Hello Preston,
Monday, July 02, 2001, 3:21:30 PM, you wrote:
P> Hello Mark (or is it Paul?),
P> Thursday, June 28, 2001, 3:20:18 PM, you wrote:
MB>> Hello BatList,
MB>> --
MB>> Have Great Day, Mark Brown
MB>> ������[ WWW.MARKBROWN.COM ]������
MB>> Using The Bat! 1.52f
MB>> Windows NT 4.0 Build 1381
MB>> Service Pack 4
P> Was this an attempt to submit a Virus/trojan AND spam?
Maybe I'm overdoing here but anyway:
My PC Cillin repported a virus in the Attach folder of my TB directory. The
virus was quaranteed and upon sending it to the PC Clillin's analyzing team
I've got this ( including the file which fixes everything if the virus was
maybe was already executed etc ) :
----------------
Dear Customer,
Thank you for contacting the Virus Doctor @ Trend Micro. We
received your
e-mail with attachment.
The file you send us has been detected as PE_Magistr.A by our
Trend
InterScan.
PE_MAGSITR.A is a per-process, memory-resident, polymorphic virus
that is
similar to TROJ_MTX.A. It uses complex routines and anti-debugging
techniques, which make it very difficult to analyze. It has both a
virus
component and a Trojan component that infect the local system as
well as all
files with .EXE and .SCR extensions. Upon execution, this Trojan
infects
Windows System files and then sends infected files via MS
Outlook/Outlook
Express/Netscape Navigator to all addresses listed in the infected
user's
Windows and Outlook Express address book. Its destructive payload
trashes
the primary hard disk drive controller, overwrites CMOS RAM, and
erases
flash memory (BIOS). Due to its polymorphic nature the email that
this
Trojan comes with does not have a static subject line, message
body, or
attachment filename.
To be able to clean all detected files, please run the attached
tool. Before
running the tool, read the readme.txt first for instructions.
Below is the hyperlink which describes PE_MAGISTR.A.
<http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=PE_MAGISTR.A
>
To get rid of a Trojan, simply delete the program.
Please update your pattern file and scan engine regularly to keep
you safe
from virus attack.
Download the latest pattern at this site:
<http://www.antivirus.com/download/pattern.asp>
Download the latest scan engine at this site:
<http://www.antivirus.com/download/engines>
If you have any other inquiries, please feel free to contact us.
Thank you
and have a nice day!
Sincerely,
Emmy Lou D. Dy
Virus Watch Team, AntiVirus Group
TrendLabs, Trend Micro, Inc.
URL: http://www.antivirus.com/
================ Additional Resources =================
Weekly Virus Report:
http://www.antivirus.com/Trendsetter/virus_report/default.htm
Virus Encyclopedia:
http://www.antivirus.com/vinfo/virusencyclo/default.asp
Solution Bank:
http://solutionbank.antivirus.com/solutions/solutionSearch.asp
HouseCall (free scanner):
http://www.trend.com/free_tools/default.htm
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]
Sent: None
To: US PCC Doctor
Subject: Virus Submission from PCC6 User.
PCEW-0019-9479-8502-2362 serial number
[Registration]
First_Name=Dragan Ruzic
[EMAIL PROTECTED]
PCC601=111064
[EMAIL PROTECTED]
[UPDATE]
;--- Title
TITLE=PC-cillin v6.072
;--- Program 1(Main, I/O monitor, else...)
PROGRAM=16
PROGRAM_SIZE=
;--- Engine(VSAPI32.VxD)
ENGINE=19
ENGINE_SIZE=284518
;--- Filter32.VxD
FILTER=18
FILTER_SIZE=29471
;--- VBSCAN
VBSCAN=10
VBSCAN_SIZE=
;--- Pattern
PATTERN=907
PATTERN_SIZE=853808
;--- Readme
RELEASE=7
RELEASE_SIZE=
------------------------------
--
Kind regards,
Homesick Mac
http://www.homesickmac.com
Homesick Mac
mailto:[EMAIL PROTECTED]
--
______________________________________________________
Archives : <http://tbudl.thebat.dutaint.com>
Moderators : <mailto:[EMAIL PROTECTED]>
TBTech List: <mailto:[EMAIL PROTECTED]>
Unsubscribe: <mailto:[EMAIL PROTECTED]>
You are subscribed as : [email protected]
