[modern] Virus

I was just blindsided by a file named “life_stages.txt.shs.”

It is a virus and has replicated itself on the interoffice network.

If my infected computer sends it to the list, DO NOT OPEN the file. Delete it.

Apologies to all if it got to you. I just switched to Windows 2000 and need a
new virus checker - TODAY!

Jim Reminga

Hello Listers,
Very sorry about the virus that was sent to me and then was resent out to
any mail I received before catching it.It appeared to be in an attachment
from a member and am sure he was not aware of it.I believe it is taken care
of now.What did not help me too much was that my computor experience is a
whole two (2) years worth.!!!
Thank you for your patience.
Peter 1989 VDP 161000 approx.

Charles,
You have a virus. It is a worm. The longer it is in your system
the more damage it will do. I got hit with it from a travel agency that
did not know it had it. My McAfee anti-virus caught it but it still took
me 5 days (a weekend in the middle) working with them to remove it. I
then had to reload Windows & Netscape & redo my ISP. I did not lose any
data or programs though. It will start blocking you from efforts to kill
it. Get help as soon as you can.

Ted Zenuk
XK140MC FHC
Tucson, Az.

I don’t want to add to the cacophony of alerts, but I just received a virus
with the filename of readme.mp32.scr. Norton caught it, but it sounds like
the one Charles (?) had because it opens Real Player.

This one ostensibly came from Roger Payne with the Subject of “Engine
Stand”, but with the way the Trojan horses work, that address could have
come from someone else’s address book. At the very least, it appears it’s
coming from the XKs list.

Here is the header info if anyone knows how to read it.

Return-Path: rpayne@austarmetro.com.au
Delivered-To: jot-mws@mail-phnx.uswest.net
Received: (qmail 66677 invoked by uid 0); 26 Nov 2001 11:58:13 -0000
Received: from unknown (HELO mail5.uswest.net) (63.226.138.5)
by mpls-mailin-12.inet.qwest.net with SMTP; 26 Nov 2001 11:58:13 -0000
Received: (qmail 28172 invoked by uid 0); 26 Nov 2001 11:58:13 -0000
Received: from unknown (HELO phnxpop4.phnx.uswest.net) (206.80.192.4)
by mail5.uswest.net with SMTP; 26 Nov 2001 11:58:13 -0000
Received: (qmail 7745 invoked by alias); 26 Nov 2001 11:58:09 -0000
Delivered-To: alias-jaguarot.com-@Mark_Stephenson2
Received: (qmail 7720 invoked by uid 0); 26 Nov 2001 11:58:07 -0000
Received: from smtp.austarmetro.com.au (203.166.224.2)
by phnxpop4.phnx.uswest.net with SMTP; 26 Nov 2001 11:58:07 -0000
Received: from aol.com (cpe-202-10-185-222.can.austar.net.au
[202.10.185.222])
by smtp.austarmetro.com.au (8.11.4/8.11.4) with SMTP id fAQBvb306259
for <@Mark_Stephenson2>; Mon, 26 Nov 2001 22:57:38 +1100
Message-Id: 200111261157.fAQBvb306259@smtp.austarmetro.com.auDate: Mon, 26 Nov 2001 22:57:38 +1100
From: “Roger Payne” _rpayne@austarmetro.com.au
To: @Mark_Stephenson2
Subject: Re: RE: [xk] engine stand
MIME-Version: 1.0
Status: U
X-UIDL: 1006775893.66685.41149.mpls-mailin-12.inet.qwest.net
Content-Type: multipart/related;
type=“multipart/alternative”;
boundary="====ABC1234567890DEF===="
X-Priority: 3
X-MSMail-Priority: Normal
X-Unsent: 1

I implore everyone to please update your virus software and run a scan on
you entire system.

“Mark 1” Mark Stephenson (@Mark_Stephenson2)
1952 XK120 Roadster S673129
1958 Mark 1 / 1984 XJ6 / 1985,6,7 XJ6 VDP
Jaguar Club of Central Arizona (www.cableone.net/jcca)

My first warning came from a fellow who got it from someone on the
E-Type list, mine came from an XK-Engine lister, The one I got from Roger
had an “XK-List” tag… Everyone has had a different subject line…
I think, because J-L has so many folks that are on multiple lists
that this “bug” is “making the rounds” to the various list folks primarily
because we post so much to each other… this bug goes for the address book,
among other things…
Just be on-guard for any e-mail with an attachment that you aren’t
expecting, even if it’s from someone you know…
I’m sending an e-mail to folks ahead of time letting them know the
next e-mail will have an attachment and what the “Subject” line will say…
just in case… better safe than sorry…
Charles #677556-----Original Message-----
From: Mark Stephenson

I don’t want to add to the cacophony of alerts, but I just received a virus
with the filename of readme.mp32.scr. Norton caught it, but it sounds like
the one Charles (?) had because it opens Real Player.

This one ostensibly came from Roger Payne with the Subject of “Engine
Stand”, but with the way the Trojan horses work, that address could have
come from someone else’s address book. At the very least, it appears it’s
coming from the XKs list.

Hello All,
A good Internet Security program is Norton’s Internet Security, go to:
http://www.symantec.com/sabu/nis/nis_pe/
It stopped cold all of the virus craziness happening with the XK List on my
computer and also with my wife’s Border Collie List (W32.Badtrans is there,
too).
Will N. Stevenson----- Original Message -----
From: “Mark Stephenson” marks@jaguarot.com
To: “XK Lovers” xk@jag-lovers.org
Sent: Monday, November 26, 2001 7:41 AM
Subject: [xk] Virus

I don’t want to add to the cacophony of alerts, but I just received a
virus
with the filename of readme.mp32.scr. Norton caught it, but it sounds like
the one Charles (?) had because it opens Real Player.

