 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
Windows Forum / Windows Me / General Topics / September 2006e-postca4rds
Are e-postcards from an unknown source 'legit'? The source surely seems to be. A 'friend' supposedly sent me this card, but his or her names are not revealed. Without certain assurances I will not open the given link. The filename is 'postcard.gif.exe'. This is a first for me. T.I.A. Harry. From: "webster72n" <webster72n(skipthis)@gmail.com> | Are e-postcards from an unknown source 'legit'? | The source surely seems to be. [quoted text clipped - 6 lines] | | Harry. No. Absoulutely not ! Do NOT execute 'postcard.gif.exe' it is an IRCBot ! Antivirus Version Update Result AntiVir 7.2.0.16 09.16.2006 TR/Zapchast.BZ Authentium 4.93.8 09.15.2006 no virus found Avast 4.7.844.0 09.15.2006 no virus found AVG 386 09.15.2006 no virus found BitDefender 7.2 09.17.2006 no virus found CAT-QuickHeal 8.00 09.15.2006 no virus found ClamAV devel-20060426 09.17.2006 Trojan.IRCBot-arc DrWeb 4.33 09.16.2006 no virus found eTrust-InoculateIT 23.72.127 09.16.2006 no virus found eTrust-Vet 30.3.3078 09.15.2006 no virus found Ewido 4.0 09.16.2006 no virus found Fortinet 2.82.0.0 09.17.2006 IRC/Client F-Prot 3.16f 09.15.2006 no virus found F-Prot4 4.2.1.29 09.15.2006 no virus found Kaspersky 4.0.2.24 09.17.2006 Backdoor.Win32.mIRC-based McAfee 4853 09.15.2006 IRC/Flood.ev Microsoft 1.1560 09.17.2006 Backdoor:IRC/Cloner.T NOD32v2 1.1759 09.16.2006 IRC/Zapchast Norman 5.90.23 09.15.2006 no virus found Panda 9.0.0.4 09.16.2006 Suspicious file Sophos 4.09.0 09.16.2006 no virus found Symantec 8.0 09.17.2006 no virus found TheHacker 5.9.8.213 09.16.2006 no virus found UNA 1.83 09.15.2006 Backdoor.mIRC-based.F43F VBA32 3.11.1 09.15.2006 Backdoor.IRC.Cloner.ae#9 VirusBuster 4.3.7:9 09.16.2006 IRC.Zapchast.AQ  SignatureDave http://www.claymania.com/removal-trojan-adware.html http://www.ik-cs.com/got-a-virus.htm Another variant... It should be noted this is a multi-facted infector. It is actually a Trojan infected with a virus ! Antivirus Version Update Result AntiVir 7.2.0.16 09.16.2006 TR/Zapchas.F Authentium 4.93.8 09.15.2006 could be a corrupted executable file Avast 4.7.844.0 09.15.2006 Win32:Parite AVG 386 09.15.2006 IRC/BackDoor.Flood BitDefender 7.2 09.17.2006 no virus found CAT-QuickHeal 8.00 09.15.2006 no virus found ClamAV devel-20060426 09.17.2006 W32.Parite.B eTrust-InoculateIT 23.72.127 09.16.2006 no virus found eTrust-Vet 30.3.3078 09.15.2006 no virus found DrWeb 4.33 09.16.2006 Win32.Parite.2 Ewido 4.0 09.16.2006 no virus found Fortinet 2.82.0.0 09.17.2006 IRC/Zapchas.BX!tr F-Prot 3.16f 09.15.2006 no virus found F-Prot4 4.2.1.29 09.15.2006 no virus found Ikarus 0.2.65.0 09.16.2006 no virus found Kaspersky 4.0.2.24 09.17.2006 no virus found McAfee 4853 09.15.2006 no virus found Microsoft 1.1560 09.17.2006 no virus found NOD32v2 1.1759 09.16.2006 IRC/Zapchast.L Norman 5.80.02 09.15.2006 Zapchast.LS Panda 9.0.0.4 09.16.2006 no virus found Sophos 4.09.0 09.16.2006 Troj/Zapchas-BX Symantec 8.0 09.17.2006 no virus found TheHacker 6.0.1.071 09.17.2006 no virus found UNA 1.83 09.15.2006 no virus found VBA32 3.11.1 09.15.2006 Trojan.IRC.Zapchast.L#5 VirusBuster 4.3.7:9 09.16.2006 no virus found Definitely glad to have you around, Dave. Harry. Another variant... It should be noted this is a multi-facted infector. It is actually a Trojan infected with a virus ! Antivirus Version Update Result AntiVir 7.2.0.16 09.16.2006 TR/Zapchas.F Authentium 4.93.8 09.15.2006 could be a corrupted executable file Avast 4.7.844.0 09.15.2006 