|
|||||||
 |
|
|
LinkBack | Thread Tools | Search this Thread |
Rating: 
|
Display Modes |
01-02-2001, 08:26 PM
|
#1 |
|
Perpetual Newbie
Join Date: Mar 1999
Location: NY, US
Posts: 1,682
 |
I just received E-mail without subject with attached file: AGOLMAAG.EXE. I run Inoculate, and file contains Win32.Hybris.B virus. What is this all about?
This where from I received, and who sent it: Received: from snipe.prod.itd.earthlink.net (snipe.prod.itd.earthlink.net [207.217.120.62]) by merlin.prod.itd.earthlink.net (8.9.3-EL_1_3/8.9.3) with ESMTP id RAA23217 for <"my e-mail address">; Tue, 2 Jan 2001 17:39:03 -0800 (PST) Received: from netsurfer (mp-217-240-198.daxnet.no [193.217.240.198]) by snipe.prod.itd.earthlink.net (EL-8_9_3_3/8.9.3) with SMTP id RAA14112 for <"my e-mail address">; Tue, 2 Jan 2001 17:38:52 -0800 (PST) Date: Tue, 2 Jan 2001 17:38:52 -0800 (PST) Message-Id: <200101030138.RAA14112@snipe.prod.itd.earthlink.net> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="--VEWXUV4HQNCH2RO9MVSXQFCTYNSPQJS1ENOH" X-UIDL: 3cc7022fde0b6b685f139f4fc1d60736 ----VEWXUV4HQNCH2RO9MVSXQFCTYNSPQJS1ENOH Content-Type: text/plain; charset="us-ascii" ----VEWXUV4HQNCH2RO9MVSXQFCTYNSPQJS1ENOH Content-Type: application/octet-stream; name="AGOLMAAG.EXE" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="AGOLMAAG.EXE" |
|
|
|
01-02-2001, 08:32 PM
|
#2 |
|
Perpetual Newbie
Join Date: Mar 1999
Location: NY, US
Posts: 1,682
|
How to find out who sent?
|
|
|
|
|
01-02-2001, 09:13 PM
|
#3 |
|
Computer Tool
Join Date: May 1999
Location: Springfield, Missouri
Posts: 1,536
|
Whoever sent it does not even know that they did. They just have your address in the address book. You can read all about it all over the net. Just use your favorite search engine.
__________________
Breitbart is here: War! on Twitter @kirkahall |
|
|
|
|
01-02-2001, 10:01 PM
|
#4 |
|
Premium Member
Join Date: Jun 1999
Posts: 9,231
|
Email the addy of the person(s) who sent you the mail before you got the attachment, they're prolly infected.
|
|
|
|
|
01-03-2001, 12:37 AM
|
#5 |
|
Perpetual Newbie
Join Date: Mar 1999
Location: NY, US
Posts: 1,682
|
What is prolly?
Can it be i've received this e-mail with attachment from the last person I received e-mail , or could it be from someone I had correspondence a few days ago? What about newsgroups? Could it come from someone from usenet? |
|
|
|
|
01-03-2001, 05:40 AM
|
#6 |
|
Premium Member
Join Date: Jun 1999
Posts: 9,231
|
 Prolly=probably .. I had saved 3 whole typed characters, not anymore!Hybris has the "feature" of sending a 2nd mail along with some mail that was already sent. The SMTP servers are usually the same, but there are a few different headers, especially since there is no stamp from an email client itself. Hence I'd said that the persons who sent you the last few mails were probably infected. And the mail came from them... its just a narrowing down. PS: Hybris variants do not propagate through the NNTP. From what has been documented hitherto .. but its a good idea, hopefully the creators will drop by here sometime! [Edited by Ex-Static-Cling on 01-03-2001 at 08:10 AM] |
|
|
|
|
01-03-2001, 07:17 PM
|
#7 |
|
Perpetual Newbie
Join Date: Mar 1999
Location: NY, US
Posts: 1,682
|
Thanks to both of you,
I checked properties of e-mail received before I got .exe attachment, didn't see nothing simmilar in mail server info. I have received/sent several e-mails to users of HWC and Anand in recent days, do you think, should I post on these forums similar messages? Will check/compare other e-mails received in recent days. In my ~3 year PC experience this is 1st time I received virus. I haven't even AV when I recveived e-mail, but after first look @ this e-mail, I knew it was virus, installed InoculateIT right away, scanned- just confirmed what I suspected. Thanks again for any info. |
|
|
|
|
| Bookmarks |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
Linear Mode
