flanks 50cc Newbie
Joined:
Monday, November 01, 2004
Posts: 5
Location:
Hampshire
United Kingdom
According to a few of you, I've sent out a virus of some kind. After checking both my pc's with Norton and McAfee, this virus seems not to have been generated by myself or from my mail accounts. Also, it only appears to have been sent to people who have used this site. Nobody else in my address books outside of this site or HOS has had any virus from me of any kind.
Thank you for bringing this to my attention, and the late night checking, and double checking. But better to be safe than sorry.
Severian 1000cc Pro Racer
Joined:
Saturday, October 30, 2004
Posts: 227
Location:
Ewloe
United Kingdom
the virus is called...... W32.Mota.B@mm.......being sent in an attachment called Britney[1].zip ......ive runa complete system scan and i cant find it, but it's definatly been logged into my norton, Mark help were has it gone ??????
Virus - Posted on 2004-12-07 13:06:17
bear 1300cc Superstar
Joined:
Friday, October 29, 2004
Posts: 5790
Location:
cumbria
United Kingdom
and the moral of this tale is dont open attachments ! first put it on a floppy and then scan the floppy with yer anti virus package
Virus - Posted on 2004-12-07 13:12:12
Roeby 1300cc Superstar
Joined:
Posts: 8884
Location:
Derbyshire
United Kingdom
I haven't had any such email but i must admit we have allsorts of anti virus stuff on our machine plus i have to agree with bear if u don't know where its from don't open it!!!!!!
I'm not asking Mark to do anything today sevs cos hes poorly.
Virus - Posted on 2004-12-07 13:14:30
Mark 1300cc Superstar
Joined:
Sunday, October 24, 2004
Posts: 761
Location:
Chesterfield
United Kingdom
Modern Virus have fake from addresses so the fact that it said it was from flanks does not mean it was flanks that sent it. All it means is that it is someone who has an email from flanks.
Someone does not have antivirus software on the pc or they have not updated it for a while. Suppose they have an email from sev and and email from flanks in their inbox, the virus will send a copy of itself to each of them with the from address of the other.
So sevs, flanks it is someone you know and probably not you.
A note to anyone who does not have antivirus software installed:
--------------------------------------------------------------------------
It is irresponsible, you will get a virus and you will not be aware of it until your isp complains or someone uses your online banking passwords to steal all your cash.
Get some software installed, a lot of it is free and very good there is no excuse.
You can get a very good, free antivirus package here: http://free.grisoft.com/doc/1
Mark
Virus - Posted on 2004-12-07 13:55:48
flanks 50cc Newbie
Joined:
Monday, November 01, 2004
Posts: 5
Location:
Hampshire
United Kingdom
I've sent several friends who have no connection to here or HOS, and my ducati club. None, and i'm talking 25+ people have had any problems, and all have mailed me back. These people appear in both my mail accounts i use. The only other people i have on msn apart from family are here, and only 1 person has my NTL from here. None of my family have had anything either.
So as Mark suggests, it's one of you, or somone you know outside of here which you have forwarded a mail from. If it was me, everyone else would have had this virus. Which is not the case.
Both my anti virus software programmes on all our home pcs, ( 2 desk tops 1 laptop) update daily after 1 hour of being online. And as said before, I use 2 differant softwares. Why, because i bought the laptop last week, and McAfee was free! Nice laptop mind.
As Mark says, if someone does not have anti virus on their compter, this is irresponsible As viruses are very common. And i would suggest it is this person.
Mark, thanks for you're comments, you being an IT techie helps confirms what I knew already, and that it was not me.
Virus - Posted on 2004-12-07 14:18:50
flanks 50cc Newbie
Joined:
Monday, November 01, 2004
Posts: 5
Location:
Hampshire
United Kingdom
Oh, just found out it was only 1 person! Severian. Funny, you've been removed from my msn for 2 months, and you've no entry on my system. And I don't have any mails from anyone with you're name on it.
Virus - Posted on 2004-12-07 18:30:14
the_ox 1300cc Superstar
Joined:
Saturday, October 30, 2004
Posts: 8803
Location:
London
United Kingdom
Yo dude, soz about the call last night but i thought u should know, and as i said i doubted it was you in anycase.
