECTED]' and inform about this issue and when you sent your original mail and ask if you should re-sent the mail or if it was caught by a mail distributor and already delivered additionally to the error message you got. -- Regards Peter Palmreuthermailto:[EMAIL PROTECTED] (The Bat! v1.60c on Windows 2000 5.0 Build 2195 Service Pack 1) How wonderful opera would be if there were no singers. Current Ver: 1.60c FAQ: http://faq.thebat.dutaint.com Unsubscribe: mailto:[EMAIL PROTECTED] Archives : http://tbudl.thebat.dutaint.com Moderators : mailto:[EMAIL PROTECTED] TBTech List: mailto:[EMAIL PROTECTED]
Re: A good tool: Win32.Klez worm sent by me via The Bat!?
Hello Mike, On Friday, April 19, 2002 at 11:20:37 PM you wrote (at least in part): MH A colleague of mine has just received a message from me (without my MH knowledge of sending it) which appears to be related to the Win32.Klez MH worm. MH There was no attachment from me. MH How could this happen with TB? I don't use Outlook, and I thought that MH this worm exploited Outlook. I am VERY vigilant about attachments, and MH have TB! set up to not allow opening of MH *.COM,*.EML,*.CMD,*.JS,*.PL,*.BAS,*.JAVA,*.REG, MH *.EXE,*.VBS,*.PIF,*.SCR,*.SHS files. First: if TB! would have sent this message it will resist in your 'Sent' folder. Have a look there ... (Albeit I can't believe TB! has been sent it, have a look to be sure). Second: You write you're not _using_ Outlook. Do you have it installed anyway and maybe some aeons ago configured to work properly? Does Outlook (if installed) or Outlook Express have knowledge about your account data (name, e-mail-address, SMTP-server)? The 'Received:' headers look like it were your computer having sent this mail (same IP, sadly no HELO oder EHLO string :-( ). But there're 'In-Reply-To:' and 'References:' headers too ... quite unusual as even if the worm could have used MAPI-interface without you recognizing (which I can't imagine, btw) how should it know about the original message ID? It will have to be able to read the TB! message database format to figure out that ... and I've not read 'Klez' is able to do so ... You have written 'There was no attachment from me.' ... does that mean the recipient had no attachment in the mail? If so there's no 'Klez' issue we could talk about, as 'Klez' is spreading itself and not sending empty messages :-) To come to an end: I'd suggest updating the signature file and re-scan your whole system again. Installing a second AV-software would be also a good idea, in case there's a new variant of Klez around NAV has not yet in the signature file. E.g. http://www.free-av.com/ (which is _really_ slow over here) the (faster) direct download links are: Win9x http://www.free-av.de/personal/en/win9x/avwin9xp.exe Win2000/XP http://www.free-av.de/personal/en/winnt/avwinntp.exe -- Regards Peter Palmreuthermailto:[EMAIL PROTECTED] (The Bat! v1.60c on Windows 2000 5.0 Build 2195 Service Pack 1) Gone back into the darkness Current Ver: 1.60c FAQ: http://faq.thebat.dutaint.com Unsubscribe: mailto:[EMAIL PROTECTED] Archives : http://tbudl.thebat.dutaint.com Moderators : mailto:[EMAIL PROTECTED] TBTech List: mailto:[EMAIL PROTECTED]
Re: Corrupted attachements
Hello Luc, On Sat, 20 Apr 2002 02:42:47 +0200 GMT your local time, which was Saturday, April 20, 2002, 7:42:47 AM (GMT+0700) my local time, Luc wrote: Good night list, The last few days i have a strange problem: if i receive pics as an attachment and i save them from TB! directly to a cd, they become corrupted. This causes my cd drive to freeze up and even my pc. I don't think it's a virus because my AV didn't gave me a warning. Also, it doesn't matter who sends me the pics. It's the same problem with different senders. Has anybody a clue what this could be? What format are they?? Shouldnt matter but on the other hand try saving to hard disk, just in case your cdrom writer or cd has a problem... -- Best regards, tracer Using theBAT 1.60c mail to : [EMAIL PROTECTED] C.C.S. Associates FAX (USA): (208) 460-3753 pgp 6.5.3 : 0x909D9B10 Current Ver: 1.60c FAQ: http://faq.thebat.dutaint.com Unsubscribe: mailto:[EMAIL PROTECTED] Archives : http://tbudl.thebat.dutaint.com Moderators : mailto:[EMAIL PROTECTED] TBTech List: mailto:[EMAIL PROTECTED]
Re: A good tool: Win32.Klez worm sent by me via The Bat!?