Win32:Parite AVG 386 09.15.2006 IRC/BackDoor.Flood BitDefender 7.2 09.17.2006 no virus found CAT-QuickHeal 8.00 09.15.2006 no virus found ClamAV devel-20060426 09.17.2006 W32.Parite.B eTrust-InoculateIT 23.72.127 09.16.2006 no virus found eTrust-Vet 30.3.3078 09.15.2006 no virus found DrWeb 4.33 09.16.2006 Win32.Parite.2 Ewido 4.0 09.16.2006 no virus found Fortinet 2.82.0.0 09.17.2006 IRC/Zapchas.BX!tr F-Prot 3.16f 09.15.2006 no virus found F-Prot4 4.2.1.29 09.15.2006 no virus found Ikarus 0.2.65.0 09.16.2006 no virus found Kaspersky 4.0.2.24 09.17.2006 no virus found McAfee 4853 09.15.2006 no virus found Microsoft 1.1560 09.17.2006 no virus found NOD32v2 1.1759 09.16.2006 IRC/Zapchast.L Norman 5.80.02 09.15.2006 Zapchast.LS Panda 9.0.0.4 09.16.2006 no virus found Sophos 4.09.0 09.16.2006 Troj/Zapchas-BX Symantec 8.0 09.17.2006 no virus found TheHacker 6.0.1.071 09.17.2006 no virus found UNA 1.83 09.15.2006 no virus found VBA32 3.11.1 09.15.2006 Trojan.IRC.Zapchast.L#5 VirusBuster 4.3.7:9 09.16.2006 no virus found Thank you David. Somehow I was suspecting such a response.. It will be deleted immediately. Hopefully it will also alert others with the same or a similar situation. Another good reason to appreciate this NG. Harry. From: "webster72n" <webster72n(skipthis)@gmail.com> | Are e-postcards from an unknown source 'legit'? | The source surely seems to be. | A 'friend' supposedly sent me this card, but his or her names are not | revealed. Without certain assurances I will not open the given link. | The filename is 'postcard.gif.exe'. | This is a first for me. | | T.I.A. | | Harry. | No. Absoulutely not ! Do NOT execute 'postcard.gif.exe' it is an IRCBot ! Antivirus Version Update Result AntiVir 7.2.0.16 09.16.2006 TR/Zapchast.BZ Authentium 4.93.8 09.15.2006 no virus found Avast 4.7.844.0 09.15.2006 no virus found AVG 386 09.15.2006 no virus found BitDefender 7.2 09.17.2006 no virus found CAT-QuickHeal 8.00 09.15.2006 no virus found ClamAV devel-20060426 09.17.2006 Trojan.IRCBot-arc DrWeb 4.33 09.16.2006 no virus found eTrust-InoculateIT 23.72.127 09.16.2006 no virus found eTrust-Vet 30.3.3078 09.15.2006 no virus found Ewido 4.0 09.16.2006 no virus found Fortinet 2.82.0.0 09.17.2006 IRC/Client F-Prot 3.16f 09.15.2006 no virus found F-Prot4 4.2.1.29 09.15.2006 no virus found Kaspersky 4.0.2.24 09.17.2006 Backdoor.Win32.mIRC-based McAfee 4853 09.15.2006 IRC/Flood.ev Microsoft 1.1560 09.17.2006 Backdoor:IRC/Cloner.T NOD32v2 1.1759 09.16.2006 IRC/Zapchast Norman 5.90.23 09.15.2006 no virus found Panda 9.0.0.4 09.16.2006 Suspicious file Sophos 4.09.0 09.16.2006 no virus found Symantec 8.0 09.17.2006 no virus found TheHacker 5.9.8.213 09.16.2006 no virus found UNA 1.83 09.15.2006 Backdoor.mIRC-based.F43F VBA32 3.11.1 09.15.2006 Backdoor.IRC.Cloner.ae#9 VirusBuster 4.3.7:9 09.16.2006 IRC.Zapchast.AQ -- Dave http://www.claymania.com/removal-trojan-adware.html http://www.ik-cs.com/got-a-virus.htm | Thank you David. | Somehow I was suspecting such a response.. [quoted text clipped - 3 lines] | | Harry. The double extension .gif.exe should be your first clue of mallacious intent. SignatureDave http://www.claymania.com/removal-trojan-adware.html http://www.ik-cs.com/got-a-virus.htm Harry, Please cite the exact URL to which you refer. Google finds may URLs under the subject heading. Once done, we can help you resolve your issue. Most importantly in the Privacy Statement issued by every Legit site. If none, you should not be surfing the said site. Hoping this helps - Harry? Silj Signaturesiljaline MS - MVP Windows (IE/OE) & Windows