Help, pls, with *.txt.pif file...
Author |
Message |
Vinnie Rinald #1 / 6
|
 Help, pls, with *.txt.pif file...
I received 2 emails from a buddy who I hadn't heard from in some time... both came up as follows: Subject: Joseph E (which is his first name and middle initial).. The message body contained something like:... Hi, I wanted your advice, read and let me know what you think... Attached was a text file... readme.txt.pif.... about 59 bytes..I opened it, nothing in it.... but, should have known better... Nothing has happened, (anything from a previous post is nowhere to be found re: badtrans worm, etc...) , my InoculateIT is totally up to date, caught nothing when I opened this file..... I then deleted these emails, restarted in Safe Mode.. complete scan... again, nothing... am I missing something, or am I very very lucky? As always, thanks for your help! -- B'rgds, Vinnie
|
Fri, 06 Feb 2004 22:53:06 GMT |
|
 |
D McAuliff #2 / 6
|
 Help, pls, with *.txt.pif file...
The text is classic SirCam. Your AV should have caught it. To verify that you are infected you could email someone in your MS email address book and ask them if they recently received an email attachment from you. Also ask your buddy if he intended to send the mails. If you don't use MS (or use their address book) then you may have prevented it from spreading but are still susceptible to internal damage. You could also do a registry search (if you're comfortable with it): Start*Run "regedit", under edit*find put in "SirCam" (all 3 -look at- are checked.). If it finds a key then close the window and go to
tml or http://www.invircible.com/news/news_details.php?id=39 for removal instructions. Good Luck -- ~~~~~~~~~~~~~~~~~ Dave McAuliffe <Central Mass.> USA Remove X from address ~~~~~~~~~~~~~~~~~ ==========================================================
Quote: > I received 2 emails from a buddy who I hadn't heard from in some time... > both came up as follows: > Subject: Joseph E (which is his first name and middle initial).. > The message body contained something like:... Hi, I wanted your advice, read > and let me know what you think... > Attached was a text file... readme.txt.pif.... about 59 bytes..I opened it, > nothing in it.... but, should have known better... > Nothing has happened, (anything from a previous post is nowhere to be found > re: badtrans worm, etc...) , my InoculateIT is totally up to date, caught > nothing when I opened this file..... I then deleted these emails, restarted > in Safe Mode.. complete scan... again, nothing... am I missing something, or > am I very very lucky? > As always, thanks for your help! > -- > B'rgds, > Vinnie
|
Sat, 07 Feb 2004 02:03:57 GMT |
|
 |
Vinnie Rinald #3 / 6
|
 Help, pls, with *.txt.pif file...
Thanks Gail- Thanks Dave... I downloaded, scanned, and ran the SirCam 'fix'... it found nothing.... I searched thru the Registry... nothing...in addition, no emails went out from me, I checked/asked around... I also have an AOL address, which is listed in my Address Book... nothing... And, as I said, InnoculateIT found nothing when it arrived, and with an additional scan...nothing... Is it safe to say I'm lucky?????? -- B'rgds, Vinnie
Quote: > The text is classic SirCam. Your AV should have caught it. To verify that > you are infected you could email someone in your MS email address book and > ask them if they recently received an email attachment from you. Also ask > your buddy if he intended to send the mails. If you don't use MS (or use > their address book) then you may have prevented it from spreading but are > still susceptible to internal damage. You could also do a registry search > (if you're comfortable with it): Start*Run "regedit", under edit*find put in > "SirCam" (all 3 -look at- are checked.). If it finds a key then close the > window and go to
Quote: > tml > or http://www.invircible.com/news/news_details.php?id=39 for removal > instructions. > Good Luck > -- > ~~~~~~~~~~~~~~~~~ > Dave McAuliffe > <Central Mass.> USA > Remove X from address > ~~~~~~~~~~~~~~~~~ > ==========================================================
> > I received 2 emails from a buddy who I hadn't heard from in some time... > > both came up as follows: > > Subject: Joseph E (which is his first name and middle initial).. > > The message body contained something like:... Hi, I wanted your advice, > read > > and let me know what you think... > > Attached was a text file... readme.txt.pif.... about 59 bytes..I opened > it, > > nothing in it.... but, should have known better... > > Nothing has happened, (anything from a previous post is nowhere to be > found > > re: badtrans worm, etc...) , my InoculateIT is totally up to date, caught > > nothing when I opened this file..... I then deleted these emails, > restarted > > in Safe Mode.. complete scan... again, nothing... am I missing something, > or > > am I very very lucky? > > As always, thanks for your help! > > -- > > B'rgds, > > Vinnie
|
Sat, 07 Feb 2004 04:35:52 GMT |
|
 |
Ben Myer #4 / 6
|
 Help, pls, with *.txt.pif file...
