Democratic Underground Latest Greatest Lobby Journals Search Options Help Login
Google

What is this file name and what is it. Should I worry?

Printer-friendly format Printer-friendly format
Printer-friendly format Email this thread to a friend
Printer-friendly format Bookmark this thread
This topic is archived.
Home » Discuss » Topic Forums » Election Reform Donate to DU
 
Andy_Stephenson Donating Member (1000+ posts) Send PM | Profile | Ignore Sat Jan-29-05 01:42 PM
Original message
What is this file name and what is it. Should I worry?
Edited on Sat Jan-29-05 01:43 PM by Andy_Stephenson
upd02.scr
.scr file

Is this a virus?

Printer Friendly | Permalink |  | Top
BlueEyedSon Donating Member (1000+ posts) Send PM | Profile | Ignore Sat Jan-29-05 01:43 PM
Response to Original message
1. screensaver?
Printer Friendly | Permalink |  | Top
 
McKenzie Donating Member (1000+ posts) Send PM | Profile | Ignore Sat Jan-29-05 01:44 PM
Response to Original message
2. worm methinks
when did you get it and how?
Printer Friendly | Permalink |  | Top
 
Andy_Stephenson Donating Member (1000+ posts) Send PM | Profile | Ignore Sat Jan-29-05 01:48 PM
Response to Reply #2
10. it came from...
Printer Friendly | Permalink |  | Top
 
New Earth Donating Member (1000+ posts) Send PM | Profile | Ignore Sat Jan-29-05 01:49 PM
Response to Reply #10
11. OMG!
LOL

(of course not laughing at your misfortune of receiving the worm)
Printer Friendly | Permalink |  | Top
 
Andy_Stephenson Donating Member (1000+ posts) Send PM | Profile | Ignore Sat Jan-29-05 01:58 PM
Response to Reply #11
13. I did not install it of course...
yahoo detected a problem.
Printer Friendly | Permalink |  | Top
 
New Earth Donating Member (1000+ posts) Send PM | Profile | Ignore Sat Jan-29-05 02:03 PM
Response to Reply #13
14. i wonder if it was sent to the whole email mailing group or whatever
Edited on Sat Jan-29-05 02:03 PM by Faye
or if you were targeted individually :scared:
Printer Friendly | Permalink |  | Top
 
Boredtodeath Donating Member (1000+ posts) Send PM | Profile | Ignore Sat Jan-29-05 02:04 PM
Response to Reply #10
15. Far be it from me to defend Bev Harris, but....
in fairness, these worms use bogus (publicly available) email addresses to hide behind.

You should post the headers so we can find your culprit. The true FROM IP address will be in the headers.
Printer Friendly | Permalink |  | Top
 
Boredtodeath Donating Member (1000+ posts) Send PM | Profile | Ignore Sat Jan-29-05 02:12 PM
Response to Reply #15
17. Yahoo headers - how to get them
1. Open the email (NOT the attachment)

2. Once open, look above the Delete/Reply/Forward/Spam.... buttons, on the far right for a link to Full Headers, click it.

3. Once you have the headers open, copy ALL the Received information (that will give us the IP address paths).

4. Paste the Received info here.

Printer Friendly | Permalink |  | Top
 
Andy_Stephenson Donating Member (1000+ posts) Send PM | Profile | Ignore Sat Jan-29-05 02:32 PM
Response to Reply #15
19. Here it is
Edited on Sat Jan-29-05 02:34 PM by Andy_Stephenson
<69.140.106.155>
Return-Path: <bevharrismail@aol.com >
Received: from 69.140.106.155 (HELO ashok.com) (69.140.106.155) by mta198.mail.scd.yahoo.com with SMTP; Sat, 29 Jan 2005 10:46:16 -0800
Date: Sat, 29 Jan 2005 10:46:11 -0800
To: "Coppertop" <coppertop98125@yahoo.com >
From: "Bevharrismail" <Bevharrismail@aol.com >
Subject: Delivery service mail
Message-ID: <modhjnviiuwtjwidgqw@yahoo.com >
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="--------rwbdtjvfbnlydncwwbot"
Content-Length: 18732
Printer Friendly | Permalink |  | Top
 
Boredtodeath Donating Member (1000+ posts) Send PM | Profile | Ignore Sat Jan-29-05 02:53 PM
Response to Reply #19
20. That's the BRIEF header....I need the FULL header
and just the RECEIVED lines (there should be several).

