|
PureBytes Links
Trading Reference Links
|
Sure did....here are the contents:
MZ � � @ ���
!�L!This program cannot be run in DOS mode. $
a\*'%=Dt%=Dt%=DtK"Wt'=Dt%=Et.=DtG"Wt'=DtO!Ft6=Dt;Bt$=Dt%=Dt(=DtRich%=Dt
PE L�� �4 ��
��� � � � � � � � � � � � � �
� � � � � P 0 � p� T
� p .text b� � � � `.data
< � @ .rsrc 0 � 0 @
wuPdp*�wm6I
�{P�{
��"{a�{�{�{(�"{�{0�{Ћ�{ ��{��{
�x�x�x �4 � �� 4 �4 � @ �5 �4 � B P5 RegisterServiceProcess Kernel32 WMI_UNIQUE_EVENT_NAME 2� �G� � UQVWh� �j j�j ��� �Etf��� �= u
u��� �3w� =�� �u_u��8� �Yt
V��� �Vh� ���� �t�h� �P��� �u���� �#j���� �Pu�j 1� $� u_^� Ujh � �h� �d Pd% ĘSVWeE j��(� ���0 ��4 ��$� �
, ���,� ��( ��4� ��
8 �v� � �u�h� ��0� ��*� h� �h� ��� ��$ �UEP
�QUREPMQ�@� ��h� �h � ��D� �2u>"� Fu�t�<"u>"u�Fu�t
< w�FuE EP� � �E�t
E% �
PVj j ��� �PEP�H� �"E� MPQ= �ËeUR�P� ��EMd
_^[]À> �fFu%L� �%<� �h � h � 7 �Ð3ÐÐ%X� �%T� �%h� �%`� �%d� �d� OG5d� $� @� F5�� � � OG5V� `� � � � � � � � ~� 0� >� � � �� � � � � � � � p� P� .� >� �� :�atoi _exit H _XcptFilter F�exit _acmdln X __getmainargs ��_initterm __setusermatherr _adjust_fdiv i __p__commode n __p__fmode __set_app_type _except_handler3 MSVCRT.dll _controlfp GetCurrentProcessId >�GetProcAddress &�GetModuleHandleA e�SetEvent � CloseHandle ��GetLastError 1 CreateEventA P�GetStartupInfoA KERNEL32.dll WmiDeinitializeService � WmiRunService � WmiInitializeService wmicore.dll !
!
!
�
� � �
� � 0 � � H `0 P� Py4 V S _ V E R
S I O N _ I N F O � � � � � � � �? � � � �
� S t r i n g F i l e I n f o � � 0 4 0 9 0 4 B 0 L � � C o m p a n y
N a m e M i c r o s o f t C o r p o r a t i o n X � � F i l e D e s
c r i p t i o n W M I s e r v i c e e x e h o u s i n g 8 � � F
i l e V e r s i o n 5 . 0 0 . 1 7 5 5 . 1 . � � I n t e r n a l N a m
e w m i e x e t ( � L e g a l C o p y r i g h t C o p y r i g h t
( C ) M i c r o s o f t C o r p . 1 9 8 1 - 1 9 9 8 >
� O r i g i n a l F i l e n a m e w m i e x e . e x e x , � P r o d u
c t N a m e M i c r o s o f t ( R ) W i n d o w s N T ( R ) O p e
r a t i n g S y s t e m < � � P r o d u c t V e r s i o n 5 . 0 0 . 1
7 5 5 . 1 D � V a r F i l e I n f o $ � T r a n s l a t i o n
��
� �� ..\..\chicago\i386\wmiexe.exe
�� � � �Ґ� � � � � � � NB10
�4� e:\nt\private\windows\wmi\chicago\i386\wmiexe.pdb
> -----Original Message-----
> From: mking@xxxxxxxx [mailto:mking@xxxxxxxx]
> Sent: Wednesday, November 14, 2001 7:32 AM
> To: omega-list@xxxxxxxxxx
> Subject: RE: Anyone know a Don Laird or E. Laird ?
>
>
> I suppose I didn't make myself clear, as usual. I saw what NAV said.
> I was just curious if you looked at it with an editor? I guess not.
>
> David
>
>
>
> >From: "M. Simms" <prosys@xxxxxxxxxxxxxxxx>
> >
> >Report From NAV
> >Date: 11/12/01, Time: 20:48:24
> >The file C:\WINDOWS\TEMP\which.bat
> >was infected with the W32.Magistr.39921@xx virus.
> >The file was repaired.
> >
> >The above report indicates the payload that was sent in the attached bat
> >file.
> >> -----Original Message-----
> >> From: mking@xxxxxxxx [mailto:mking@xxxxxxxx]
> >> Sent: Tuesday, November 13, 2001 4:13 PM
> >> To: omega-list@xxxxxxxxxx
> >> Subject: RE: Anyone know a Don Laird or E. Laird ?
> >>
> >>
> >> No, I don't recall getting your first mail on this subject.
> >>
> >> I am only a member of the Code list and Omega list, and I
> havent recieved
> >> that file either. Just curious, did you look into the file
> >> before or after
> >> it was repaired to see what was in it?
> >>
> >> David
> >>
> >> >From: "M. Simms" <prosys@xxxxxxxxxxxxxxxx>
> >> >
> >> >second attempt.....anyone get this email ?
> >> >
> >> >> -----Original Message-----
> >> >> From: M. Simms [mailto:prosys@xxxxxxxxxxxxxxxx]
> >> >> Sent: Monday, November 12, 2001 9:29 PM
> >> >> To: Omega-List
> >> >> Subject: Anyone know a Don Laird or E. Laird ?
> >> >>
> >> >>
> >> >> This guy is apparently a Tradestation user that is masquerading a
> >> >> virus payload as some advice on setting up templates.
> >> >> The ISP is Road Runner DSL service out of Texas and the address
> >> >> is dlaird1@xxxxxxxxxxxxx with a return address of
> >> elaird1@xxxxxxxxxxxxxx
> >> >> The authorities have been notified.
> >> >>
> >> >> DO NOT EXECUTE THE WHICH.BAT FILE ATTACHMENT.
> >> >> -------------------------------------------------------
> >> >> Report From NAV
> >> >> Date: 11/12/01, Time: 20:48:24, MSIMMS on MSIMMS
> >> >> The file
> >> >> C:\WINDOWS\TEMP\which.bat
> >> >> was infected with the W32.Magistr.39921@xx virus.
> >> >> The file was repaired.
> >> >>
> >> >
> >> >
> >> >
> >>
> >
> >
> >
>
|