Quote: > Thanks Gail- Thanks Dave... > I downloaded, scanned, and ran the SirCam 'fix'... it found nothing.... I > searched thru the Registry... nothing...in addition, no emails went out from > me, I checked/asked around... I also have an AOL address, which is listed in > my Address Book... nothing... > And, as I said, InnoculateIT found nothing when it arrived, and with an > additional scan...nothing... > Is it safe to say I'm lucky??????
If you are running Windows NT or 2000, you are probably OK. If not, click "Start", "Run", type "command" and click "OK". Then type "dir \recycled\sirc32.exe" and press "Enter". If the file exists, the computer may be infected. Ben
|
Sat, 07 Feb 2004 09:49:26 GMT |
|
 |
Vinnie Rinald #5 / 6
|
 Help, pls, with *.txt.pif file...
Ben, file not found!! thanks! -- B'rgds, Vinnie
Quote:
> > Thanks Gail- Thanks Dave... > > I downloaded, scanned, and ran the SirCam 'fix'... it found nothing.... I > > searched thru the Registry... nothing...in addition, no emails went out > from > > me, I checked/asked around... I also have an AOL address, which is listed > in > > my Address Book... nothing... > > And, as I said, InnoculateIT found nothing when it arrived, and with an > > additional scan...nothing... > > Is it safe to say I'm lucky?????? > If you are running Windows NT or 2000, you are probably OK. If not, > click "Start", "Run", type "command" and click "OK". Then type > "dir \recycled\sirc32.exe" and press "Enter". If the file exists, the > computer may be infected. > Ben
|
Sat, 07 Feb 2004 17:37:44 GMT |
|
 |
Orhan O. Ba #6 / 6
|
 Help, pls, with *.txt.pif file...
Hi, this is a common way of viruses, using visible second extensions ( despite they can use invisible second extensions or embedded codes too ) to be able to propagate themselves. if you also calculate virus code creation kits / tools, and thus any one can create a virus with them, it may varies. For this reason you may configure your AV as Scan All Files ( with no exclusion ) and Scan All Directories ( to include "Recycle Bin" either.) Do not forget that you can also create a file like that. in your status, if nothing has happened as you said, it may not be a virus as well !! Or maybe crashed while running; did you checked for strange registry keys ? anyway it sound like MTX ( http://vil.nai.com/VIL/virusSummary.asp?virus_k=98797 ) but not for sure, since you have no actual symptoms...
Quote: > I received 2 emails from a buddy who I hadn't heard from in some time... > both came up as follows: > Subject: Joseph E (which is his first name and middle initial).. > The message body contained something like:... Hi, I wanted your advice, read > and let me know what you think... > Attached was a text file... readme.txt.pif.... about 59 bytes..I opened it, > nothing in it.... but, should have known better... > Nothing has happened, (anything from a previous post is nowhere to be found > re: badtrans worm, etc...) , my InoculateIT is totally up to date, caught > nothing when I opened this file..... I then deleted these emails, restarted > in Safe Mode.. complete scan... again, nothing... am I missing something, or > am I very very lucky? > As always, thanks for your help! > -- > B'rgds, > Vinnie
|
Fri, 13 Feb 2004 20:38:06 GMT |
|
|
|