Printer Friendly | Permalink |  | Top
 
Andy_Stephenson Donating Member (1000+ posts) Send PM | Profile | Ignore Sat Jan-29-05 03:02 PM
Response to Reply #20
21. When I click "Full headers" this is what I get
X-Apparently-To: coppertop98125@yahoo.com via 000.000.000.000; Sat, 29 Jan 2005 10:46:16 -0800
X-YahooFilteredBulk: 69.140.106.155
Authentication-Results: mta198.mail.scd.yahoo.com from=aol.com; domainkeys=neutral (no sig)
X-Originating-IP: <69.140.106.155>
Return-Path: <bevharrismail@aol.com >
Received: from 69.140.106.155 (HELO ashok.com) (69.140.106.155) by mta198.mail.scd.yahoo.com with SMTP; Sat, 29 Jan 2005 10:46:16 -0800
Date: Sat, 29 Jan 2005 10:46:11 -0800
To: "Coppertop" <coppertop98125@yahoo.com >
From: "Bevharrismail" <Bevharrismail@aol.com > Add to Address Book
Subject: Delivery service mail
Message-ID: <modhjnviiuwtjwidgqw@yahoo.com >
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="--------rwbdtjvfbnlydncwwbot"
Content-Length: 18732
Printer Friendly | Permalink |  | Top
 
Boredtodeath Donating Member (1000+ posts) Send PM | Profile | Ignore Sat Jan-29-05 03:10 PM
Response to Reply #21
22. Hmmm....well here's what I can get from that info
Your originating sender is inside the Comcast IP block of addresses:

Comcast Cable Communications, Inc. JUMPSTART-3 (NET-69-136-0-0-1)
69.136.0.0 - 69.143.255.255
Comcast Cable Communications, Inc DC15-NROCK1 (NET-69-140-0-0-1)
69.140.0.0 - 69.140.255.255

I don't think Comcast has any connection to AOL does it?
Printer Friendly | Permalink |  | Top
 
Andy_Stephenson Donating Member (1000+ posts) Send PM | Profile | Ignore Sat Jan-29-05 03:12 PM
Response to Reply #22
23. I believ Bev has
Edited on Sat Jan-29-05 03:12 PM by Andy_Stephenson
comcast HS internet at home now. Comcast is the provider. Hell I have comcast fer that matter.

AOL would interfacce with comcast...

Printer Friendly | Permalink |  | Top
 
Boredtodeath Donating Member (1000+ posts) Send PM | Profile | Ignore Sat Jan-29-05 03:23 PM
Response to Reply #23
24. Of course it INTERFACES
But the originating IP was a Comcast address. That's entirely different than "interfacing."

Only Comcast can tell you which user was on THAT IP (the last 3 digits) at THAT exact moment.

Write to abuse@comcast.net and see if you can get the information. I doubt they will give it to you without an attorney and a subpoena, but you can try. The most likely outcome will be that they take an abuse/spam complaint and you'll never hear from them again.

Printer Friendly | Permalink |  | Top
 
McKenzie Donating Member (1000+ posts) Send PM | Profile | Ignore Sat Jan-29-05 07:17 PM
Response to Reply #24
30. word of caution
it is simple to spoof an e-mail header...REALLY simple. Believe me, I know about this...so be careful about making any accusations. Any savvy virus sender will have spoofed the header. Anyway, it might be that the worm mailed out from an unsuspecting 'puter.
Printer Friendly | Permalink |  | Top
 
Boredtodeath Donating Member (1000+ posts) Send PM | Profile | Ignore Sat Jan-29-05 09:04 PM
Response to Reply #30
31. That's the original point I was trying to make
badly, evidently. ;-)

Printer Friendly | Permalink |  | Top
 
greatauntoftriplets Donating Member (1000+ posts) Send PM | Profile | Ignore Sat Jan-29-05 06:14 PM
Response to Reply #10
29. If she sent you a check....
I'd have it tested for anthrax.
Printer Friendly | Permalink |  | Top
 
Andy_Stephenson Donating Member (1000+ posts) Send PM | Profile | Ignore Sat Jan-29-05 01:45 PM
Response to Original message
3. This is what ie is
W32.Beagle.BA@mm
Printer Friendly | Permalink |  | Top
 
McKenzie Donating Member (1000+ posts) Send PM | Profile | Ignore Sat Jan-29-05 01:47 PM
Response to Reply #3
8. Yes, looks like you are hosting a worm
go to Symantec or another big AV vendor for a removal tool.

btw, post on the Computer Group if you need help.
Printer Friendly | Permalink |  | Top
 
Viva_La_Revolution Donating Member (1000+ posts) Send PM | Profile | Ignore Sat Jan-29-05 01:45 PM
Response to Original message
4. Google results...
Printer Friendly | Permalink |  | Top
 
Anarcho-Socialist Donating Member (1000+ posts) Send PM | Profile | Ignore Sat Jan-29-05 01:46 PM
Response to Original message
5. Yep, it's a worm
http://www.itweb.co.za/Sections/AARDVARK/Copy.asp?Story...

A new variant of the Bagle worm surfaced this morning and early security reports say it appears to be the year's most dangerous worm to date.

Two Bagle variants arrived in the last 24 hours, but only one appears to pose a real threat, says Justin Stanford, CEO of anti-virus vendor NOD32 South Africa

----snip---

A sample that NOD32 received from a client this morning carried the subject: "DELVERY FAILURE: User krzysztof.szubka" and carries the attachment: "upd02.scr".