Security, AH-VSOP Security Tools Updates http://aumha.net/viewforum.php?f=31 Reply to group, as return address is invalid that we may all benefit. There is no URL involved on my part, Silj. I didn't do any surfing, just received an email in my OE from 'e-postcards.com', I believe. By now I have deleted it, twice, because after the first try it came right back, so that I had to delete it 'forever' in the deleted column. I simply don't have time for 'forbidden' surfing. Harry. > Harry, > Please cite the exact URL to which you refer. [quoted text clipped - 8 lines] > > Silj > There is no URL involved on my part, Silj. > I didn't do any surfing, just received an email in my OE from > 'e-postcards.com', I believe. > By now I have deleted it, twice, because after the first try it came right > back, so that I had to delete it 'forever' in the deleted column. > I simply don't have time for 'forbidden' surfing. A case of Safe Hex, Harry - if you receive //any// email from an unknown or untrusted source, delete it, regardless of the Privacy Policy of the site from where is purportedly originated. If you feel that OE has been Hijacked, follow these instructions. Download and run HijackThis; (http://aumha.org/downloads/hijackthis.zip) Read this Tutorial *before* first use; (http://www.bleepingcomputer.com/forums/index.php?showtutorial=42) Once done > run HijackThis > save a scan log and post it to /any/ of the following (expert) forums for analysis. *Note, registration is required prior to posting a log. - Not listed in any particular order - (http://aumha.net/viewforum.php?f=30) (http://www.spywarewarrior.com/viewforum.php?f=5) (http://www.bleepingcomputer.com/forums/forum22.html) (http://www.dslreports.com/forum/cleanup) (http://www.cybertechhelp.com/forums/forumdisplay.php?f=25) (http://www.atribune.org/forums/index.php?showforum=9) (http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html) (http://forums.spywareinfo.com/index.php?showforum=18) (http://forum.networktechs.com/forumdisplay.php?f=130) (http://forums.maddoktor2.com/index.php?showforum=17) (http://forums.techguy.org/f54-s.html) (http://forums.tomcoyote.org/index.php?showforum=27) (http://forums.subratam.org/index.php?showforum=7) (http://www.5starsupport.com/ipboard/index.php?showforum=18) (http://www.malwarebytes.org/forums/index.php?showforum=7) (http://www.wilderssecurity.com/forumdisplay.php?f=26) (http://makephpbb.com/phpbb/viewforum.php?f=2) (http://forums.techguy.org/54-security/) (http://forums.security-central.us/forumdisplay.php?f=13) (http://castlecops.com/forum67.html) (http://gladiator-antivirus.com/forum/index.php?showforum=170) Post back the URL where you posted your log, *not* the entire log. Good luck - watching thread :-) Silj Signaturesiljaline MS - MVP Windows (IE/OE) & Windows Security, AH-VSOP Security Tools Updates http://aumha.net/viewforum.php?f=31 Reply to group, as return address is invalid that we may all benefit. There is nothing out of the ordinary or suspicious looking in my scan from HijackThis, Silj and I don't feel that my OE has been "hijacked". Am glad to have come here for advice and received it from Dave. If I should need to go to the forum, I am signed up for it already, since I some time ago had my log examined and found to be clean. I do appreciate your involvement and thank you for it. Harry. > > There is no URL involved on my part, Silj. > > I didn't do any surfing, just received an email in my OE from [quoted text clipped - 23 