Skinbase.org Skinbase.org

New DANGER!!!

By adni18
1,553 views 41 replies
pk avatar
pk
Member
OP
I get like 5 emails with that in a week (not from &quot;skinbase authors&quot; btw). I think everyone knows how to handle these (everyone should at least..). <br /> <br />Didnt get any special things though
cuttheredwire avatar
cuttheredwire
Member
Note: .pif files are also used instead of .lnk files for dos programs and batch files. These things could do anything from format your computer to harmlessly pull up a DOS box and say &quot;<i>Boo!</i>&quot;.
doreen avatar
doreen
Member
and a 12 gauge shotgun... just to be sure. <br />Posted by: grimspoon <br /> <br />hehe grim...
adni18 avatar
adni18
Member
Thanks for your info +0 :) <br /> <br />It is not 10th of September 2003 yet ;)
0 avatar
0
Member
I&acute;ve just gotten this info on this virus: <br />_________________________________________________________________ <br /> <br />NAME: Sobig.F <br />ALIAS: W32/Sobig.F@mm <br /> <br /> <br /> <br /> <br />THIS VIRUS IS RANKED AS LEVEL 1 ALERT <br />UNDER F-SECURE RADAR. <br />For more information, see: <br />http://www.F-Secure.com/products/radar/ <br /> <br /> <br />A new variant of Sobig, known as Sobig.F was first found on August 19th, 2003 and it is spreading in the wild. <br /> <br />The executable has a size of around 70KB and it&acute;s packed with TELock. It has its own SMTP engine, apart from routines to query directly DNS servers and make requests using the Network Time Protocol. <br /> <br />The worm also has updating capabilities. It will attempt to download updated versions when certain conditions are met. <br /> <br />Deactivation routine <br /> <br />The worm will stop spreading on 10th of September 2003. From this date onwards the worm will exit immediately when executed. <br /> <br />Infection <br /> <br />It will install itself into: <br /> <br /> <br /> %windir%\winppr32.exe <br /> <br />Proceeding then to add the following keys to the Windows Registry: <br /> <br /> <br /> [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <br /> &quot;TrayX&quot; = %windir%\winppr32.exe /sinc <br /> <br /> <br /> [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <br /> &quot;TrayX&quot; = %windir%\winppr32.exe /sinc <br /> <br />So it&acute;s started when Windows does. <br /> <br />Mail spreading <br /> <br />The worm usually arrives in e-mails with the following characteristics: <br /> <br />From: <br /> <br /> <br /> The &acute;From:&acute; field is filled with an address found from the infected system. <br /> If no address is found, it will use &quot;admin@internet.com&quot; <br /> <br />To: <br /> <br /> <br /> The &acute;To:&acute; field is filled with an address found from the infected system. <br /> <br />Subject, any from the list: <br /> <br /> <br /> Re: Thank you! <br /> Thank you! <br /> Your details <br /> Re: Details <br /> Re: Re: My details <br /> Re: Approved <br /> Re: Your application <br /> Re: Wicked screensaver <br /> Re: That movie <br /> <br />Body, it chooses one from the two following lines: <br /> <br /> <br /> See the attached file for details <br /> Please see the attached file for details. <br /> <br /> <br />Attachment names can be any from: <br /> <br /> <br /> your_document.pif <br /> document_all.pif <br /> thank_you.pif <br /> your_details.pif <br /> details.pif <br /> document_9446.pif <br /> application.pif <br /> wicked_scr.scr <br /> movie0045.pif <br />_________________________________________________________________ <br /> <br />That should help out anyone who has been infected, though it doesn&acute;t sound like anyone here has (I got no emoticon for crossing my fingers...or knocking on wood...:D) <br /> <br />
grimspoon avatar
grimspoon
Member
Nothing here either.. not a sausage! <br /> <br />For personal protection I use: <br />Sygate Firewall <br />12 Ghosts PopUp blocker <br />Avast anti virus <br />and a 12 gauge shotgun... just to be sure.
craeonics avatar
craeonics
Member
Yeah, weird that. Still no virii here. <br /> <br />And I have no friends, only loyal fans who worship me and whom I ruthkessly exploit by selling them crae merchandise.
doreen avatar
doreen
Member
funny I get screamed about security on my system from them? and they get knocked out and I&acute;m still standing! hehe

