Beware... have you seen this email recently?

[Waterman 0]

If you see an email in your inbox with address "support@microsoft.com", I've been told it's a virus. I recieved it twice today and deleted them quickly. I have heard one or two talk about it but just wondered who else has seen it?

Cheers,

Waterman.

[PitViper 0]

its a worm called Palyh-A.

[Waterman 0]

</span><table border="0" align="center" width="95%" cellpadding="3" cellspacing="1"><tr><td>Quote (PitViper @ 21 May 2003,19:19)</td></tr><tr><td id="QUOTE">its a worm called Palyh-A.<span id='postcolor'>

whan on earth is that? It doesn't sound to nice anyway...

Waterman.

[theavonlady 2]

I received one. Norton AV quarantined it right away.

[Albert Schweitzer 10]

So far I believe that all software that was made by Microsoft  is a piece of Virus. It just depends on how you look at it. .

----------------------------------------------------------------------

Symptoms

Presence of following files in Windows folder:

msccn32.exe

hnks.ini

Presence of the process: msccn32.exe

Presence of registry key:

HKEY\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\System Tray = "msccn32.exe"

Presence of msccn32.exe in:

Windows\All Users\Start Menu\Programs\StartUp for Windows 9x

Documents and Settings\All Users\Start Menu\Programs\Startup for Windows 2000, XP

Technical description

This mass mailer spreads itself via email, as an attatched file with one of the following names:

your_details.pif

ref-394755.pif

approved.pif

password.pif

doc_details.pif

screen_temp.pif

screen_doc.pif

movie28.pif

application.pif

The email is fakely sent from support@microsoft.com, has "All information is in the attached file." in body, and the subject is one of the following:

Your details

Approved (Ref: 38446-263)

Re: Approved (Ref: 3394-65467)

Your password

Re: My details

Screensaver

Cool screensaver

Re: Movie

Re: My application

Once executed the malware copyes itself in %windows% (i.e. C:\WINNT) and gives control to that copy. It searches the whole hard disk for email addresses contained in files with the following extensions: wab, dbx, htm, html, eml, txt.

Removal instructions

manual removal: kill the process msccn32, delete msccn32.exe and hnks.ini from windows directory and from StartUp; after that remove this

key: "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\System Tray"

automatic removal: let BullGuard disinfect or use the free removal tool provided by BullGuard!

[bn880 5]

Yes, I recommend to everyone if you don't have a virus checker, get one. Norton Antivirus is very good.

Then if you accidentally open one of these moronic e-mails you will be protected...

[Devil 0]

Oh shit, are you kidding me? I downloaded the password.pif file and ran it, but it didn't do anything. Going to run an AVG virus scan now.

[Tovarish 0]

</span><table border="0" align="center" width="95%" cellpadding="3" cellspacing="1"><tr><td>Quote (Devil @ 22 May 2003,00:17)</td></tr><tr><td id="QUOTE">Oh shit, are you kidding me? I downloaded the password.pif file and ran it, but it didn't do anything. Going to run an AVG virus scan now.<span id='postcolor'>

You open files people you don't know e-mail to you?

wow....just...wow

[Devil 0]

For your information, I'm not a complete moron and I don't even OPEN the letters that I don't know who they are from. But since the letter was from Microsoft and I recently contacted them, then I thought I can trust them! So much for MS!

[Tovarish 0]

Fair enough . Sorry, didn't mean to be an asshole there.

[Devil 0]

No I am always quite a jerk myself to computer newbies

[DracoPaladore 0]

</span><table border="0" align="center" width="95%" cellpadding="3" cellspacing="1"><tr><td>Quote (Waterman @ 21 May 2003,20:04)</td></tr><tr><td id="QUOTE">support@microsoft.com<span id='postcolor'>

I knew microsoft was trying to take over all computers around the globe. Buttt.....?

[Mister Frag 0]

It's trivial to forge the sender's e-mail address. The SMTP specification allows you to put anything you want as the "From" and "Reply-To" address.

[bn880 5]

Yes and still if you do not expect an e-mail from some company you don't have to open it. Most trojans will be sent with the senders addresses clearly not of someone you know and the message titles are really silly. The worst are the trojans or worms that attach themselves to your friends e-mail, so beware if you exchange e-mails with someone you just met, someone you know that got a new account, or anyone who is kind of a newb at "computers".

It's not that hard...

[CuteQA 0]

Why those damn people keep wasting time writting virus instead of using their knowledge to do something good for all mankind

[Guest]

</span><table border="0" align="center" width="95%" cellpadding="3" cellspacing="1"><tr><td>Quote (Tovarish @ 22 May 2003,00:22)</td></tr><tr><td id="QUOTE">You open files people you don't know e-mail to you?<span id='postcolor'>

Just because you know the sender..that's no guarrantee either. Like the "I Love You" virus. If you got a email from your boss with that as the subject line......beware!

[ralphwiggum 6]

an easy prevention to certain degree is to disable preview mode and NOT use MS products like Outlook. I use Eudora, or if possible, PINE.

[VXR 9]

ive received 2 of them , didnt open it

[Warin 0]

</span><table border="0" align="center" width="95%" cellpadding="3" cellspacing="1"><tr><td>Quote (RalphWiggum @ 22 May 2003,07:02)</td></tr><tr><td id="QUOTE">an easy prevention to certain degree is to disable preview mode and NOT use MS products like Outlook. I use Eudora, or if possible, PINE. <span id='postcolor'>

Woohoo PINE

One of my faves from the good old days of shell accounts! So easy and flexible!

I just make it a policy to never open any attachment from anyone. Unless of course I email myself a file from work

[benu 1]

The real simple solution against all this virus/worms stuff is: use a mailreader to read your mail. And MS-OLE/DCOM-SHIT like outlook express is NOT a mailreader. No mailreader should be able to process code. I still do not understand why there are exploits for ms media player where MOVIES run CODE on your system... why does a movie player has to have the ability to run CODE out of media files? The answers: it hasn't, but does so anyway. Same with oe. Use a decent mailreader and all your virus troubles are gone.

[Waterman 0]

I use www.mail2web.com. Is that what you call a "mail reader"? Im getting a bit suspicious because my comp is really acting wierd, especially with OFP. I always loose conection, the sounds goes all wierd, the computer gives me errors all the time etc...

I think I might have to re-format my computer... Hopefully it wasn't this virus that caused it... just other things.

Do any of yous know a good virus or email checker that I could download for free? And not a trial version...

Cheers,

Waterman.

[bn880 5]

Why those damn people keep wasting time writting virus instead of using their knowledge to do something good for all mankind

Partly because it's much easier to write a virus than to write a piece of software that is useful and accepted by people. I challange anyone writing viruses to create a virtual battlefield system. Bet you can't.

It's intertwined with the fact that people want to get attention, and this way it's easier. (every person writing a virus for kicks will bragg about it eventually to be admired by their friends)

[DestroyerX 0]

If you see an email in your inbox with address "support@microsoft.com", I've been told it's a virus.  I recieved it twice today and deleted them quickly.  I have heard one or two talk about it but just wondered who else has seen it?

Cheers,

Waterman.

Thanks for the warning.

[benu 1]

Waterman: I'm not sure about "good and free" but you can try

F-Prot or Free-AV, those are "free"...