Just to clarify, it can’t come via the XK list although it certainly can
come from an XK list member. We have have html and attachments turned off
for exactly this reason - to help stop the spread of viruses.

JL
XK list admin----- Original Message -----
From: “Mark Stephenson” marks@jaguarot.com
To: “XK Lovers” xk@jag-lovers.org
Sent: Tuesday, 27 November 2001 02:41
Subject: [xk] Virus

I don’t want to add to the cacophony of alerts, but I just received a
virus
with the filename of readme.mp32.scr. Norton caught it, but it sounds like
the one Charles (?) had because it opens Real Player.

This one ostensibly came from Roger Payne with the Subject of “Engine
Stand”, but with the way the Trojan horses work, that address could have
come from someone else’s address book. At the very least, it appears it’s
coming from the XKs list.

Here is the header info if anyone knows how to read it.

Return-Path: rpayne@austarmetro.com.au
Delivered-To: jot-mws@mail-phnx.uswest.net
Received: (qmail 66677 invoked by uid 0); 26 Nov 2001 11:58:13 -0000
Received: from unknown (HELO mail5.uswest.net) (63.226.138.5)
by mpls-mailin-12.inet.qwest.net with SMTP; 26 Nov 2001 11:58:13 -0000
Received: (qmail 28172 invoked by uid 0); 26 Nov 2001 11:58:13 -0000
Received: from unknown (HELO phnxpop4.phnx.uswest.net) (206.80.192.4)
by mail5.uswest.net with SMTP; 26 Nov 2001 11:58:13 -0000
Received: (qmail 7745 invoked by alias); 26 Nov 2001 11:58:09 -0000
Delivered-To: alias-jaguarot.com-marks@jaguarot.com
Received: (qmail 7720 invoked by uid 0); 26 Nov 2001 11:58:07 -0000
Received: from smtp.austarmetro.com.au (203.166.224.2)
by phnxpop4.phnx.uswest.net with SMTP; 26 Nov 2001 11:58:07 -0000
Received: from aol.com (cpe-202-10-185-222.can.austar.net.au
[202.10.185.222])
by smtp.austarmetro.com.au (8.11.4/8.11.4) with SMTP id fAQBvb306259
for marks@jaguarot.com; Mon, 26 Nov 2001 22:57:38 +1100
Date: Mon, 26 Nov 2001 22:57:38 +1100
Message-Id: 200111261157.fAQBvb306259@smtp.austarmetro.com.au
From: “Roger Payne” _rpayne@austarmetro.com.au
To: marks@jaguarot.com
Subject: Re: RE: [xk] engine stand
MIME-Version: 1.0
Status: U
X-UIDL: 1006775893.66685.41149.mpls-mailin-12.inet.qwest.net
Content-Type: multipart/related;
type=“multipart/alternative”;
boundary="====ABC1234567890DEF===="
X-Priority: 3
X-MSMail-Priority: Normal
X-Unsent: 1

I implore everyone to please update your virus software and run a scan on
you entire system.

“Mark 1” Mark Stephenson (marks@jaguarot.com)
1952 XK120 Roadster S673129
1958 Mark 1 / 1984 XJ6 / 1985,6,7 XJ6 VDP
Jaguar Club of Central Arizona (www.cableone.net/jcca)

To Tom Ekering/ Holland
Tom
Your machine may have been infected. A message from you discussing a cruise
was discovered and quarantined by Norton Antivirus as infected.
Please check
Best regards
Klaus W. Nielsen

Hi Folks,
I just got a message from “Webmaster JagLovers.com” that had an attachment
with apparent info re my registration with JL. The attachment was actually a
virus called WORM_SOBER.S. I don’t know how it got to come to me but as a
general warning be very cautious if you get a similar message. Needless to
say the message has been deleted.

Regards
Len Brighton
150fhc S824101BW
Wheelers Hill
Victoria Australia 3150
(15 miles south east of Melbourne)

Len’s home page http://www.alphalink.com.au/~minerva/

Len i got it too from lofty server said account details and password
blah blah carries a virus Delete it----- Original Message -----
From: “Len Brighton” lenbrighton@hotmail.com
To: xk@jag-lovers.org
Sent: Tuesday, May 03, 2005 11:26 PM
Subject: [xk] Virus

Hi Folks,
I just got a message from “Webmaster JagLovers.com” that had an attachment
with apparent info re my registration with JL. The attachment was actually
a
virus called WORM_SOBER.S. I don’t know how it got to come to me but as a
general warning be very cautious if you get a similar message. Needless to
say the message has been deleted.

Regards
Len Brighton
150fhc S824101BW
Wheelers Hill
Victoria Australia 3150
(15 miles south east of Melbourne)

Len’s home page http://www.alphalink.com.au/~minerva/


No virus found in this incoming message.
Checked by AVG Anti-Virus.
Version: 7.0.308 / Virus Database: 266.11.0 - Release Date: 4/29/05

Hi Len

Thanks for the heads up to everyone, yes I can confirm that this is
definitely not an email anyone should be opening and isn’t really from
Jag-lovers

JL
XK admin

Len Brighton wrote:> Hi Folks,

I just got a message from “Webmaster JagLovers.com” that had an
attachment with apparent info re my registration with JL. The attachment
was actually a virus called WORM_SOBER.S. I don’t know how it got to
come to me but as a general warning be very cautious if you get a
similar message. Needless to say the message has been deleted.

Regards
Len Brighton
150fhc S824101BW
Wheelers Hill
Victoria Australia 3150
(15 miles south east of Melbourne)

Len’s home page http://www.alphalink.com.au/~minerva/