Hello Peter, Thanks very much for your reply. First: if TB! would have sent this message it will resist in your 'Sent' folder. Have a look there ... (Albeit I can't believe TB! has been sent it, have a look to be sure). I believe you are correct.. it was not in my sent folder. I have been looking for more information on this worm and I read on alt.comp.virus that it forges the From header, making it look as though it came from an individual. Second: You write you're not _using_ Outlook. Do you have it installed anyway and maybe some aeons ago configured to work properly? Does Outlook (if installed) or Outlook Express have knowledge about your account data (name, e-mail-address, SMTP-server)? Outlook had been installed when my laptop was initially configured by the computer folks at work. I've never actually started it up or configured it; I've used TB! for a few years. You have written 'There was no attachment from me.' ... does that mean the recipient had no attachment in the mail? If so there's no 'Klez' issue we could talk about, as 'Klez' is spreading itself and not sending empty messages :-) She originally indicated that there was no attachment, and upon reexamining it in her trash folder (of her Outlook program), said there was one. She deleted it without taking note of its name or extension. To come to an end: I'd suggest updating the signature file and re-scan your whole system again. Installing a second AV-software would be also a good idea, in case there's a new variant of Klez around NAV has not yet in the signature file. Thanks. I registered KAV (because of its integration with TB!), and scanned my system. It identified Exploit.IFrame.FileDownload in the trash folder of TB! (I had deleted the message that she had sent me, which had a copy of the original message that I was alleged to have sent her). Interestingly, I had set KAV to delete infected files, and it deleted all the messages in the trash (not a huge problem obviously, but I usually keep 5000 messages there). -- Regards, Mike Using The Bat! 1.60d under Windows 98 4.10 Build A = = = = = = = = = = = = = = = = = = = = = = = = = = = = = Mike Harlos Winnipeg, Manitoba, Canada PGP Keys: DH/DSS- 0x8CD85BCERSA- 0xBBDB40B1 = = = = = = = = = = = = = = = = = = = = = = = = = = = = = Current Ver: 1.60c FAQ: http://faq.thebat.dutaint.com Unsubscribe: mailto:[EMAIL PROTECTED] Archives : http://tbudl.thebat.dutaint.com Moderators : mailto:[EMAIL PROTECTED] TBTech List: mailto:[EMAIL PROTECTED]
Re: A good tool: Win32.Klez worm sent by me via The Bat!?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sat, 20 Apr 2002, at 18:31:39 +0200 Peter wrote: PP Win9x http://www.free-av.de/personal/en/win9x/avwin9xp.exe AntiVir Personal Edition (today's update, newest version) unfortunately cannot detect even old viruses/trojan/worms, as Weird, Magistr etc are. Mandara - -- (__) If you need this key: ('') mailto:[EMAIL PROTECTED]?subject=0x257DFF36 \/ -BEGIN PGP SIGNATURE- iD8DBQE8wkeKvgcu6yV9/zYRAvGdAJ4nIN0nyqRVl2VVP+sDB/UZWS31ewCePhUB bJMg1vAB/1UhpeEwI56O4Ww= =R6Ml -END PGP SIGNATURE- Current Ver: 1.60c FAQ: http://faq.thebat.dutaint.com Unsubscribe: mailto:[EMAIL PROTECTED] Archives : http://tbudl.thebat.dutaint.com Moderators : mailto:[EMAIL PROTECTED] TBTech List: mailto:[EMAIL PROTECTED]
Re: version d
This message bounced back to me, sorry if anyone receives it twice. Hi Lynna, On Friday, April 19, 2002 at 12:50:26 [GMT -0800], you wrote: LL Well I am in Alaska,(USA) on Alaska time, maybe that has something LL do to with it ; ) That would definitely be an explanation for your time zone, but it doesn't explain the strange time which my system calculates for your messages. :-) BTW, I returned to 1.60d and had TB reindex my folders. Now it shows the correct local time for your messages. It seems that the time calculation routines exchanged + and -. So, instead of +10 hours difference (+0200 - -0800 = +1000) it calculated -6 hours (0200 + -0800 = -0600). That's why 06:23 became 00:23 on my system instead of 16:23. -- Regards, Lars The Bat! 1.60d on Windows XP 5.1 Build 2600 |Lars Geiger | mailto:[EMAIL PROTECTED]| Current Ver: 1.60c FAQ: http://faq.thebat.dutaint.com Unsubscribe: mailto:[EMAIL PROTECTED] Archives : http://tbudl.thebat.dutaint.com Moderators : mailto:[EMAIL PROTECTED] TBTech List: mailto:[EMAIL PROTECTED]