[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] .scr file name a virus?

Subject: [ale] .scr file name a virus?
From: irvm at ellijay.com (Irv Mullins)
Date: Wed, 12 Jun 2002 07:28:57 -0400

On Tuesday 11 June 2002 09:44 pm, you wrote:
> I just got an email from some one I know that had a multi-part mime junk
> in it. The end was a large block that started off:
>
> Content-Type: audio/x-wav; name=%B %d,.scr
> Content-Transfer-Encoding: base64
> Content-ID: <Jm3lDq06>
>
> then the encoded crap started.
>
> Is .scr an auto-execute file ending for M$?  I don't do enough M$ these
> days to really know.

.scr is just an .exe by another name. 
If you got three files, the second one zero bytes long, then this is 
probably the Klez virus. You can look at the first  or third files using 
khexedit, and see what's in 'em.  First has always been an exe, third 
is picked at random from the victim's hard drive.

I have received jpg's, html, and a "confidential' financial report as 
the third part in various ones I've looked at.

Regards,
Irv

---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.

Prev by Date: [ale] PDAs and Linux
Next by Date: [ale] PDAs and Linux
Previous by thread: [ale] .scr file name a virus?
Next by thread: [ale] .scr file name a virus?
Index(es):
- Date
- Thread