Re: New Virus?

From: Justin Gill (jdgill_at_gmail.com)
Date: 06/29/05

Next message: ChayoteMu: "Re: New Virus?"

Previous message: Alan Apperson: "Re: New Virus?"
In reply to: Hamish Stanaway: "New Virus?"
Next in thread: ChayoteMu: "Re: New Virus?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 28 Jun 2005 22:41:56 -0300
To: Hamish Stanaway <koremeltdown@hotmail.com>

I would run the .exe in question through the Virus Total Scanner.

Virustotal offers a free service for scanning suspicious files using
several antivirus engines.

http://www.virustotal.com

Good Luck!

On 6/27/05, Hamish Stanaway <koremeltdown@hotmail.com> wrote:
> Hey there everyone,
>
> I recieved a mysterious email this morning at 1728 GMT which had headers as
> follows:
>
> Return-path: <hamish1@voyager.co.nz>
> Envelope-to: hamish1@webhosting.net.nz
> Delivery-date: Tue, 28 Jun 2005 05:22:44 +1200
> Received: from [217.125.252.60] (helo=david.org)
> by fearless.absolutewebhosting.biz with smtp (Exim 4.24)
> id 1DmxJg-0003ou-Rg
> for hamish1@webhosting.net.nz; Tue, 28 Jun 2005 05:22:41 +1200
> Date: Mon, 27 Jun 2005 19:20:42 +0100
> To: "Hamish" <hamish1@webhosting.net.nz>
> From: "Hamish" <hamish1@voyager.co.nz>
> Subject: The picture is sent on SMS
> Message-ID: <pvkpnopcnwraqblcgfg@webhosting.net.nz>
> MIME-Version: 1.0
> Content-Type: multipart/mixed;
> boundary="--------hukvuvgobciyuhmojdug"
>
> -------------------- END SNIP-----------------------
>
> As you can guess, I'm hamish1@webhosting.net.nz.
> This email contained no text, only an attachment called legs.zip, which
> Norton (fully updated to its' latest version and data files) did not detect
> any viruses in.
> Within the legs.zip file there is a file called ds-rwe.exe - this again was
> not detected as a virus.
> My girlfriend thought she would be smart and ran ds-rwe.exe, which gave me a
> memory overflow message for explorer.exe immidiately.
> Does anyone have any idea of what this might be, and also if it is a virus
> that has already been identified? If not, I am willing to pass it through to
> someone to take a look at in its' zip format.
> Otherwise if the effects cannot be reversed, I am afraid I will have to
> reformat this machine *sigh* NOT AGAIN :(
> Have a great day everyone and thanks in advance for your help.
>
>
> Kindest of regards,
>
> Hamish Stanaway, CEO
>
> Absolute Web Hosting / -= KoRe WoRkS =- Internet Security
> Auckland, New Zealand
>
> http://www.webhosting.net.nz
> http://www.buywebhosting.co.nz
> http://www.koreworks.com
>
>
>

-- 
Regards,
Justin Gill

Next message: ChayoteMu: "Re: New Virus?"

Previous message: Alan Apperson: "Re: New Virus?"
In reply to: Hamish Stanaway: "New Virus?"
Next in thread: ChayoteMu: "Re: New Virus?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]