Virus W32.Sobig.C@mm from 3be15be7@news.softvelocity.com 
Author Message
 Virus W32.Sobig.C@mm from 3be15be7@news.softvelocity.com

Hi all,


called application.pif with the subject of "Approved"

Since the return path points to the SV newsserver, I thought I'd post
this here in case someone is having a virus problem...  Here is the
complete header information:


Received: from CDVAIO (w162.z066088103.bna-tn.dsl.cnc.net
[66.88.103.162])
        by ike.siteprotect.com (8.11.6/8.11.6) with ESMTP id
h53F2Qn22852




Subject: Approved
Date: Tue, 3 Jun 2003 10:01:01 --0500
Importance: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MSMail-Priority: Normal
X-Priority: 3 (Normal)
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="CSmtpMsgPart123X456_000_000EF812"
Status:  O
X-PMFLAGS: 570949760 0 1 P44C50.CNM

Best regards,

Arnr Baldvinsson
Icetips Software        
San Antonio, Texas, USA
www.icetips.com

Subscribe to information from Icetips.com:
http://www.*-*-*.com/



Sat, 19 Nov 2005 23:12:22 GMT  
 Virus W32.Sobig.C@mm from 3be15be7@news.softvelocity.com
Hi all,


Quote:


>called application.pif with the subject of "Approved"

The attachment was actually screensaver.scr - sorry about that.

Best regards,

Arnr Baldvinsson
Icetips Software        
San Antonio, Texas, USA
www.icetips.com

Subscribe to information from Icetips.com:
http://www.icetips.com/getnotificationinfo.htm



Sat, 19 Nov 2005 23:16:04 GMT  
 Virus W32.Sobig.C@mm from 3be15be7@news.softvelocity.com
Got that on our e-mail server today as well and it was with the
application.pif attachment.  fortunately we don't open attachments like
that.

--
John C. Errington
Supreme Foods


Quote:
> Hi all,


> called application.pif with the subject of "Approved"

> Since the return path points to the SV newsserver, I thought I'd post
> this here in case someone is having a virus problem...  Here is the
> complete header information:


> Received: from CDVAIO (w162.z066088103.bna-tn.dsl.cnc.net
> [66.88.103.162])
> by ike.siteprotect.com (8.11.6/8.11.6) with ESMTP id
> h53F2Qn22852




> Subject: Approved
> Date: Tue, 3 Jun 2003 10:01:01 --0500
> Importance: Normal
> X-Mailer: Microsoft Outlook Express 6.00.2600.0000
> X-MSMail-Priority: Normal
> X-Priority: 3 (Normal)
> MIME-Version: 1.0
> Content-Type: multipart/mixed;
> boundary="CSmtpMsgPart123X456_000_000EF812"
> Status:  O
> X-PMFLAGS: 570949760 0 1 P44C50.CNM

> Best regards,

> Arnr Baldvinsson
> Icetips Software
> San Antonio, Texas, USA
> www.icetips.com

> Subscribe to information from Icetips.com:
> http://www.icetips.com/getnotificationinfo.htm



Sat, 19 Nov 2005 23:26:34 GMT  
 Virus W32.Sobig.C@mm from 3be15be7@news.softvelocity.com
I got the same virus after i do posting on the news group.


Quote:
> Hi all,




> >called application.pif with the subject of "Approved"

> The attachment was actually screensaver.scr - sorry about that.

> Best regards,

> Arnr Baldvinsson
> Icetips Software
> San Antonio, Texas, USA
> www.icetips.com

> Subscribe to information from Icetips.com:
> http://www.icetips.com/getnotificationinfo.htm



Sat, 19 Nov 2005 23:29:37 GMT  
 Virus W32.Sobig.C@mm from 3be15be7@news.softvelocity.com
I got it too but the attachment was named submited.pif

--
Brad Kunkel
Integrated Business, Inc.


Quote:
> Hi all,


> called application.pif with the subject of "Approved"

> Since the return path points to the SV newsserver, I thought I'd post
> this here in case someone is having a virus problem...  Here is the
> complete header information:


> Received: from CDVAIO (w162.z066088103.bna-tn.dsl.cnc.net
> [66.88.103.162])
> by ike.siteprotect.com (8.11.6/8.11.6) with ESMTP id
> h53F2Qn22852




> Subject: Approved
> Date: Tue, 3 Jun 2003 10:01:01 --0500
> Importance: Normal
> X-Mailer: Microsoft Outlook Express 6.00.2600.0000
> X-MSMail-Priority: Normal
> X-Priority: 3 (Normal)
> MIME-Version: 1.0
> Content-Type: multipart/mixed;
> boundary="CSmtpMsgPart123X456_000_000EF812"
> Status:  O
> X-PMFLAGS: 570949760 0 1 P44C50.CNM

> Best regards,

> Arnr Baldvinsson
> Icetips Software
> San Antonio, Texas, USA
> www.icetips.com

> Subscribe to information from Icetips.com:
> http://www.icetips.com/getnotificationinfo.htm



Sun, 20 Nov 2005 00:32:40 GMT  
 Virus W32.Sobig.C@mm from 3be15be7@news.softvelocity.com
Bizarrely I got one that looked to all intents and purposes like it (I'd
just read the Sophos report on it about 5 emails earlier) except there was
no attachment???

