> |->http://www.cybertime.net/sven.html > > Thats acutally part of the payload what you have there. I had some time > and just ran strings over the exe file and saw all the qmail stuff as part > of the payload so when it sends itself out it uses the qmail info in body > of the mail. > > All sorts of interesting stuff in there.
Yes, I have a few of the other versions too. And a machine that was killed by it. I think the machine was made a deader by a side effect. User had all sorts of problems after the virus launched, so he tried a recovery disk his anti virus had made. The partition table was munged, all data lost. His directory and drive names had high bit ASCII in them, and the partition was listed as 8GB when the drive is like a 36GB. I think he used an outdated recovery, one for a different machine (he has 2), or it failed the recovery. Any of those three would corrupt the FAT and partitions the way they were. --Eric
