[Micronet] "Navidad" or Barcode icon = Virus? = YES

From: David JL Rieger (drieger@olac.berkeley.edu)
Date: Thu Nov 09 2000 - 10:26:45 PST

Next message: Nancy Lin: "[Micronet] Solaris 8 CD?"

Previous message: Shannon Thorn: "Re: [Micronet] "Navidad" or Barcode icon = Virus?"
In reply to: Shannon Thorn: "Re: [Micronet] "Navidad" or Barcode icon = Virus?"
Next in thread: Graham A. Patterson: "Re: [Micronet] "Navidad" or Barcode icon = Virus? = YES"
Reply: Graham A. Patterson: "Re: [Micronet] "Navidad" or Barcode icon = Virus? = YES"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Good Day People,

Shannon and Roger hit it on the head with this virus. This is a virus
that, as of yet, is not part of the DAT's (VirusScanNT). The DAT's for
this virus will be released "11/15/2000."

Therefore, beware and be sure to educate your friends, colleagues and users.

All thanks for the replies and your time.

Cordially,

David

At 09:05 AM 11/8/2000 -0800, you wrote:
>Hello,
>
>Perhaps this is the one?
>
>http://vil.nai.com/vil/dispvirus.asp?virus_k=98881
>
>Thanks for the heads up!
>
>Shannon
>
>
>At 07:57 AM 11/8/00 -0800, David JL Rieger wrote:
>>Good Day,
>>
>>I have a user who opened an attachment on her computer that, he reports
>>(this is a home box), launched a button in Spanish saying something to
>>the effect "do not push the dos button". They had an eyeball icon on the
>>attachment (they're using Eudora). Three things then happened.
>>
>>1.) They received a "gray box" message from our computer saying that it
>>could not access our applications, because it could not find the
>>"winsvrc.exe" file
>>2.) An eyeball icon appeared in the bottom righthand corner of the screen
>>3.) They saw the Spanish language message.
>>
>>They cannot access their applications. They can still access their web
>>however. They, however, continue to get the "gray box" message.
>>
>>I had the user check their attachment directory to see what files were
>>recently received there and I was told there is a "navidad" file as well
>>as a file that appears iconographically as a bar-code.
>>
>>All my searches with anti-virus intelligence sources has not come up with
>>anything but this email originated in Morocco via France. Has any body
>>heard of something like this? Or could this be something new or
>>something isolated that unintendedly had these consequences?
>>
>>Thank you for your input.
>>
>>Best Regards,
>>
>>David Rieger
>>
>>
>>------------------------------------------------------------------------
>>The following was automatically added to this message by the list server:
>>
>>For information about Micronet, its meetings and events, and its
>>mailing list, including information on subscribing and unsubscribing,
>>see the Micronet Web site at <URL:http://wss.berkeley.edu/micronet/>.
>

------------------------------------------------------------------------
The following was automatically added to this message by the list server:

For information about Micronet, its meetings and events, and its
mailing list, including information on subscribing and unsubscribing,
see the Micronet Web site at <URL:http://wss.berkeley.edu/micronet/>.

Next message: Nancy Lin: "[Micronet] Solaris 8 CD?"
Previous message: Shannon Thorn: "Re: [Micronet] "Navidad" or Barcode icon = Virus?"
In reply to: Shannon Thorn: "Re: [Micronet] "Navidad" or Barcode icon = Virus?"
Next in thread: Graham A. Patterson: "Re: [Micronet] "Navidad" or Barcode icon = Virus? = YES"
Reply: Graham A. Patterson: "Re: [Micronet] "Navidad" or Barcode icon = Virus? = YES"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Thu Nov 09 2000 - 10:33:26 PST