Got to meet up again soon, tc m8
oxo
Virus - Posted on 2004-12-07 20:23:14
Severian 1000cc Pro Racer
Joined:
Saturday, October 30, 2004
Posts: 227
Location:
Ewloe
United Kingdom
right well befor you all jump on 'WE HATE SEVS' band wagon..... 1 that email appears to have come from flanks, 2 if you now recieve an attatchment by the name of what i mentioned above, DONT OPEN IT!!! 3 my norton is also updated everyday and i manually update ever week or so. 4 and that virus only appeared from opening that attatchment, and there is no point saying 'dont open it if you dont know who its from' cos it looks like it came from flanks and im not aware flanks would want to send a virus to me, so i didnt see a problem with opening it. it didnt exactly say 'THIS WASNT SENT BY FLANKS ITS ACTUALLY A VIRUS DONT OPEN IT'.... so flanks and the rest of you think befor you send me abusive nails about it, i only mentioned it to the rest of chat in case it found its way to your computers. Enough of the fucking asbuse everytime i feel it something worthy of a mention.
Virus - Posted on 2004-12-07 21:28:36
Severian 1000cc Pro Racer
Joined:
Saturday, October 30, 2004
Posts: 227
Location:
Ewloe
United Kingdom
im not having a go at any of you for that, im having a go becuase ive just recieved a few abusive pritvae messages about it. WHY THE HELL DOES WARNING SOME OF YOU ABOUT A VIRUS WARRENT THAT YOU SEND ME FUCKING ABUSIVE MESSAGES!!!! enough if youve got something you dont like about me keep it to yourself , if i could tell you all why im always so upset youd be shocked and appalled at some of you behavior. the rest of you, thanks for being good friends through some of this. the rest of you think befor you start bad mouthing me!!!
Virus - Posted on 2004-12-07 21:37:40
bear 1300cc Superstar
Joined:
Friday, October 29, 2004
Posts: 5790
Location:
cumbria
United Kingdom
sending people abusive messages isnt gonna help any situation. as i understand it sev received an email supposedly from flanks . as mark has stated it dosnt have to actually come from the person stated but if you recieve an email from someone you know plenty of people will open the attachement . all sev did was warn people in the room that she recieved a virus and whos name was on the address and indeed asked ox to phone flanks to warn him. that seemed pretty reasonable to me.in fact i would want to know just in case something was wrong with my system, calling people names and the like isnt on, she was not out to blacken anyones name. fuck it if i got an email from someone i knew i would probably open an attachement and i'm around computers pretty much every day. and what if it had been a virus on yer system would you not want to know?would you have a go at one of yer mates if he made the same assumption? feel free to comment
Virus - Posted on 2004-12-08 06:53:14
scunjee 1300cc Superstar
Joined:
Saturday, October 30, 2004
Posts: 2035
Location:
them haggis are slippery wee critters
United Kingdom
sevs hun.....i was straight and sober last night, and i distinctly remember advising you to chill, afterall its only a virus....no big deal
now i'm asking u again to chill and stop making issues where none exist
Virus - Posted on 2004-12-08 11:21:37
Roeby 1300cc Superstar
Joined:
Posts: 8884
Location:
Derbyshire
United Kingdom
bloody hell scunje just noticed the time u posted your last reply lol 6.55am i was still tucked up in bed lol
and sevs i have to say i was wondering how u took this thread as a "get at sevs" thing it isn't at all and as for getting private messages maybe its not what u say but how u say it?
Virus - Posted on 2004-12-08 11:33:36
scunjee 1300cc Superstar
Joined:
Saturday, October 30, 2004
Posts: 2035
Location:
them haggis are slippery wee critters
United Kingdom
early flight this morning....got up, prepped aircraft only to hear the *&^%$£*** flight was cancelled
Virus - Posted on 2004-12-08 11:48:41
Roeby 1300cc Superstar
Joined:
Posts: 8884
Location:
Derbyshire
United Kingdom
opps bet u was a happy bunny then scunjee lol
Virus - Posted on 2004-12-08 13:19:47
bear 1300cc Superstar
Joined:
Friday, October 29, 2004
Posts: 5790
Location:
cumbria
United Kingdom
Home / Viruses / Virus Encyclopedia / Malware Descriptions / Network Worms / Email Worms
I-Worm.Mabutu.a
Aliases
I-Worm.Mabutu.a (Kaspersky Lab) is also known as: W32/Mabutu.a@MM (McAfee), W32.Mota.B@mm (Symantec), Win32.HLLM.Mabutu (Doctor Web), W32/Mabutu-A (Sophos), Win32/Mabutu.A@mm (RAV), Worm/Mabutu.A (H+BEDV), W32/Mabuto.B@mm (FRISK), Win32:Mabutu-Dll (ALWIL), I-Worm/Mabutu.A (Grisoft), Win32.Mabutu.B@mm (SOFTWIN), Worm.Mabutu.A.3 (ClamAV), W32/Mabutu.A.worm (Panda), Win32/Mabutu.A (Eset) Behavior Email Worm
Technical Details
This worm spreads via the Internet as an attachment to infected messages. It sends messages to all email addresses harvested from the victim computer.