Anti-virus vendor Symantec says it will issue a level two alert on the Bagle variant, adding that it has received reports from different countries, mostly from Europe and Asia.
Printer Friendly | Permalink |  | Top
 
New Earth Donating Member (1000+ posts) Send PM | Profile | Ignore Sat Jan-29-05 01:47 PM
Response to Reply #5
7. hey look
google's your friend too. heheheh
Printer Friendly | Permalink |  | Top
 
Anarcho-Socialist Donating Member (1000+ posts) Send PM | Profile | Ignore Sat Jan-29-05 01:48 PM
Response to Reply #7
9. hehehehe
:toast:
Printer Friendly | Permalink |  | Top
 
Andy_Stephenson Donating Member (1000+ posts) Send PM | Profile | Ignore Sat Jan-29-05 01:50 PM
Response to Reply #7
12. yes yes
yes

I sometimes forget.
Printer Friendly | Permalink |  | Top
 
KC21304 Donating Member (1000+ posts) Send PM | Profile | Ignore Sat Jan-29-05 02:11 PM
Response to Reply #5
16. I got something similiar last night. As long as I didn't open the
attachment am I okay ? I ran my Symantec virus scan and didn't find anything.
Printer Friendly | Permalink |  | Top
 
Anarcho-Socialist Donating Member (1000+ posts) Send PM | Profile | Ignore Sat Jan-29-05 02:30 PM
Response to Reply #16
18. As long as you keep your virus definitions updated, you should be fine
Printer Friendly | Permalink |  | Top
 
New Earth Donating Member (1000+ posts) Send PM | Profile | Ignore Sat Jan-29-05 01:47 PM
Response to Original message
6. here's some info on it
Printer Friendly | Permalink |  | Top
 
mod mom Donating Member (1000+ posts) Send PM | Profile | Ignore Sat Jan-29-05 03:25 PM
Response to Original message
25. Get an apple. You never have these problems and Steve Job
supports our ideals!
Printer Friendly | Permalink |  | Top
 
JunkYardDogg Donating Member (618 posts) Send PM | Profile | Ignore Sat Jan-29-05 03:33 PM
Response to Original message
26. It's a new variant just started this week
Your's is the 2nd posting on DU about it
That's OK
In April, Pest Patrol found "PC Anywhere" installed in my desktop PC and I never installed it
Remote access programs installed on your PC are a bad deal
Whenever you find an app or entry which you do not know what it is,
for example your firewall tells you an app is trying to access the'Net
Google it and you will find out what it is
There are a couple of Apps which you can get which give you a bunch of info on the processes on your computer
Right now I have a 30 day free version of Security Task Manager
it's really cool,
but I think after the 30 days I'll get WinTasks 5- it really gives you a lot of info on the running processes and has a direct connection to the liutilities library
Printer Friendly | Permalink |  | Top
 
torque Donating Member (167 posts) Send PM | Profile | Ignore Sat Jan-29-05 03:41 PM
Response to Original message
27. Windows executables
include *.exe, *.com, *.bat, *.scr, *.vbs and *.dll
Printer Friendly | Permalink |  | Top
 
harmonyguy Donating Member (589 posts) Send PM | Profile | Ignore Sat Jan-29-05 05:10 PM
Response to Original message
28. Know anyone in Rockville Maryland?????
The IP address 69.140.106.155 comes up as
pcp04417719pcs.nrockv01.md.comcast.net
which, although from comcast, appears to be from Rockville Maryland.
Unless Bev has moved recently....but, I don't think so.

More likely from someone who has both Bev's email and your email in their addressbook.

Sometimes these things pick an address to use as the 'from' line and then send to everyone else in the address book using THAT name.

HG

Printer Friendly | Permalink |  | Top
 
Needtodosomething Donating Member (12 posts) Send PM | Profile | Ignore Sat Jan-29-05 09:46 PM
Response to Original message
32. whether you believe bev or not
It is not likely her fault here. I frequently view websites like copvcia, whatreallyhappened, and infowars.com. All have complained in past of being hacked into and having false emails sent out. All have warned NOT to open these emails. And all have said the authorities were contacted, and guess what...nothing was done. Big surprise, huh? (choking on own sarcasm) Ask yourself, why would Bev be mailing you a file you don't even recognize? Don't want to sound paranoid folks, but if we believe democracy is being usurped, then the system is failing. And if it is failing the fascists will do anything in their power to keep from being exposed. Just be careful.
Printer Friendly | Permalink |  | Top
 
DU AdBot (1000+ posts) Click to send private message to this author Click to view 
this author's profile Click to add 
this author to your buddy list Click to add 
this author to your Ignore list Mon Sep 01st 2014, 07:51 PM
Response to Original message
Advertisements [?]
 Top

Home » Discuss » Topic Forums » Election Reform Donate to DU

Powered by DCForum+ Version 1.1 Copyright 1997-2002 DCScripts.com
Software has been extensively modified by the DU administrators


Important Notices: By participating on this discussion board, visitors agree to abide by the rules outlined on our Rules page. Messages posted on the Democratic Underground Discussion Forums are the opinions of the individuals who post them, and do not necessarily represent the opinions of Democratic Underground, LLC.

Home  |  Discussion Forums  |  Journals |  Store  |  Donate

About DU  |  Contact Us  |  Privacy Policy

Got a message for Democratic Underground? Click here to send us a message.

© 2001 - 2011 Democratic Underground, LLC