Thoughts REQUIREMENT: - Means of detecting and removing the current PICList virus problem. - Someone with more time than I have at present to do the necessary groundwork SUMMARY It *SEEMS* from what I see that 1. Many senders appear to be PICList members so odds are that the affected people are PICList members. 2. A virus seems to have been introduced by one or more list members. 3. The virus has been sent to many list members, probably NOT via the list originally. 4. Some members appear to have been affected and are now resending the viruses to other members 5. The apparent sender from the visible address is almost certainly NOT the real sender. ("sender" name is probably chosen from the address book. 6. A number of messages have .BR codes in their transit addresses in the headers suggesting that some at least are coming from Brazil. 7. If someone took it on themselves to analyse all headers we MAY get a clearer picture of the main infection source(s) 8 I run NAV which is kept up to date AFAIK, but it has allowed a number of these viruses into my mailboxes 9 I had a problem some days ago which MAY have been caused by an undetected virus infection - I fixed it by other means without detecting a virus. Subsequent a year or so old bugbear disinfector did not find any virus. 10 A file size of 72,192 MAY be a virus signature but is a not uncommon size (141 x 512). (eg - based on directory snapshots, I had 40 odd files of that size on this PC in February, March & April) Anyone able to apply some time and effort to this? TIA Russell McMahon ----- Original Message ----- From: "Brendan Moran" To: Sent: Saturday, June 07, 2003 1:19 PM Subject: Re: [PICLIST] [ADMIN]:looks to me like we got a virus here. > Update: I now have 6 examples of this virus. > > All of the files sizes are 72,192 bytes. Just coincidence? I think not. > > Here are the mails: > > > Date: Thu, 05 Jun 2003 11:35:28 -0300 > From: Russell McMahon > Subject: [AVR]: Application Notes > Bcc: > Message-id: > MIME-version: 1.0 > Content-type: multipart/mixed; boundary=----------GHEBNMRGT5AZOC > Original-recipient: rfc822;annirack@SHAW.CA > X-OriginalArrivalTime: 05 Jun 2003 14:35:28.0064 (UTC) > FILETIME=[B55CFC00:01C32B6F] > > Extremely large albeit disordered list of Atmel / AVR / Electronic > application notes. > > http://www.atmel.com/atmel/acrobat/ > > Targeted at Atmel products but some material of gen > > Attached: AD5310.pdf1.src > > ======================================== > > Note: the pdf1 is generated by my email client appending a 1 to the file > name since there is a duplicate. > > ======================================== > > Date: Thu, 05 Jun 2003 11:37:50 -0300 > From: card_claud > Subject: [avrlistbr] Re: Config. do Timer > Bcc: > Message-id: > MIME-version: 1.0 > Content-type: multipart/mixed; boundary=----------G2TLDM9SDIN6M2 > Original-recipient: rfc822;annirack@shaw.ca > X-OriginalArrivalTime: 05 Jun 2003 14:37:50.0574 (UTC) > FILETIME=[0A4E48E0:01C32B70] > > > Ol=E1... > Parece que tah saindo alguma coisa, pelo menos no AvrStudio tah... > Bom fiz assim.... > > ;** Defini=E7=E3o do Timer Counter ** > > Attached: AD5310.pdf.scr > > ======================================== > > Date: Thu, 05 Jun 2003 13:39:03 -0300 > From: Bob Ammerman > Subject: Re: [PIC]: Data transfer from P16F877 to serial PC > Bcc: > Message-id: > MIME-version: 1.0 > Content-type: multipart/mixed; boundary=----------8NVJ17SLFU7QMF > Original-recipient: rfc822;annirack@shaw.ca > X-OriginalArrivalTime: 05 Jun 2003 16:39:03.0195 (UTC) > FILETIME=[F9202EB0:01C32B80] > > Check TXIF if you are sending more bytes. This way a new byte will be queued > before the last one has been completely sent out. > > Check TRMT if you are waiting for the transmitter to be done (for example > before turning off a line driver). > > Bob Ammerman > RAm Systems > > ----- Original Message ----- > From: "Rick Regan" > To: > Sent: Wednesday, April 30, 2003 8:31 AM > Subject: Re: [PIC]: Data transfer from P16F877 to serial PC > > Attached: 1 log_bio.WMF.scr > > ======================================== > > Date: Thu, 05 Jun 2003 13:39:03 -0300 > From: Bob Ammerman > Subject: Re: [PIC]: Data transfer from P16F877 to serial PC > Bcc: > Message-id: > MIME-version: 1.0 > Content-type: multipart/mixed; boundary=----------8NVJ17SLFU7QMF > Original-recipient: rfc822;annirack@SHAW.CA > X-OriginalArrivalTime: 05 Jun 2003 16:39:03.0195 (UTC) > FILETIME=[F9202EB0:01C32B80] > > Check TXIF if you are sending more bytes. This way a new byte will be queued > before the last one has been completely sent out. > > Check TRMT if you are waiting for the transmitter to be done (for example > before turning off a line driver). > > Bob Ammerman > RAm Systems > > ----- Original Message ----- > From: "Rick Regan" > To: > Sent: Wednesday, April 30, 2003 8:31 AM > Subject: Re: [PIC]: Data transfer from P16F877 to serial PC > > Attached: 1 log_bio.WMF1.scr > > ======================================== > > Note: the WMF1 is generated by my email client appending a 1 to the file > name since there is a duplicate. > > ======================================== > > Date: Thu, 05 Jun 2003 13:57:49 -0300 (BRT) > From: "Richard Dean " > Subject: [CelularTech] PKD-1 > To: undisclosed-recipients: ; > Message-id: <20030605165749.EBEC326301@mx.sascar.com.br> > MIME-version: 1.0 > Content-type: multipart/mixed; boundary=----------8OKBNU906F3GVZ > Original-recipient: rfc822;annirack@SHAW.CA > > Ainda tenho 1 Pkd-1 quem interessar, mande mail, por que depois NAO=20 > VAI TER MAIS... > []s > > MacGyver > escrebvam em Privado para > macgyver@supersul.com.br > > > ------------------------ Yahoo! Groups Spon > > Attached: AN2385.pdf.pif > > ======================================== > > Date: Fri, 06 Jun 2003 18:55:10 +0100 > From: Sandi Southard > Subject: Re: [dxp] A4 Size Paper AGAIN > Message-id: <200306061755.h56HtA4P017099@student.student.estg.ipleiria.pt> > MIME-version: 1.0 > Content-type: multipart/mixed; boundary=----------8DHIX0YGU5V1EI > X-Authentication-warning: aedituus.iplei.pt: smap set sender to > using -f > Original-recipient: rfc822;annirack@SHAW.CA > > I too find this to be a problem. Templates don't do it. You have to start > with a blank schematic set to Letter/Ledger and then it will stick. > > -----Original Message----- > From: Tom Zagotta [mailto: > > Attached: 10 Nerv.mp3.exe > > ======================================== > > -- > http://www.piclist.com hint: PICList Posts must start with ONE topic: > [PIC]:,[SX]:,[AVR]: ->uP ONLY! [EE]:,[OT]: ->Other [BUY]:,[AD]: ->Ads > -- http://www.piclist.com hint: The list server can filter out subtopics (like ads or off topics) for you. See http://www.piclist.com/#topics