[email protected] virus

  bamfiesler 09:24 04 Jun 2003

This thing arrived last night via e-mail. I tired to open an attachment (sucker) then realised what was going on when it wouldn't open. Ran NAV which then found the above. NAV couldn't repair it, and SYmantec would accept the file, so I had to delete it from Quarantine.

Two things: How do I get hold of, and re-install the mscvb32.exe file this thing infected? And why did NAV not catch this. My last Update was around Thursday.


  TECHNODIMWIT 09:46 04 Jun 2003

click here

is NAV set to auto download, mine has updated 3 times in the last week, pos a fresh update of NAV
may help as well


as technodimwit says NAV would have caught it if you had the latest updates, they have prepared a tool to repair the damage for the few who have been caught out, at the end of the day there are always going to be a few people who get caught out before the new definitions get written. theres no substitute for being careful about what you open.

  bamfiesler 10:17 04 Jun 2003

Thanks, TechnoD

All traces removed. From what I gather, this thing was only identified on 31/5. My defs were three days out! Lesson learned.

What about rstoring th mscvb32.exe file that got binned along with the virus? Isn't there a Mircosoft site that lets u pull these things, or will I have to reinstall from Disk?

  bamfiesler 11:28 04 Jun 2003

sorry, I'm being thick. mscvb32.exe is created by th virus, right?

  iscanut 13:10 04 Jun 2003

I have been getting this infected email every day for past two weeks. Norton AV identifies and deletes it automatically. However, my ISP has asked for details of all the headers etc ion order that they may investigate so how do i get at this before NAV deletes the infected mail ?

  TECHNODIMWIT 17:22 04 Jun 2003

no trace on google, i think you could bve right, that the virus created it, i`ve checked my winME install disc, its not on there.


nuts, have you tried clicing on properties before trying to open the mail, could be the information you want.

  TECHNODIMWIT 17:27 04 Jun 2003

norton has just updated for the second time today


  bamfiesler 19:26 04 Jun 2003

Thanx guys!

  bamfiesler 19:28 04 Jun 2003


This thing propagates thru e-addresses, so I wish your ISP the best of luck in tracking it!

  Zak 19:38 04 Jun 2003

Since yesterday I have had 3 Mail delivery failed: returning message to sender messages.

During times messages were supposedly sent my PC was closed down.

The file attachments are document.pif; documents.pif; The subject being screensaver and application.

All 3 supposedly sent e-mails were to @hotmail addresses, all different. None of these addresses are known to me nor are they in my address book.

Below is part of the message received:

"This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

This message has been rejected because it has
an apparently executable attachment "document.pif"
This is a virus prevention measure.
If you meant to send this file then please
package it up as a zip file and resend it.

------ This is a copy of the message, including all the headers. ------
------ The body of the message is 77010 characters long; only the first
------ 65536 or so are included here."

I have virus checked my PC and it is clean. I have also found on McAfee AVERT that this virus can make up a fictitious sender, whose PC is not infected.

"Note: This variant spoofs, or forges, the from address. Therefore the perceived sender is likely not a pointer to the infected user."

bamfiesler, mscvb32.exe is created by this virus -see McAfee AVERT

click here

Anyone else have similar experience?

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

AMD Radeon Adrenalin release date, new features, compatible graphics cards

Inside the iMac Pro - Apple's most powerful Mac yet

iMac Pro release date, UK price & specs

Comment nettoyer Windows et optimiser son PC gratuitement ?