---- START NEW MESSAGE --- Received: from cherry.ease.lsoft.com [209.119.0.109] by dpmail10.doteasy.com with ESMTP (SMTPD32-8.05) id AEFB184600FA; Tue, 27 Jan 2004 23:04:27 -0800 Received: from PEAR.EASE.LSOFT.COM (209.119.0.19) by cherry.ease.lsoft.com (LSMTP for Digital Unix v1.1b) with SMTP id <17.00CC08E4@cherry.ease.lsoft.com>; Wed, 28 Jan 2004 2:04:20 -0500 Received: from MITVMA.MIT.EDU by MITVMA.MIT.EDU (LISTSERV-TCP/IP release 1.8e) with spool id 2406 for PICLIST@MITVMA.MIT.EDU; Wed, 28 Jan 2004 02:04:16 -0500 Received: from MITVMA (NJE origin SMTP@MITVMA) by MITVMA.MIT.EDU (LMail V1.2d/1.8d) with BSMTP id 0643; Wed, 28 Jan 2004 02:02:22 -0500 Received: from outbound1.mail.tds.net [216.170.230.91] by mitvma.mit.edu (IBM VM SMTP Level 430) via TCP with ESMTP ; Wed, 28 Jan 2004 02:02:21 EST X-Comment: mitvma.mit.edu: Mail was sent by outbound1.mail.tds.net Received: from whythis (host-69-21-64-145.69-21.unk.tds.net [69.21.64.145]) by outbound1.mail.tds.net (8.12.10/8.12.3) with SMTP id i0S72NH7028081 for ; Wed, 28 Jan 2004 01:02:23 -0600 (CST) References: <001601c3e4cc$baaa7360$0c0fa8c0@srts.co.uk> <005301c3e4d2$242fe6d0$0300a8c0@main> <200401272148.31491.picdude@narwani.org> X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Message-ID: <001001c3e56c$b0475780$91401545@whythis> Date: Wed, 28 Jan 2004 02:02:26 -0500 Reply-To: pic microcontroller discussion list Sender: pic microcontroller discussion list From: Denny Esterline Subject: Re: [EE:] PICLIST SPECIFIC VIRUS ALERT To: PICLIST@MITVMA.MIT.EDU Precedence: list X-RCPT-TO: Status: U X-UIDL: 371856039 Well, I got hit with it. First virus I've been infected with in two years. I knew my machine was acting funny yesterday (lots of disk access without anything running) but repeated scans with Norton revealed nothing. Even when I updated the virus defs, still nothing. Apparently this one can't be detected unless you run the virus scan from safe mode (at least in win98). I got really suspicious when I dialed the internet and the connection monitor showed me sending lots of data, hmmm... So a big sorry to anybody that might have received it from me. Here's a link to more info and removal instructions if you need them: http://www.symantec.com/avcenter/venc/data/w32.novarg.a@mm.html -Denny Wow, you guys are lucky, if you got only a half-dozen ... I got over 200 yesterday, and over 900 today!!! All have a readme.zip file, and I'm on dial-up .... arrrggghhh! Apparently this new virus (Novarg, I believe?) was discovered yesterday, speads itself via email, and will allegedly record keystrokes. Most interesting of all is that it will perform denial-of-service attacks against www.sco.com . I'm still looking into the specific details, but slashdot has some info. Interestingly, I use independent email addresses for each mailing list I'm on (piclist, car clubs, etc), and it seems to have found a bunch of these. Cheers, -Neil. On Tuesday 27 January 2004 06:36 am, Olin Lathrop scribbled: > I've gotten probably a half dozen of them since around noon yesterday. > They were obviously viruses, so I've just been deleting them. I just got > another > > one to my PIClist address: > > Received: from 194.129.230.253 (7host.com) by mail.embedinc.com ; 2004 > > JAN -- http://www.piclist.com hint: PICList Posts must start with ONE topic: [PIC]:,[SX]:,[AVR]: ->uP ONLY! [EE]:,[OT]: ->Other [BUY]:,[AD]: ->Ads -- http://www.piclist.com hint: The list server can filter out subtopics (like ads or off topics) for you. See http://www.piclist.com/#topics .