lines] > (http://www.cybertechhelp.com/forums/forumdisplay.php?f=25) > (http://www.atribune.org/forums/index.php?showforum=9) (http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37. html) > (http://forums.spywareinfo.com/index.php?showforum=18) > (http://forum.networktechs.com/forumdisplay.php?f=130) [quoted text clipped - 16 lines] > > Silj >> There is no URL involved on my part, Silj. >> I didn't do any surfing, just received an email in my OE from [quoted text clipped - 8 lines] > > Download and run HijackThis; (from the author's website....his name is Merijn, btw. http://www.spywareinfo.com/~merijn/programs.php Do you wear 3 condoms at once, Silj?? This whole shebang (no pun intended) was rather over the top!! He only got a flippin' email with an attachment he didn't open.......and you figure his browser got hijacked?? HELLO!!!! Methinks you had better take a course in how spyware and viruses work, etc. Heather.....ROFL!!!! <snip> > (from the author's website....his name is Merijn, btw. > http://www.spywareinfo.com/~merijn/programs.php AumHa Forums has Merijn's blessing to host HijackThis, Figgs. > Do you wear 3 condoms at once, Silj?? No comment. > This whole shebang (no pun intended) was rather over the top!! He only got a flippin' > email with an attachment he didn't open.......and you figure his browser got hijacked?? > HELLO!!!! Methinks you had better take a course in how spyware and viruses work, etc. I said that if Harry felt that *OE* had been Hijacked, he could run HijackThis, under no obligation. If he's deleted the file twice and it comes back, something is amiss and should be investigated. There is no harm in running a HijackThis log and posting it to an expert Forum for analysis to one of the sites already posted. That is all. Silj Signaturesiljaline MS - MVP Windows (IE/OE) & Windows Security, AH-VSOP Security Tools Updates http://aumha.net/viewforum.php?f=31 Reply to group, as return address is invalid that we may all benefit. > <snip> > > (from the author's website....his name is Merijn, btw. [quoted text clipped - 14 lines] > be investigated. There is no harm in running a HijackThis log and posting it to > an expert Forum for analysis to one of the sites already posted. A slight correction, Silj, after I deleted it in the deleted items box it didn't come back again. But there is no need to get excited about any of this, because it's part of the NG's business. Harry. > That is all. > > Silj > A slight correction, Silj, after I deleted it in the deleted items box it > didn't come back again. But there is no need to get excited about any of > this, because it's part of the NG's business. I wasn't excited, Harry - other than the outcome of your issue. This NGs business, *is* my business :-) Silj Signaturesiljaline MS - MVP Windows (IE/OE) & Windows Security, AH-VSOP Security Tools Updates http://aumha.net/viewforum.php?f=31 Reply to group, as return address is invalid that we may all benefit. >> A slight correction, Silj, after I deleted it in the deleted items box it >> didn't come back again. But there is no need to get excited about any of [quoted text clipped - 5 lines] > > Silj LOL > > A slight correction, Silj, after I deleted it in the deleted items box it > > didn't come back again. But there is no need to get excited about any of > > this, because it's part of the NG's business. > > I wasn't excited, Harry - other than the outcome of your issue. Wasn't referring to you either, Silj, I know *it* is your business. Always good to talk with you. Harry. > This NGs business, *is* my business :-) > > Silj |
Reply to this Message |
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.