Re[2]: Virus On Mail Check
-BEGIN PGP SIGNED MESSAGE- Que tal Marcel, ...and erase your windows\temp directoy - -- |\ /^~~^\ /| -qqQ-\O||O/-Qpp---=Siguiendo el tema=--- \oo/ ~~ El Viernes 30 de Noviembre de 2001 a las 22:40:53 GMT (osease, a las 3:40 PM en mi México lindo), Marcel en el mensaje con tema: Virus On Mail Check comento (por lo menos en parte y quiza acotado por mi): M So Markus was right. M After you've found out that an infected message is sent, delete it M from the server manually, either by webmail, or the mail dispatcher. Yes :-) - --d--b-=Fin de la copia del mensaje=- () \()/ \/ - -- -=ToÑo.!=- 'Lo horrendo de los verdaderos infiernos es que tienen una ventana por la que se ve el paraíso' (Enrique Solari) ,,, (^;^) ,,,__ -=ToÑo.!=- [EMAIL PROTECTED] ICQ-UIN:50036143 Llave PGP http://a_mi_go_.4d2.net __w__w_ The information contained in this transmission, which may be confidential and proprietary, is only for the intended recipients. Unauthorized use is strictly prohibited. If you receive this transmission in error, please notify me immediately by telephone or electronic mail and confirm that you deleted this transmission and the reply from your electronic mail system. /// CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ¢ -BEGIN PGP SIGNATURE- Version: PGP 6.5i Comment: Apasionate y Apasiona iQCVAwUBPAkUkIPdrd6lx+FTAQG4OQQArtTBvaHguKhr+iMI/8bP1YyaluyjyzUD uq7OH290owiB1XO2wLGqW+yhr8S3HKkMN6EhkifzNKfMCnm0hOBydl2dOV25tfT8 X/SSB8eqtqZshA5g8IU7LqljRHb+k41qlDqocdIDOuJJtdGn5xT7To2EOZPtoupG BgajlChoRZ8= =NJPk -END PGP SIGNATURE- _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com -- Archives : http://tbudl.thebat.dutaint.com Moderators : mailto:[EMAIL PROTECTED] TBTech List: mailto:[EMAIL PROTECTED] Unsubscribe: mailto:[EMAIL PROTECTED] Latest Vers: 1.53d FAQ: http://faq.thebat.dutaint.com
Re: Virus On Mail Check
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi -=ToÑo.!=-, On Saturday, December 01, 2001, -=ToÑo.!=- wrote: T ...and erase your windows\temp directoy You really don't have to. As soon as the AVS shout VIRUS ALERT just select delete file, and problem solved. I tried to move the file, McAfee complainted that it couldn't be moved, but it had. Then (with on-access-scan ON) there was NO WAY McAfee let me open the file. Not even in a simple Dos-editor. Setting the OAS off is at this moment no option, because the account that received the infected messages is only known to people, who are visiting a special website, that means that if I already got two infected messages, there will be a lot more to come. :( - -- Cheers, Marcel... PGP Key ID: 0xADB5413E PGP Key: mailto:[EMAIL PROTECTED]?Subject=SendPGPKey ... A visit to a strange place will bring fresh work. Using TB! v1.53d on Windows 98 4.90 Build 3000 (ME) -BEGIN PGP SIGNATURE- Version: PGP 6.5i iQA/AwUBPAkIZJtVOcettUE+EQLagQCcD7zgRN+5PVL1lRueft7xYIXGtpEAoOJH L+2qhU9c/3Yywc4BsSUNU9qZ =lY6X -END PGP SIGNATURE- -- Archives : http://tbudl.thebat.dutaint.com Moderators : mailto:[EMAIL PROTECTED] TBTech List: mailto:[EMAIL PROTECTED] Unsubscribe: mailto:[EMAIL PROTECTED] Latest Vers: 1.53d FAQ: http://faq.thebat.dutaint.com
Virus On Mail Check
