Virus Warning
06-09-2003, 01:54 AM
#1
Racer
Thread Starter
Join Date: Jun 2001
Location: USA
Posts: 391
Likes: 0
Received 0 Likes
on
0 Posts
Virus Warning
To All (Jeff Curtis in particular) -
Someone sent me a mail today that was seemingly intended for Jeff Curtis. The sender's e-mail is heyjimmy911@air-tite.com. The mail appeared innocuous and discussed the purchase of a bra for a 911. However, there was a script attached to the e-mail (called weirdly enough "2ndTammyLicenseRevocation.doc.scr") which in turn loaded an executable called bepc.exe when I opened the e-mail. This executable immediately unleashed itself on my hard drive. I believe I was able to terminate the process before any damage occured, however I am unsure at this moment. Beware of this e-mail as it may have been sent to others as well.
Jeff - I don't know what this was about, and you may be a victim yourself. If you know this guy you might let him know that he is distributing virus material through his e-mail.
Someone sent me a mail today that was seemingly intended for Jeff Curtis. The sender's e-mail is heyjimmy911@air-tite.com. The mail appeared innocuous and discussed the purchase of a bra for a 911. However, there was a script attached to the e-mail (called weirdly enough "2ndTammyLicenseRevocation.doc.scr") which in turn loaded an executable called bepc.exe when I opened the e-mail. This executable immediately unleashed itself on my hard drive. I believe I was able to terminate the process before any damage occured, however I am unsure at this moment. Beware of this e-mail as it may have been sent to others as well.
Jeff - I don't know what this was about, and you may be a victim yourself. If you know this guy you might let him know that he is distributing virus material through his e-mail.
06-09-2003, 04:42 AM
#2
Drifting
I would suggest Jon that if you have an anti virus scanner that you use it immeadiately, if not then get one.
you can seldom terminate a virus yourself, even by the time you can turn your PC off, it will prbably have replicated itself somewhere else on your system.
Oh and another thing, anything with a double extension is usually malicious, its a form of hiding itself, as you've found out...
I've checked my AV and nothing of that name is listed, nor on Symantecs website.
I suggest you have a quick scan before doing anything else, then D/L spybot S&D to clear up the rest of what could be a mess underneath all of that.
Jon, try this :- <a href="http://www.sophos.com/virusinfo/analyses/w32bugbearb.html" target="_blank">http://www.sophos.com/virusinfo/analyses/w32bugbearb.html</a>
and see if any of it rings a bell. Don't want to scare monger but the latest virii are pretty nasty.
Kevin
you can seldom terminate a virus yourself, even by the time you can turn your PC off, it will prbably have replicated itself somewhere else on your system.
Oh and another thing, anything with a double extension is usually malicious, its a form of hiding itself, as you've found out...
I've checked my AV and nothing of that name is listed, nor on Symantecs website.
I suggest you have a quick scan before doing anything else, then D/L spybot S&D to clear up the rest of what could be a mess underneath all of that.
Jon, try this :- <a href="http://www.sophos.com/virusinfo/analyses/w32bugbearb.html" target="_blank">http://www.sophos.com/virusinfo/analyses/w32bugbearb.html</a>
and see if any of it rings a bell. Don't want to scare monger but the latest virii are pretty nasty.
Kevin
06-09-2003, 05:45 AM
#3
Racer
Thread Starter
Join Date: Jun 2001
Location: USA
Posts: 391
Likes: 0
Received 0 Likes
on
0 Posts
Yes your suspicions are correct. Its bugbear. Bug bear inserts itself in your startup folders giving a ????.exe name where ? is any letter it chooses - in my case bepc.exe. McAfee killed it. Because it sends out e-mail on your behalf, and uses your address book, it probably found my address in Jeff's book, and sent me something that Jeff had received from someone else (the HeyJimmy911 person.
Thanks kevin for the info.
jon
Thanks kevin for the info.
jon
06-09-2003, 07:12 AM
#4
Race Car
Yup, it happened this AM...I got a weird email from someone on Rennlist and the same deal...I opened the attachment because it appeared it was clean. <img border="0" alt="[ouch]" title="" src="graemlins/c.gif" />
...after all, I do keep my Norton Antivirus updated - but it didn't catch it!
Immediately my computer was busy as hell, you could hear the hard drive churning away, etc.
I knew something was up. <img border="0" alt="[grrrrrrr]" title="" src="graemlins/cussing.gif" />
HeyJimmy911 is a buddy of mine in Chicago, although his email address does not end in "air-tite.com - that's my friend Paul in Virginia Beach!!
I tried several times to startup Norton and it would go away after a few seconds...was PISSING ME OFF!
Anyway, got the bright idea to go to <a href="http://www.mcafee.com" target="_blank">www.mcafee.com</a> and started reading about the "latest" virus...Bug-a-Bear seemed the culprit so I downloaded the "Stinger" program and it removed it.
SO...guess I'll fess up, kinda embarrassing as I wouldn't think I would distribute a virus being that I'm kind of an egghead and all.
Damn...there ya go, I'm PUTZ for the day. <img border="0" title="" alt="[Frown]" src="frown.gif" />
...after all, I do keep my Norton Antivirus updated - but it didn't catch it!
Immediately my computer was busy as hell, you could hear the hard drive churning away, etc.
I knew something was up. <img border="0" alt="[grrrrrrr]" title="" src="graemlins/cussing.gif" />
HeyJimmy911 is a buddy of mine in Chicago, although his email address does not end in "air-tite.com - that's my friend Paul in Virginia Beach!!
I tried several times to startup Norton and it would go away after a few seconds...was PISSING ME OFF!
Anyway, got the bright idea to go to <a href="http://www.mcafee.com" target="_blank">www.mcafee.com</a> and started reading about the "latest" virus...Bug-a-Bear seemed the culprit so I downloaded the "Stinger" program and it removed it.
SO...guess I'll fess up, kinda embarrassing as I wouldn't think I would distribute a virus being that I'm kind of an egghead and all.
Damn...there ya go, I'm PUTZ for the day. <img border="0" title="" alt="[Frown]" src="frown.gif" />
