body.scr - problem?

M

Mark Cassino

I just got an email from someone I don't know, with no text, just an
attachment called "body.scr."

I have Norton Anti Virus 2003 on my system. I scanned the attachment, and
NAV says it is not infected. My virus defs are up to date, but this is
obviously some sort of virus / worm / torjan / whatever, so it seems to be
something beyond NAV's abilities.

And idea what this virus is? I got burned a few years ago when NAV missed a
virus that later trashed my system, so while it seems to be competent
software, I don't place unwaivering faith in it.

Thanks in advance -

MCC
 
D

David H. Lipman

It "may" be the new "HOT" virus...
W32/Mydoom@MM - http://vil.nai.com/vil/content/v_100983.htm

If you saved the file, DON'T EXECUTE IT, but you can go to McAfee
http://www.mcafee.com/myapps/mfs/default.asp and perform an online scan of your platform
then report back your results. Otherwise just delete the email.

Dave



| I just got an email from someone I don't know, with no text, just an
| attachment called "body.scr."
|
| I have Norton Anti Virus 2003 on my system. I scanned the attachment, and
| NAV says it is not infected. My virus defs are up to date, but this is
| obviously some sort of virus / worm / torjan / whatever, so it seems to be
| something beyond NAV's abilities.
|
| And idea what this virus is? I got burned a few years ago when NAV missed a
| virus that later trashed my system, so while it seems to be competent
| software, I don't place unwaivering faith in it.
|
| Thanks in advance -
|
| MCC
|
|
 
P

Pepperoni

These things are often passed as screen savers, but are actually scrap
files. Windows always hides the true (.shs) file extension, so they can
actually be passed as anything. They are a notepad file, made executable by
the embedding of benign or malicious script using Object Linking and
Embedding (OLE).
http://www.pc-help.org/security/scrap.htm
http://www.computeruser.com/newstoday/99/11/01/news2.html
http://support.microsoft.com/default.aspx?scid=kb;EN-US;q138275
http://www.computeruser.com/news/00/06/20/news4.html
 
F

FromTheRafters

Mark Cassino said:
I just got an email from someone I don't know, with no text, just an
attachment called "body.scr."

I have Norton Anti Virus 2003 on my system. I scanned the attachment, and
NAV says it is not infected.
Click to expand...

Are you sure it didn't say "no viruses were found"?
That is a different thing entirely. Absence of evidence
is not evidence of absence.
My virus defs are up to date, but this is
obviously some sort of virus / worm / torjan / whatever, so it seems to be
something beyond NAV's abilities.
Click to expand...

It's new, and "up-to-date" is a relative thing.
W32/Mydoom@mm
And idea what this virus is? I got burned a few years ago when NAV missed a
virus that later trashed my system, so while it seems to be competent
software, I don't place unwaivering faith in it.
Click to expand...

This attitude should be for all AV software ~ none are 100% effective.
 
M

MCC

Thanks to the folks who replied...

After posting my first message, I checked email and got several messages
from mail servers either saying that I sent a message to an invalid email
address, or that my message was rejected due to having an infected
attachment. This obviously confirmed that my system is infected.

One of the error messages identified the attachment as being infected with
MIMAIL-Q.

I went to the Trend Microsystems site and did a web scan, and that detected
two variants of the MIMAIL virus in files in my attachments folder -
including the body.scr file. It id's these as MIMAIL-L and P.

I just pulled the wireless interface off the PC then, and dug up this old
laptop to use for web access. Symantec has not posted a fix for the
MIMAIL-Q (a few hours later than I needed it) so I put my primary desktop
back on line and am now following the directions to get rid of it (a full
system scan is in process.)

Many thanks -

MCC
 
M

Mark Cassino

MCC said:
I just pulled the wireless interface off the PC then, and dug up this old
laptop to use for web access. Symantec has not posted a fix for the
MIMAIL-Q (a few hours later than I needed it) so I put my primary desktop
back on line and am now following the directions to get rid of it (a full
system scan is in process.)
Click to expand...

Well, that should be that Symantec _has_ posted the fix... and it seems to
be working....

- MCC
 
F

FromTheRafters

MCC said:
Thanks to the folks who replied...

After posting my first message, I checked email and got several messages
from mail servers either saying that I sent a message to an invalid email
address, or that my message was rejected due to having an infected
attachment. This obviously confirmed that my system is infected.
Click to expand...

This may very well be, but I have heard that this one also
spoofs addresses so bounces are not necessarily an indication
of infection.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

NAV - What is "nae3.mme"? 1
New "upgrade from Microsoft" variant? 1
VIRUS QUESTION 11
NAV doesn't warn about infected email upon reception? 4
Virus? 1
Is NAV "Scan and Deliver" Fake? 9
NAV Corporate and WinXP Conflict 2
new doom varient? 3

Top