ver 1.53d winXP norton antivirus 2002 When the Bat checks mail, it creates a temp file in Documents and settingsNameLocal Internet..Temp The name changes everytime (bat237.tmp, bat230.tmp, etc.) It is infected with the [EMAIL PROTECTED] virus. because the file is a tmp and disapears in a matter of secs, it can never be fixed. i have done a system wide scan and found no other viruses. it only appers during those few secs when checking mail. Any ideas? thanks, andy -- Archives : http://tbudl.thebat.dutaint.com Moderators : mailto:[EMAIL PROTECTED] TBTech List: mailto:[EMAIL PROTECTED] Unsubscribe: mailto:[EMAIL PROTECTED] Latest Vers: 1.53d FAQ: http://faq.thebat.dutaint.com
Re: Virus On Mail Check
Hi, On Friday, November 30, 2001, 3:32:11 PM, Andrew P Stenz wrote: When the Bat checks mail, it creates a temp file in Documents and settingsNameLocal Internet..Temp The name changes everytime (bat237.tmp, bat230.tmp, etc.) It is infected with the [EMAIL PROTECTED] virus. because the file is a tmp and disapears in a matter of secs, it can never be fixed. i have done a system wide scan and found no other viruses. it only appers during those few secs when checking mail. Any ideas? Use the mail dispatcher (Shift-Ctrl-F2) to view all messages stored on your mail server, determine the infected message and delete it from the server (by setting the checkmark in the Delete column and clicking on execute). Regards, Markus -- Using The Bat! 1.54/10 under Windows NT 4.0 Build 1381 Service Pack 6 -- Archives : http://tbudl.thebat.dutaint.com Moderators : mailto:[EMAIL PROTECTED] TBTech List: mailto:[EMAIL PROTECTED] Unsubscribe: mailto:[EMAIL PROTECTED] Latest Vers: 1.53d FAQ: http://faq.thebat.dutaint.com
Re: Virus On Mail Check
Hi Andrew, On Friday, November 30, 2001, Andrew P Stenz wrote: APS When the Bat checks mail, it creates a temp file in APS Documents and settingsNameLocal Internet..Temp [...] APS found no other viruses. it only appers during those few secs APS when checking mail. APS Any ideas? What Markus said is one solution, but it's one that doesn't work for me. One account receives over 10 mb of mail a day, so that is polled every 5 minutes otherwise the inbox om the server is full. :( I have the same problem and I've been looking at the account that receives the virusses. In the log it says: +30-11-2001, 19:48:32: FETCH - connected to POP3 server +30-11-2001, 19:48:36: FETCH - authenticated (plain) *30-11-2001, 19:48:38: FETCH - 1 messages in the mailbox, 1 new !30-11-2001, 19:48:50: FETCH - [Inbox] could not store message (file name - C:\WINDOWS\TEMP\bat260.TMP) +30-11-2001, 19:48:51: FETCH - connection finished - 1 messages received *30-11-2001, 20:03:32: FETCH - receiving mail messages +30-11-2001, 20:03:32: FETCH - connected to POP3 server +30-11-2001, 20:03:32: FETCH - authenticated (plain) *30-11-2001, 20:03:33: FETCH - 1 messages in the mailbox, 1 new !30-11-2001, 20:03:34: FETCH - [Inbox] could not store message (file name - C:\WINDOWS\TEMP\bat3212.TMP) +30-11-2001, 20:03:34: FETCH - connection finished - 1 messages received And the log of mcAfee says: 30-11-2001 19:03 InfectedMarcel C:\WINDOWS\TEMP\BAT31F4.TMP W32/BadTrans@MM 30-11-2001 19:19 InfectedMarcel C:\WINDOWS\TEMP\BAT21E5.TMP W32/BadTrans@MM 30-11-2001 19:33 InfectedMarcel C:\WINDOWS\TEMP\BAT1202.TMP W32/BadTrans@MM 30-11-2001 19:33 InfectedMarcel C:\WINDOWS\TEMP\BAT1202.TMP W32/BadTrans@MM 30-11-2001 19:38 Deleted Marcel C:\WINDOWS\TEMP\BAT31F4.TMP