Re: [MV] Another Virus? YES - DO NOT OPEN ATTACHMENT!

From: Colin Stevens (colin@pacdat.net)
Date: Sat Apr 21 2001 - 21:28:00 PDT


It is a virus. DO NOT OPEN attachment! It takes control of your PC and sends
messages out without you knowing or telling it to! The following is NOT
expert advice (but I hope it is all correct). From a victim and unwitting
carrier. I was hit - and hit hard. My apologies to those who caught it from
my machine. I shut down as fast as I could and stayed off-line and off-list
for days until I was sure I had cleared it.

DANGER: The infected messages can come from someone YOU KNOW, and they
probably are not even aware of it or even if they realize it, they can't
stop it. It can come as multiple messages (One MV list colleague in Italy
got at least 11 from my machine!) If one is on a high speed connection, it
all happens faster! Scary!!!!

Clues:

1. WARNING SIGN IS THE FOLLOWING MESSAGE AT THE BOTTOM OF AN INFECTED
MESSAGE saying: "Take a look to the attachment" - Note that it is poor
English and says "look TO" not "look AT"
2. Messages start appearing in your OUTBOX and you know you did not create
any!
3. Files are found in your system with ".pif" ending (can appear after an
apparent normal address like s3msong.MP3.pif (looks like a music file but is
not), card.pif
4. Files are found in your system with mtx.exe, files with 'matrix'
something.
5. Virus will not let you go to most anti-virus sites!
6. Files in your system such as IE_PACK.EXE and MTX_.EXE

The web site http://www.kav.ch/avpve/worms/email/mtx.stm lists warnings of
titles that this virus sends out. 32 of them!!!! (Another anti virus site
only listed 8 of these). These are titles of messages that change to make it
harder for people to spot them.

An up to date Norton Anti-Virus 2000 should find it. Other up to date
anti-virus programs should find and block it as well. You SHOULD have up to
date virus detection - mine was not updated since I bought my PC last
Fall... I now know better. The above virus is a new one first found in
September 2000. I had saved and scanned the message I believe that infected
my system and it was not detected. (An analogy - Used a condom, but it had
been in the wallet too long!)

I can't say for sure which one it is, but it SEEMED to be both W95.MTX and
W32 Badtrans.13312 @ mm (I added some in the file name, otherwise the
computer thinks it is a hyper link!) Fix tools available on the web: e.g.
for W95.MTX at
http://www.symantec.com/avcenter/venc/data/w95.mtx.fix.tool.html )

CAUTION: I have often read that one should go to official anti-virus web
sites to get the fixes and to find out the truth about various type of virus
(virii in plural?). There are many hoax virus (i.e. the rumour is there but
no real virus) and these official web sites for Symantec, McAfee etc. help
to identify the fake virus as well as the real one.

To fix it:

1. Got to http://www.symantic.com/avcenter or other anti-virus sites.
2. Update your anti-virus program and run a full check of all of your
drives.

Good luck.

Compulsory MV content:
Today I got a lead on a WWII keep sitting in a backyard, and found a 1968
M38A1CDN2 jeep - all original, just a bit tired looking. It even had the
submachinegun holding bracket, FNC1A1 rifle holding bracket, base for the
7.62 medium machine gun (GPMG C1) "Z" arm mount (not the mount itself, just
the base, the antenna bracket over the spare tire, all the original
markings, data plates and peeling paint job, and deteriorating canvas. I
actually passed this one going the opposite direction on Friday when
driving my 44 MB to the gunshow, and then spotted it parked on a side street
where I normally never go. Tomorow when the gun show is over, I hope to hook
up Ian Newby's newly restored 1942 6 Pounder anti-tank gun (57 mm to our
American friends) to my Willys MB for a photo session. Andy Hill towed it to
the gun show behind one of Ian Newby's ex-USMC HUMVEEs.

Colin Macgregor Stevens

NOTE: I lost about 100 messages between 2001 APR 10-15 due to a server
problem and the virus/worm. If you sent me a message during that time that
was not answered, please resend it. Thanks.

PS - My Anti-virus detected a message tonight of the same virus trying to
reinfest my machine from an outside source.

MVPA Member 954 (since 1977)
Editor: "Maple Leaf Up!" newsletter & Webmaster
of Western Command Military Vehicle Historical Society
(Established 1977)
Pitt Meadows (East of Vancouver but not beyond Hope)
British Columbia, CANADA
Owner of:
1944 Willys MB jeep (ex-Norway)
1942 BSA airborne bicycles (2)
Personal web site: http://bcoy1cpb.pacdat.net
E-mail: colin@pacdat.net
Club web site: http://www.westerncommand.com

=====================================================

----- Original Message -----
From: "John A. Hern Jr" <hern@nidlink.com>
To: "Military Vehicles Mailing List" <mil-veh@mil-veh.org>
Sent: Saturday, April 21, 2001 10:57 AM
Subject: [MV] Another Virus?

> I sent two email to the list, and got back two replys from
>
> "Jeanne Lacourse" <cckw@mediaone.net
>
> Both said nothing, except "look at this attachment". Needless to say, I
> didn't open them.
>
> What's going on?
>
> John



This archive was generated by hypermail 2b29 : Tue May 01 2001 - 07:42:41 PDT