--
Ian Holdsworth
Senior Programmer / Assistant IT Manager
Response Analysis & Mailing Ltd

---------------------------------------------------

Direct Line:       +44 (0) 20 8880 8866
Switch Board:      +44 (0) 20 8880 8140
Fax:               +44 (0) 0870 134 0987

Web Site:          www.ram-ltd.co.uk


Quote:
> I got it too but the attachment was named submited.pif

> --
> Brad Kunkel
> Integrated Business, Inc.



> > Hi all,


> > called application.pif with the subject of "Approved"

> > Since the return path points to the SV newsserver, I thought I'd post
> > this here in case someone is having a virus problem...  Here is the
> > complete header information:


> > Received: from CDVAIO (w162.z066088103.bna-tn.dsl.cnc.net
> > [66.88.103.162])
> > by ike.siteprotect.com (8.11.6/8.11.6) with ESMTP id
> > h53F2Qn22852




> > Subject: Approved
> > Date: Tue, 3 Jun 2003 10:01:01 --0500
> > Importance: Normal
> > X-Mailer: Microsoft Outlook Express 6.00.2600.0000
> > X-MSMail-Priority: Normal
> > X-Priority: 3 (Normal)
> > MIME-Version: 1.0
> > Content-Type: multipart/mixed;
> > boundary="CSmtpMsgPart123X456_000_000EF812"
> > Status:  O
> > X-PMFLAGS: 570949760 0 1 P44C50.CNM

> > Best regards,

> > Arnr Baldvinsson
> > Icetips Software
> > San Antonio, Texas, USA
> > www.icetips.com

> > Subscribe to information from Icetips.com:
> > http://www.icetips.com/getnotificationinfo.htm



Sun, 20 Nov 2005 00:48:12 GMT  
 Virus W32.Sobig.C@mm from 3be15be7@news.softvelocity.com
I posted a warning yesterday about this virus. It infected my computer, but
after updating my anti-virus, it took care of it.
It creates a file 'MScvb32.exe' in the %root% and a (in my case) a file
named 'document.pif' in the 'My Documents' directory and 2 entries in the
registry, which I could find and delete manually.
As far as I know, no other damage.
Hope that helps someone...


Quote:
> Hi all,


> called application.pif with the subject of "Approved"

> Since the return path points to the SV newsserver, I thought I'd post
> this here in case someone is having a virus problem...  Here is the
> complete header information:


> Received: from CDVAIO (w162.z066088103.bna-tn.dsl.cnc.net
> [66.88.103.162])
> by ike.siteprotect.com (8.11.6/8.11.6) with ESMTP id
> h53F2Qn22852




> Subject: Approved
> Date: Tue, 3 Jun 2003 10:01:01 --0500
> Importance: Normal
> X-Mailer: Microsoft Outlook Express 6.00.2600.0000
> X-MSMail-Priority: Normal
> X-Priority: 3 (Normal)
> MIME-Version: 1.0
> Content-Type: multipart/mixed;
> boundary="CSmtpMsgPart123X456_000_000EF812"
> Status:  O
> X-PMFLAGS: 570949760 0 1 P44C50.CNM

> Best regards,

> Arnr Baldvinsson
> Icetips Software
> San Antonio, Texas, USA
> www.icetips.com

> Subscribe to information from Icetips.com:
> http://www.icetips.com/getnotificationinfo.htm



Sun, 20 Nov 2005 07:05:10 GMT  
 Virus W32.Sobig.C@mm from 3be15be7@news.softvelocity.com
This is a new worm spreading through the internet - this link tells you all about it

http://www3.ca.com/virusinfo/virus.aspx?ID=35347

Frank Uhlik
Brisbane
Australia

| I got the same virus after i do posting on the news group.
|
|


| > Hi all,
| >

| >

| > >called application.pif with the subject of "Approved"
| >
| > The attachment was actually screensaver.scr - sorry about that.
| >
| > Best regards,
| >
| > Arnr Baldvinsson
| > Icetips Software
| > San Antonio, Texas, USA
| > www.icetips.com

| >
| > Subscribe to information from Icetips.com:
| > http://www.icetips.com/getnotificationinfo.htm
|
|



Sun, 20 Nov 2005 07:33:48 GMT  
 
 [ 8 post ] 

 Relevant Pages 

1. VIRUS WARNING : W32/Sobig.E@mm

2. w32.sobig.a@mm

3. just recieved a new virus W32/Bugbear@MM Virus Found

4. News Server = news.softvelocity.com

5. How to prevent Virus W32.klez.gen@mm

6. W32/Klez.h@MM virus

7. virus w32.magistr.39921@mm

8. Product Support Services - Moderate Security Alert - Virus: W32.Myparty@mm

9. w32.Magistr.24876@mm Virus -- NEED HELP!

10. W32.Nimda.A@mm and W32.Nimda.enc

11. Can't Find Newsgroup news.softvelocity.com

 

 
Powered by phpBB® Forum Software