W32/BadTrans@MM 30-11-2001 19:38 Deleted Marcel C:\WINDOWS\TEMP\BAT21E5.TMP W32/BadTrans@MM 30-11-2001 19:38 Deleted Marcel C:\WINDOWS\TEMP\BAT1202.TMP W32/BadTrans@MM 30-11-2001 19:38 Delete ErrorMarcel C:\WINDOWS\TEMP\BAT1202.TMP W32/BadTrans@MM 30-11-2001 19:48 InfectedMarcel C:\WINDOWS\TEMP\BAT260.TMP W32/BadTrans@MM 30-11-2001 19:48 Deleted Marcel C:\WINDOWS\TEMP\BAT260.TMP W32/BadTrans@MM 30-11-2001 20:03 InfectedMarcel C:\WINDOWS\TEMP\BAT3212.TMP W32/BadTrans@MM 30-11-2001 20:03 InfectedMarcel C:\WINDOWS\TEMP\BAT3212.TMP W32/BadTrans@MM 30-11-2001 20:03 Deleted Marcel C:\WINDOWS\TEMP\BAT3212.TMP W32/BadTrans@MM 30-11-2001 20:03 Delete ErrorMarcel C:\WINDOWS\TEMP\BAT3212.TMP W32/BadTrans@MM So mcAfee sees the virus in the On-Access-Scan, blocks the file, The Bat can't import the temp-file and ignores it, and then the temp file if deleted. I was worried too, but it seems that On-Access-Scanning and the bat are working well together grin I received over 50 infected mails in the last two days on only one account and thank God these two programs are doing their job. Yesterday one mail slipped by, but ZoneAlarm already renamed the extension, so no harm could be done :)) Hope this answers your question. -- Cheers, Marcel... PGP Key ID: 0xADB5413E PGP Key: mailto:[EMAIL PROTECTED]?Subject=SendPGPKey ... Some people lose their head just as easy as their hat. Using TB! v1.53d on Windows 98 4.90 Build 3000 (ME) -- Archives : http://tbudl.thebat.dutaint.com Moderators : mailto:[EMAIL PROTECTED] TBTech List: mailto:[EMAIL PROTECTED] Unsubscribe: mailto:[EMAIL PROTECTED] Latest Vers: 1.53d FAQ: http://faq.thebat.dutaint.com
Re: Virus On Mail Check
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Andrew, I wasn't completely right in my last message. I thought I got a lot of infected mail, but it seems that whenever The Bat is unable to access it's temp file, it leaves the original on the server. Great work in fact, this way you'll never lose a message, but on the other hand, now each time you collect mail, the infected message is retrieved again, and again and again. So Markus was right. After you've found out that an infected message is sent, delete it from the server manually, either by webmail, or the mail dispatcher. I only had two infected messages, and the first slipped by because McAfee was really slowing down my system and I had turned it off for a couple of minutes, to do some other things. The Bat was collecting mail at that moment (NARF). Last infected message stayed on the server, and caused alerts everytime The Bat was collecting, so it seemed that I had a lot of those things sent to me, but silly me. I was looking at the same message over and over again :(( Hope I got everything right this time. :) - -- Cheers, Marcel... PGP Key ID: 0xADB5413E PGP Key: mailto:[EMAIL PROTECTED]?Subject=SendPGPKey ... It is not death, it is dying that alarms me. Using TB! v1.53d on Windows 98 4.90 Build 3000 (ME) -BEGIN PGP SIGNATURE- Version: PGP 6.5i iQA/AwUBPAfu4JtVOcettUE+EQJs8gCeIzSKSn0E077uxvyLyqjfWDhBK78AoJEX W2SWLmARVp1NsUo5zCGIDQ0k =jr/Z -END PGP SIGNATURE- -- Archives : http://tbudl.thebat.dutaint.com Moderators : mailto:[EMAIL PROTECTED] TBTech List: mailto:[EMAIL PROTECTED] Unsubscribe: mailto:[EMAIL PROTECTED] Latest Vers: 1.53d FAQ: http://faq.thebat.dutaint.com