Edited

doreen avatar
doreen
Member
I&acute;m not crae&acute;s friend! I&acute;m stuck w/ him as his sister... <br />(cept I don&acute;t wear wooden shoes like him) =) <br /> <br />and that virus that was attacking everyone never touched me but it took everyone out on the network at my hospital that I work for... =( <br />they had to fix each machine &quot;One by One by One by One&quot; was not good...
adni18 avatar
adni18
Member
You are not going to believe that, the number of those virus-e-mails I have received is <b>1342 </b>!!!! <br />And still comming! Now Norton can understand them and there is no problem, just wasting of time :sad: <br />Though, <b>none of those is from Skinbase</b>. We are still clear here ;) <br /> <br /> <br />Hey Snow, crae has at least one friend, which is me ;) :grin:
0 avatar
0
Member
I was just checking all of the e-mail addresses that I&acute;ve used with this site and the 1st 1 scared the crap out of me...coldmail.nu has this full screen download page for a program called clipgenie... <br /> <br />IT TOOK MY WHOLE SCREEN!!! THE DAMN THING TRIED TO INSTALL ANYWAY WHEN I TRIED TO CLOSE IT!!! <br /> <br />luckily alt--tab brought me over to my e-mail. No viruses in that 1 (WHEW). :grin:

Edited

snowman avatar
snowman
Member
you have friends, crae?!?! Wow..... <br /> <br />/me hides behind Dor }:D
craeonics avatar
craeonics
Member
Yup. Shoot one over, for I sitll haven&acute;t received one. Probably because none of my friends click on virii/worms or use address books.
cuttheredwire avatar
cuttheredwire
Member
Crae: If you really want, I can send you one of those virii. I can zip if first if you want too. These have to be run to infect you, right?
iamrelevart avatar
iamrelevart
Member
I love the ones that pop up DOS boxes with messages. .. . I love them good. . . No, seriously, these little viruses are to be taken quite seriously. If you think, even for a minute, that you might have contracted one of these pretty little beasts, you should either go looking for it yourself, if you&acute;re knowledgeable enough, or ask someone who knows. . . these buggers can really screw up your system and then all that pretty work you were just about to upload for us to enjoy goes *POOF*. Not even a farewell kiss. :&acute;-(
karenina avatar
karenina
Member
OMG you mean even though I did not check the box to receive any email from this site I will still get email? I just joined here 5 minutes ago & I don&acute;t want email. <br />Karenina :sleetgrave
adni18 avatar
adni18
Member
I am going to have a record today! <br />The number of the e-mails with viruses I have received to day is <b>372 </b> !!!! <br />And still comming :,
chickie avatar
chickie
Member
LOL @ Snowy too. Crae, becareful what you ask for. ;)
valhalla avatar
valhalla
Member
LOL @ Snowy
snowman avatar
snowman
Member
crae, that could arranged.... ;) ;)
adni18 avatar
adni18
Member
I just received now 92 e-mails, all with the .pif attachment!!! 92 is too much! :( <br /> <br />Thanks for the info Kevin :)
craeonics avatar
craeonics
Member
=sniff= <br />=sniff= <br /> <br />No-one ever sends me a virus, boohoo!!
snowman avatar
snowman
Member
I just got 66 new mails in my inbox - 65 with virus attached.... neat huh?!
adni18 avatar
adni18
Member
The strange thing is that the e-mails I have received, are from Skinbase authors and I don&acute;t believe that those authors have send me any e-mail, they don&acute;t even know it. <br /> For me this case sounds like a new virus!
cuttheredwire avatar
cuttheredwire
Member
I got 4 of them. :D I saved them in my yahoo briefe case if anyone wants one. :evil Strange thing is I haven&acute;t gotten any spam until recently. None for years. Now I get a few and these viruses. Most of them are from these *.ee domains. Very wierd.
craeonics avatar
craeonics
Member
I got one! I got one! It&acute;s zipped up and bundled with six thousand warnings, but I have finally gotten that virus. Shame I can&acute;t just view what&acute;s inside, for them blasted .pif&acute;s are in binary. <br /> <br />I&acute;d say it&acute;s pretty big filesize wise considering what it does.
lg avatar
lg
Member
You wouldn&acute;t believe I received 7 of those email <br />But <br />I use Norton Internet Secuirity <br />& MailWasher Pro to block out all my spam and virus emails <br /> <br />You should get these progs they are really good!
cuttheredwire avatar
cuttheredwire
Member
Assembly language time! :P
cuttheredwire avatar
cuttheredwire
Member
I thought about uploading it here, but that seems like a no-no. I doubt you want viruses on your server even if they are zipped up safely.
cuttheredwire avatar
cuttheredwire
Member
It looks like I got a few versions of these. ^.^ Neeto! I like this virus. I&acute;d like to see what it&acute;s smtp engine looks like. That is a tiny lil engine there. What kinda damage does it do? <br /> <br />Very freaky that it stops the day before 9-11-2003 though. o.O; <br /> <br />I have a copy of the virus zipped up, with a readme, and ready to go. Anyone who wants it can just say so. Just don&acute;t blame me if it kills your system. ❌ <br /> <br />Crae: I already sent it to you. Looks like you got one friend at least. :boo /me <br /> <br />

