It sounds like Magistr to me. It sends out messages whose subjects are taken from bits of text found in documents on the infected PC.
-Peter -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Saturday, December 22, 2001 10:42 To: Exchange Discussions Subject: RE: Possible Trojan. YEs. I noticed that and had left a message for them to tell me the "7" viruses that were detected but I have not heard back yet.....Everyone busy doing something else I guess (except me).... -----Original Message----- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Saturday, December 22, 2001 9:13 AM To: Exchange Discussions Subject: RE: Possible Trojan. OK, the most important question of all was left out...What virus was found?? Saying its just a virus is no good to anyone... Head over too http://housecall.antivirus.com/housecall/start_corp.asp and do a scan on the machine. Come back and tell us what it is. Many virus's today cannot be cleaned with a simple scan and require additional work. If we can find out what the user has, we may be able to point you to the correct tool. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Saturday, December 22, 2001 7:11 AM To: Exchange Discussions Subject: Possible Trojan. I have an outside client experiencing what appears to be a Trojan on their machine. I had them update their Antivirus (Norton) and perform a scan but there still appears to be something wrong. I originally noticed the problem because they were sending random *.exe files to my network...which get deleted immediately (Exch 5.5 with Antigen 6.2). I contacted the user and determined there was a problem. Following is a description of the problem as stated by the user: (Any input would be greatly appreciated). -------------------start "We are using Windows 98. we ran an updated Norton and found it to be a virus. It appears to be more than one. We quarantined it and all was repaired but 7 files marked as window/command files and window/cab files and it shows them as exe. We sent them to Symantec to analyze. We are also receiving mail from others, whom we do not know, who are also having problems and are trying to write for assistance to someone. For some reason, the mail is coming here. The email that it shows as being sent to on these letters is [EMAIL PROTECTED] rather than our true email of [EMAIL PROTECTED] We have our outgoing mail as Dale, Paula and Family and that mail is coming in as [EMAIL PROTECTED]; Paula and Family. It is very odd. This is even after we have finished with the virus scans and cleaned the PC. One last thing also, maybe it will make sense to you. We received a piece of mail, that was apparently from a persons "yahoo" auto response box stating that he was out of town, (set probably so his box wouldn't fill while he was gone) no attachments, no nothing, but yet we received it FROM him. Many of the subject fields, including the yahoo one, have sentences taken from my resume which I have saved in my scanner files and Microsoft Word. It would seem, if I fixed most of the virus and quarantined ALL of it, I shouldn't be having this problem. We are currently looking for where we put our CD with the firewall on it. We DEFINITELY agree with you on this as well. Thank you VERY much, this has been confusing. We recently re-formatted our PC and would hate to have to do it all over again." -------------------end Thanks for your time, Brian Murphy The information in this email is confidential. Please do not forward this information or replicate this information in any manner without prior approval from the original sender. Thank you for your cooperation. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] ______________________________________________ This message is private or privileged. If you are not the person for whom this message is intended, please delete it and notify me immediately, and please do not copy or send this message to anyone else. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]