Is this a virus?

[BoomAM]

Hi.
I just got an email off my old net provider, who i still access email off, who have been brought out by my ADSL provider.
It said it was from lineone@management.com.
I thought fine, odd that it wasnt from Tiscali like all Lineone updates.
It said that my email would be out for 2 days, and to run the attached file to enable auto forwarding of my stuff, it was a *.pif file. I was a bit hesistant, but avg said it was fine.
A few mins later, i got another mail, exactely the same content, but from go@management.com, i thought, eh up, a virus.
So i scanned my PC, and found 14 virus, all in the same directory, so i deleted them.
Im running a complete test now, and its found a further 2 virus on C:

Does anyone know of this virus? Can you point me to the symantec virus info on this virus?

After running AVG completely, im gonna run the TrendMicro online scanner, then the Symantec one as well just to be sure.

 

[zimu]

virus

sorry somehow submitted before writing more...


to check virus stuff definitely use the symantec system check. pif files are generally viruses if sent by email. the symantec site will tell you what the virus is as well as how to fix it.

 

[minendo]

Definite virus.

http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.h@mm.html

 

[PanzerIV]

Yes, as Zimu said it's a virus that tried to make an appearance here too.

 

[BoomAM]

Dont think its that virus.
None of the characteristics are consistant to what i got.

 

[Night201]

Actually, I think it sounds more like Netsky. My email server has been sending me lots of warning of incoming messages infected with the Netsky virus that have .pif attachments.

 

[Hubris]

Yeah, it sounds like Netsky to me, which is the new one that's been going around. One of the funnier viruses, as it'll play sound via your computer speaker (the one in your case) on Tuesday mornings during March, but at no other time. Course, it's also a mass-mailer, which is less fun.

 

[XZeroII]

sounds more like a bacteria infection. Drink plenty of fluids and get plenty of rest.

 

[labrat25]

i got it this morning too... sorry

 

[joinT]

My employer got a similar email. Note I changed the domain.

----- Original Message -----
From: <support@nottherealdomain.org>
To: <contact@nottherealdomain.org>
Sent: Wednesday, March 03, 2004 1:33 PM
Subject: E-mail account disabling warning.


Hello user of nottherealdomain.org e-mail server,

Our main mailing server will be temporary unavaible for next two days, to continue receiving mail in these days you have to configure our free auto-forwarding service.

Please, read the attach for further details.

Attached file protected with the password for security reasons. Password is 55186.

Cheers,
The nottherealdomain.org team
http://www.nottherealdomain.org
--------------------------------

AVG didn't find anything on the attachment, which was an .exe file - but it's obviously a virus, because I AM the nottherealdomain.org TEAM. Now I'm worried that someone's managed to access a .pl script and use it to spam us with virus' - since it used 2 nottherealdomain.org email addresses and I haven't yet had an opportunity to replace that crappy Matt's script with an NMS one. Guess that becomes high priority now.

 

[Entity]

Yes, it's a worm. I forget which one -- I got it yesterday, but if you google the language on google groups it'll tell you.

Rob

 

[eigen]

It the Beagle.J virus.

 

[OffTopic1]

W32.Netsky.D@mm
"Due to an increased rate of submissions, Symantec Security Response has upgraded W32.Netsky.D@mm from a Category 3 to a Category 4 as of March 1, 2004.

W32.Netsky.D@mm is a mass-mailing worm that is a variant of W32.Netsky.C@mm. The worm scans drives C through Z for email addresses and sends itself to those that are found.

The Subject, Body, and Attachment names vary. The attachment will have a .pif file extension."

Removal Tool

 

[PELarson]

"unavaible"

In an email message response to the question whether this was a virus the gentleman pointed out to the user that we know how to spell "available".

 

[Kyteland]

I got this one

Hello user of Uiuc.edu e-mail server,

Your e-mail account will be disabled because of improper using in next
three days, if you are still wishing to use it, please, resign your
account information.

For more information see the attached file.

In order to read the attach you have to use the following password: 65016.

Best wishes,
The Uiuc.edu team http://www.uiuc.edu

It was W32.Beagle.J@mm

 

[BoomAM]

Originally posted by: eigen
It the Beagle.J virus.

Correct.
Im ran the TrendMicro House Call, removed it, then DLed the Beagle Remover tool from Symantec.
I gonna run a complete system virus check with the TrendMicro HouseCall thing tomorrow when i go college. I`d run it now, but 200gb takes a while to scan!