Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.

W32.sircam.worm@mm

1K views 12 replies 3 participants last post by  tomlunt 
#1 ·
Hi everyone -

This problem is getting annoying. In the past 2 days i have received at least 15 e-mails from someone i don't know - all are infected with this virus:

W32.sircam.worm@mm

Thankfully my virus software is up to date and is catching it and putting the file in quarantine, where i delete it immediately.

How do i stop this idiot from sending this file to me? The actual e-mails are different - different subject lines, like "budget for your reveiw" and class reunion list update" and other hokey titles.

Any suggestions? I'm just sick of receiving these stupid viruses/ worms.

Tommy

PS - i'm also sick of running my virus software updates all the time.
 
#2 ·
well the first thing you do is block THAT SENDER in your e-mail program.

Do you have Ad-aware for spyware... if you don't you should get it. Spyware sends data to its home & often gets you on e-mail list of non desirable spam. It causes bogging of connections & freeze ups as well.

http://www.lavasoft.de
 
#3 ·
well that was easy. Thanks.

I must have missed that one - i know how add stuff to the adult senders list or junk mail list, but i missed the block sender info.

Thank you very much.

Tommy

PS - i do run adaware pretty frequently, at least once a week.
 
#4 ·
http://www.microsoft.com/windows/ie...urity/setup.asp

http://users.erols.com/rms2000/acctroj/howto.htm

http://www.business.uab.edu/security_setting.htm

Ad-Aware should be run daily as should the virus program
updating your Virus program should be done every 4 - 7 days
Check these out too
scripting needs to be disabled in internet optioned/advanced

another thing... goto start/run/type in msinfo32 click ok... then go to the (+) plus mark at Software Enviroment & then to startup ... then when you see the list go to Edit click Select All... then back to Edit & copy... come back here & paste it in here
 
#5 ·
SavvyLady -

Thanks for your help. I think i spoke too soon. It's very easy to block senders in Outook Express, not so easy in Outook (2000). Any suggestions?

Also, I'll check out your links and read up later this weekend. For now, I've got to run.

Thanks for your help.

Tom
 
#7 ·
Savvy Lady -

For what it's worth, I'm running WinXP home edition.

Here's the info you requested"
AdaptecDirectCD "c:\program files\adaptec\easy cd creator 5\directcd\directcd.exe" All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Billminder c:\quickenw\billmind.exe WENDY\Tom Lunt Startup
ctfmon.exe c:\windows\system32\ctfmon.exe WENDY\Tom Lunt HKU\S-1-5-21-1004336348-152049171-1957994488-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
desktop desktop.ini NT AUTHORITY\SYSTEM Startup
desktop desktop.ini WENDY\Tom Lunt Startup
desktop desktop.ini .DEFAULT Startup
desktop desktop.ini All Users Common Startup
Kodak Picture Easy 3.1 Batch Transfer c:\progra~1\kodak\pictur~1\program\pezdow~1.exe WENDY\Tom Lunt Startup
Microsoft Office c:\progra~1\msoffice\office10\osa.exe -b -l All Users Common Startup
MSMSGS "c:\program files\messenger\msmsgs.exe" /background WENDY\Tom Lunt HKU\S-1-5-21-1004336348-152049171-1957994488-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
NAV Agent c:\progra~1\norton~1\navapw32.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
PrinTray c:\windows\system32\spool\drivers\w32x86\3\printray.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Quicken Startup c:\quickenw\qwdlls.exe WENDY\Tom Lunt Startup
RealTray c:\program files\real\realplayer\realplay.exe systemboothideplayer All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SystemTray systray.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run


Tommy
 
#9 ·
Tom in looking over your startup I see nothing wrong except you have a few things in there you may not need. All this ... is running when you first bootup. Do you need it to be?

Example : Quicken & Real player.
 
#10 ·
If you want to streamline your startups in order to make your system maybe run a little more smoothly, you could remove Quicken, Billminder, Kodak Picture Easy, and MS Office from Startup, by deleting their entries from your startup folder.

You can start Quicken and Kodak manually through Start menu, and you really only need the MS Office entry, if you use the Office Shortcut Bar.

MSN Messenger and Real Tray can be disabled from startup through editing their respective Options.
With Real Tray, you need to go to View/Preferences/Start Center/Settings, and remove the check mark there.

Good luck,
 
#13 ·
Thank you to everyone -

I have blocked this sender in OUtlook Express and apparently he somehow got the word - no messages in 36 hours.

I'll make sure my security systems are kept up and I'll run adaware regularily (not to mention keeping my antivirus definitions up to date).

Thanks to all that helped.

Tom
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top