The worm itself is a Windows PE EXE file approximately 33KB in size, packed using UPX. The unpacked file is approximately 65KB in size.
The worm contains a backdoor, which receives commands via IRC channels.
Installation
During installation the worm copies itself as ".exe" to the Windows root directory, for example:
C:\%windir%\.exe
It also creates the following files in the Windows root directory:
C:\%windir%\.dll
C:\%windir%\cfg.dat
Then the worm registers the .dll file it has created in the system registry as a key to enable auto-run:
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
'winupdt' = "RUNDLL32.EXE %WinDir%\.dll"
Propagation via email
The worm scans MS Windows address books for email addresses, and all files with the following extensions:
.htm
.html
.txt
.wab
Messages are not sent to addresses containing the following text strings:
abuse
admin
anyone
Avp
bitdef
confirm
contact
eeye
info
kaspers
mailer
mailing
microsoft
nai.c
neohapsis
news
nobody
noone
nothing
ntbugtraq
panda
postmaster
register
secunia
secur
service
somebody
someone
sopho
spam
subscription
support
syman
trendmicro
virus
webmaster
where
The worm establishes a direct connection to the recipient's SMTP server in order to send messages.
Infected messages
Message subject (chosen from the list below):
britney.jpg
creme_de_gruyere.jpg
details
document
Fetishes
gutted
Hello
Hi
I'm in love
I'm nude
Important
jenifer.jpg
message
Ok cunt
photo.jpg
Sex
Wet girls
The attachment may have one or more extensions from the following list:
.scr
.txt
.zip
Remote Administration
Mabutu.a makes it possible for a malicious remote user to receive information harvested from the victim machine via IRC channels.
The worm opens TCP port 6667 on the victim machine in order to establish a connection to one of the following IRC servers:
amsterdam.nl.eu.undernet.org
amsterdam2.nl.eu.undernet.org
ann-arbor.mi.us.undernet.org
arlington.va.us.undernet.org
atlanta.ga.us.undernet.org
auckland.nz.undernet.org
austin.tx.us.undernet.org
baltimore.md.us.undernet.org
brussels.be.eu.undernet.org
caen.fr.eu.undernet.org
chat1.voila.fr
dallas.tx.us.undernet.org
diemen.nl.eu.undernet.org
flanders.be.eu.undernet.org
graz.at.eu.undernet.org
haarlem.nl.eu.undernet.org
lasvegas.nv.us.undernet.org
london.uk.eu.undernet.org
los-angeles.ca.us.undernet.org
lulea.se.eu.undernet.org
manhattan.ks.us.undernet.org
mclean.va.us.undernet.org
mesa.az.us.undernet.org
montreal.qu.ca.undernet.org
moscow.ru.eu.undernet.org
newbrunswick.nj.us.undernet.org
newyork.ny.us.undernet.org
oslo.no.eu.undernet.org
phoenix.az.us.undernet.org
plano.tx.us.undernet.org
quebec.qu.ca.undernet.orggraz2.at.eu.undernet.org
saltlake.ut.us.undernet.org
stockholm.se.eu.undernet.org
surrey.uk.eu.undernet.org
toronto.on.ca.undernet.org
vancouver.bc.ca.undernet.org
washington.dc.us.undernet.org
right that is a full description of the virus. It seems to me that there is no-one at fault here, shit happens, i personally would want to be told if someone recieved an email supposedly from me that contained a virus, i also agree with mike that norton and mcafee are both crap (there are times when niether of them would recognise a virus if the thing bit them on the arse).hopefully the above info will enable sev to find the virus alternativly sev download avg from www.grisoft.com. its free. and pretty effective.
Virus - Posted on 2004-12-07 07:33:38
1 
Virus - Posted on 2004-12-07 12:11:38
Virus - Posted on 2004-12-07 13:06:17
Virus - Posted on 2004-12-07 20:23:14
Virus - Posted on 2004-12-07 21:37:40