Edited

xenu avatar
xenu
Member
I also got several mails... but - c&acute;mon who would seriously start a file like this?!? <br />would be interesting to know which files (data) the virus wants to transfer...
adni18 avatar
adni18
Member
Hi Xenu, <br />The problem for many people, one of them is me, it is not the virus it&acute;s self, but the huge amount of e-mails that comming to the e-mail in-box. <br />Having about 10.000 e-maisl daily coming to your inbox it is a <b> huge wasting of time </b> !!! <br /> <br />The virus is an exe file that may have different orders to your system, for example: Format disk, Delete all files etc. <br /> <br />I guess nobody any more, even think about to run an exe file that has been received by an e-mail ;)

Edited

davenger avatar
davenger
Member
4k each day ... this ain&acute;t much fun even with MailWasher 😢
adni18 avatar
adni18
Member
This is true DAvenger :,
craeonics avatar
craeonics
Member
Now it&acute;s really getting interesting. I&acute;ve received two emails from mailservers claiming that <b>I</b> sent <i>them</i> an email containg the Sobig virus. One even requesting me to &quot;clean my system&quot;. <br /> <br />What&acute;s so interesting about this? <br /> <br />1. The recipient of those emails is unknown to me. Since worms as such use you own address book to spread and I don&acute;t even have an address book, nor do I know anyone with emailaddress X, it&acute;s very unlikely that I sent those messages <br />2. The ip-address and server of the sender are not mine, so I didn&acute;t send those messages. <br />3. The mail app used to send those messages (Outlook) does not exist on any of my systems. It&acute;s the first thing I ditch whenever I install Windows. <br />4. My system is virus/worm-free. <br /> <br />Okay, so I didn&acute;t do it then. But what&acute;s so interesting about this imposter virus? It&acute;s using harvested email addresses as sender!! That means that I am getting blamed for things I have nothing to do with. <br /> <br />Nasty.
doreen avatar
doreen
Member
/me never did catch that virus nor recieve one single e-mail w/ that thing &quot;Thank God&quot; <br />(dare I brag yet again) but everyone around me did...
doreen avatar
doreen
Member
okay wise guys knock it off now... (me got a virus or joke virus but me is not quite that stupid to open it)
craeonics avatar
craeonics
Member
Ha!. As we say over here: god punishes instantly.
pk avatar
pk
Member
hehe, we same the same here :p <br /> <br />Crae: I think De Dijk has a nice song about it.. :)
doreen avatar
doreen
Member
oh you be quiet you dutchy... <br />well it is also said God chastises those he loves (so he must love me alot!) hehe <br />/me no brag no more that&acute;s it for me
Sign in to post a reply.