X-Sender: msgnanam@...
X-Apparently-To: agathiyar@yahoogroups.com
Received: (qmail 64374 invoked from network); 1 Sep 2003 08:12:10 -0000
Received: from unknown (66.218.66.217) by m1.grp.scd.yahoo.com with QMQP; 1 Sep 2003 08:12:10 -0000
Received: from unknown (HELO ipop3.tm.net.my) (202.188.0.247) by mta2.grp.scd.yahoo.com with SMTP; 1 Sep 2003 08:12:10 -0000
Received: from tm.net.my (imssd2-qfe1.secure.tmnet [192.168.3.57]) by ipop3.tm.net.my (iPlanet Messaging Server 5.1 HotFix 1.6 (built Oct 18 2002)) with ESMTP id <0HKJ00JC703AJ0@...> for agathiyar@yahoogroups.com; Mon, 01 Sep 2003 16:11:35 +0800 (SGT)
Received: from [192.168.1.54] by imss2.tm.net.my (mshttpd); Mon, 01 Sep 2003 16:11:34 +0800
Date: Mon, 01 Sep 2003 16:11:34 +0800
Subject: Re: [agathiyar] Sobig.F Virus - Complete Removal Tool
To: agathiyar@yahoogroups.com, jaybee@...
Message-id: <26c7ac268bb7.268bb726c7ac@...>
MIME-version: 1.0
X-Mailer: iPlanet Messenger Express 5.1 HotFix 1.9 (built Dec 3 2002)
Content-type: text/plain; charset=us-ascii
Content-language: en
Content-transfer-encoding: 7BIT
Content-disposition: inline
X-Accept-Language: en
From: msgnanam@...
X-Yahoo-Group-Post: member; u=22447202
X-Yahoo-Profile: masivagnanam2001
X-Yahoo-Message-Num: 26359
Dear doctor,
Looks like my email ID on tmnet has been hooked by someone. I keep
receiving dirty mails in my inbox from my own email ID. I am unable to
open my emails through outlook express. I do not know if it is already
corrupted by virus. I am opening my in box from webmail.tm.net.my
Please remove my email ID msgnanam@... from agthiyar's mail list.
I receive agathiyar mail in my hotmail account.
So please remove my tm.net.my email ID so that I will scan my machine.
Thanks for this help.
anbudan,
Sivagnanam
----- Original Message -----
From: jaybee
Date: Friday, August 29, 2003 6:59 pm
Subject: [agathiyar] Sobig.F Virus - Complete Removal Tool
>
> Dear Friends,
>
> I received this email thorugh one of the spiritual circles
> of which I am a member.
> I don't know much about this.
> May be somebody could verify this?
>
> Regards
>
> JayBee
>
> -----------------------Forwarded--------------
>
> Date: Thu, 28 Aug 2003 14:31:34 -0400
> Subject: Sobig.F Virus - Complete Removal Tool
>
> TuDogs Finds
>
> 1. Sobig.F Virus - Complete Removal Tool
> W32.Sobig.F@mm is a mass-mailing, network-aware worm that sends itself
> to all the email addresses it finds in files that have the following
> extensions: .dbx .eml .hlp .htm .html .mht .wab .txt. The worm uses
> its own SMTP engine to propagate and attempts to create a copy of
> itself on accessible network shares, but fails due to bugs in the
> code.
>
> The email message has the following characteristics: From:
> Spoofed address - which means that the sender in the From: field is
> most likely not the real sender. The worm may also use the address
> admin@... as the sender. The spoofed addresses and the Send
> To: addresses are both taken from the files found on the computer.
> Also, the worm may use the infected computer's settings to check for
> an SMTP server to contact. Proliferated emails have one of the
> following as their subject: Re: Details, Re: Approved, Re: Re: My
> details, Re: Thank you!, Re: That movie, Re: Wicked screensaver, Re:
> Your application, Thank you!, Your details.
>
> Sobig.f copies itself as %Windir%\winppr32.exe. %Windir% is a
> variable. The worm locates the Windows installation folder - by
> default, this is C:\Windows or C:\Winnt - and copies itself to that
> location. It creates the file, %Windir%\winstt32.dat., adds the value:
> TrayX=%Windir%\winppr32.exe /sinc to the registry key:
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run so
> that the worm runs when you start Windows. It adds the value:
> TrayX=%Windir%\winppr32.exe /sinc to the registry key:
> HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run so
> that the worm runs when you start Windows. It enumerates any network
> shares to which the infected computer has write access. It uses
> standard Windows APIs to do this.
>
> Sobig.F can download arbitrary files to an infected computer and
> execute them. The author of the worm has used this functionality to
> steal confidential system information and to set up spam relay servers
> on infected computers.
>
> The worm is set to expire on September 10th., and should be over
> thereafter. In the meantime, even if your regular anti-virus software
> has removed discovered virus files, one should run this tool as an
> extra precaution. Windows 95/98/Me/NT/2000/XP. Free. 172Kb. Found at
> http://www.tudogs.com/security.php
>
>
> ===================
>
>
> ------------------------ Yahoo! Groups Sponsor --------------------
> -~-->
> Buy Ink Cartridges or Refill Kits for Your HP, Epson, Canon or Lexmark
> Printer at Myinks.com. Free s/h on orders $50 or more to the US &
> Canada. http://www.c1tracking.com/l.asp?cid=5511
> http://us.click.yahoo.com/l.m7sD/LIdGAA/qnsNAA/XUWolB/TM
> -------------------------------------------------------------------
> --~->
>
> -------------------------------------------------------------------
> --------------
> For archives click
> http://groups.yahoo.com/group/agathiyar/messages
> -------------------------------------------------------------------
> --------------
>
>
>
>
>
>
> Your use of Yahoo! Groups is subject to
> http://docs.yahoo.com/info/terms/
>
>
>
