My Party Virus: Did you get affected?

[civad]

Hi all!

I recd a virus that has an attachment that sends emails to all the people in your address book:

I am looking for more info. Anybody got that too??



Note: I usually do not open ANY .exe files that I receive by email. But I recd. 4 emails on my school account!!
I deleted them, the ONLY mistake I made was that I right clicked one of them to check its properties (As I do with most .exe files)
A good habit, I think, but not in this case. And I am cursing myself ever since

The stupid virus sent mails to ALL ppl with whom I had ever corresponded, including Customer Service Dept. at OD, OM, BB

 

sarc

 

[civad]

Thanks Sammy but I guess they dont know how to get rid of it tho :frown:

I am looking for info n McAffee as well...( I got NAV)



Info about the virus [Info on My Party Virus

 

[gopunk]

i just got one in my inbox. *shrug* do i have to open it for it to work or something? i got two messages after, that read:

Antigen for Exchange found www.myparty.yahoo.com matching =*.com file filter.
The file is currently Removed. The message, "new photos from my party!", was
sent from xxx and was discovered in xxx
located at xxx.

 

[gopunk]

ok, whoever made this one is stupid... text reads:



<< Hello!

My party... It was absolutely amazing!
I have attached my web page with new photos!
If you can please make color prints of my photos. Thanks! >>





i'm sorry, but the first thing that enters my mind is not to open the attachment, it's "print your own f*cking photos"

 

[Logix]

This thing is spreading pretty quickly around UC Berkeley. Some dumbass in my suite actually opened the attachment. Outlook XP won't even let me get at the attachment at all.

I grabbed a screenshot of Outlook.

 

[somethingwitty]

logix, you couldnt post the contents of the email entitled "Fwd: virus removal"

it actually would help-I just worked on a friends system and I want to make sure I took care of it correctly...

thanks

 

[civad]

I originally recd. the email from some student at the U of Illinois (guess what: my students' email account is clogged now)

<<Some dumbass in my suite actually opened the attachment>>

I guess I am one then (thoug I didnt actually run the .exe file)

Speaking of screenshots: here's what my mailbox looks like now after all those returned messages ( I got 110-0dd failed deliveries!!!)


My clogged mailbox

 

[Logix]

Here's the link given in that email:

http://vil.mcafee.com/dispVirus.asp?virus_k=99332&

It's useless to me since I have NAV, but there ya go.

 

[somethingwitty]

thanks anyways-my friend was running norton corp., so that didnt help her.

Personally, my method of removal was to yank the ethernet cable, power off the system after checking msconfig and the registry for any obvious changes (no normal shutdown, since regctrl.exe was running and i was worried about the effects of closing it), boot it back up, hit f8, go to command prompt, cd recycled, del regctrl.exe, reboot into windows, tell her (since i wasnt sure i was done) to keep the cable out till after classes tomorrow/today now then try running liveupdate and hoping norton's caught up with mcafee by then.

 

[SackOfAllTrades]

<< it's "print your own f*cking photos" >>


Damn right!

 

[minendo]

I have no received it from 4 different people from my school. I have never heard of anyone of them and I doubt its because I am in there address book.

 

[Arschloch]

Here's an easy solution:

Don't use Outlook or Outlook Express anymore.

It seems that the majority of new big virii exploit those mail readers. After virus after virus, wouldn't you think people would learn to just use another mail client???

 

[gopunk]

It seems that the majority of new big virii exploit those mail readers. After virus after virus, wouldn't you think people would learn to just use another mail client???

or just get a clue in general... i don't switch, but that's because i never get infected.

 

[Arschloch]

<< or just get a clue in general... i don't switch, but that's because i never get infected. >>


Also good advice, but the problem is that 95% of the people who DON'T read the AT forums probably don't have a clue.

I sent an email to one of the head IT guys in my company a couple of weeks ago after he mailed out a couple of virus warnings. I asked him the same question: Why don't you just make everyone switch to another mail client? Since my company is NOT an IT / Tech-type company, most of the people here aren't the most astute computers users, so I imagine virii might be a problem here. Well, the guy didn't respond. I'm guessing he thought I was trying to tell him how to do his job or something. Some people are really dumb.

 

[gopunk]

Well, the guy didn't respond. I'm guessing he thought I was trying to tell him how to do his job or something. Some people are really dumb.

maybe he's still trying to figure out why he can't check his email by putting his email address in the address bar of IE

 

[LuckyTaxi]

oh no...not another one of these

 

[Freejack2]

From: Windows NTBugtraq Mailing List [mailto:NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM] On Behalf Of Russ
Sent: Monday, January 28, 2002 8:45 AM
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
Subject: Alert: W32/Myparty-mm on the loose

Be aware that this morning you will likely find a copy of this new mass
mailer in your mail systems. This is a pure social engineering attack,
it contains an attachment named as a URL with a .com extension. Since
.com is also an application, it will be run as such if its
double-clicked on. Check with your AV company for updates and/or
filtering criteria. If you can, be sure you have attachment filtering
enabled at your mail gateway. Outlook Email Security Update, and Outlook
2002, both catch this attachment and prevent it from being available for
the user to click on.

Cheers,
Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor

oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
Delivery co-sponsored by VeriSign - The Internet Trust Company
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
FREE E-COMMERCE SECURITY INFRASTRUCTURE GUIDE
When building an e-commerce site, you want to start with a strong, secure
foundation. Learn how with VeriSign's FREE White Paper, "Building an
E-Commerce Trust Infrastructure." See how you can authenticate your site to
customers, use 128-Bit SSL encryption to secure your web servers, and accept
secure payments online. Click here:
http://www.verisign.com/cgi-bin/go....ooooooooooooooooooooooooooooooooooooooooooooo

 

[jjones]

great another dumbass virus that will be sent to me by all the dumbasses that have my e-mail. more useless sh!t i can look forward to d/l.

here's a useless question: why do all the same people always send me the latest, greatest virus? you think they would learn.

 

[Arschloch]

<< here's a useless question: why do all the same people always send me the latest, greatest virus? you think they would learn. >>


When they aren't looking, sit down in front of their computers and do the following:

Start -> Settings -> Control Panel -> Add/Remove Programs -> Outlook / Outlook Express

 

[jjones]

<<
Here's an easy solution:

Don't use Outlook or Outlook Express anymore.
>>


i use outlook express, receive virii several times every single day. i've never been infected even once. it has nothing to do with outlook; it has to do with the idiots using computers.

 

[Arschloch]

<<

<<
Here's an easy solution:

Don't use Outlook or Outlook Express anymore.
>>


i use outlook express, receive virii several times every single day. i've never been infected even once. it has nothing to do with outlook; it has to do with the idiots using computers. >>


Of course! I agree with you -- people who know what they're doing are fine with Outlook (Express).
It's just that the VAST majority of people don't know what they're doing. THOSE are the people who should be cut off.

 

[jjones]

<<
When they aren't looking, sit down in front of their computers and do the following:

Start -> Settings -> Control Panel -> Add/Remove Programs -> Outlook / Outlook Express
>>


were that only possible.

actually, i wish you could just nuke somebody out of their chair through irc or icq; or send an e-mail attachment that would blow up their computer.

 

[civad]

<<
Here's an easy solution:

Don't use Outlook or Outlook Express anymore.>>


Guess what??

I used Eudora, and still got infected...

 

[CurtisBilly]

I don't think I clicked the link, but I don't remember, is there a log anywhere to know if you propagated it on to your contacts (my worst fear)? If you had the virus, would you see all the emails you sent with the same topic in your sent box or would it be sending these emails "behind the scenes".