On Sat, 28 Jul 2001 20:47:52 -0400, Glenn McCorkle wrote:
<snip>
> I just got it. :(
> It was disguised as "T E L E F A X M E S S A G E.doc.pif"
> (was saved by insight/Arachne into l:\arachne\cache\t_e_l_e_.")
> [no file extension]
> It did no damage to *my* system because....
> - ---This program must be run under Win32
<snip>
--- updated info ---
My old .DEF files for F-prot showed no infected files on my system.
I just now D/Led the newest virus definition files for F-prot.
Here's what it now reports concerning
"T E L E F A X M E S S A G E.doc.pif"
Virus scanning report - 29. July 2001 17:49
F-PROT 3.09
SIGN.DEF created 19. July 2001
SIGN2.DEF created 18. July 2001
MACRO.DEF created 2. April 2001
Search: c:\!
Action: Report only
Files: "Dumb" scan of all files
Switches: /ARCHIVE /PACKED /COLLECT /BEEP /REPORT=c:\!exts.txt /NOHEUR
No viruses found in memory.
No viruses were found in MBRs or hard disk boot sectors.
C:\!\T_E_L_E_.EXE Infection: W95/Sircam.worm@mm
Results of virus scanning:
Files: 1
MBRs: 2
Boot sectors: 11
Objects scanned: 14
Infected: 1
Suspicious: 0
Disinfected: 0
Deleted: 0
Renamed: 0
Time: 0:06
____________________
So, I was mistaken. It wasn't the Hybris worm after-all.
It's the "sircam" worm.
--
Glenn
http://arachne.cz/
http://freedos-32.sourceforge.net/
http://www.delorie.com/listserv/mime/
http://www.angelfire.com/id/glenndoom/download.htm
