PureBytes Links
Trading Reference Links
|
Sure did....here are the contents:
MZ @
!L!This program cannot be run in DOS mode. $
a\*'%=Dt%=Dt%=DtK"Wt'=Dt%=Et.=DtG"Wt'=DtO!Ft6=Dt;Bt$=Dt%=Dt(=DtRich%=Dt
PE L 4
P 0 p T
p .text b `.data
< @ .rsrc 0 0 @
wuPdp*wm6I
{P{
"{a{{{("{{0{Ћ{ {{
xxx 4 4 4 @ 5 4 B P5 RegisterServiceProcess Kernel32 WMI_UNIQUE_EVENT_NAME 2 G UQVWh j jj Etf = u
u 3w = u_u8 Yt
V Vh th P u #j Puj 1 $ u_^ Ujh h d Pd% ĘSVWeE j( 0 4 $
, , ( 4
8 v uh 0 * h h $ UEP
QUREPMQ@ h h D 2u>" Fut<"u>"uFut
< wFuE EP Et
E%
PVj j PEPH "E MPQ= ËeURP EMd
_^[]À> fFu%L %< h h 7 Ð3ÐÐ%X %T %h %` %d d OG5d $ @ F5 OG5V ` ~ 0 > p P . > :atoi _exit H _XcptFilter Fexit _acmdln X __getmainargs _initterm __setusermatherr _adjust_fdiv i __p__commode n __p__fmode __set_app_type _except_handler3 MSVCRT.dll _controlfp GetCurrentProcessId >GetProcAddress &GetModuleHandleA eSetEvent CloseHandle GetLastError 1 CreateEventA PGetStartupInfoA KERNEL32.dll WmiDeinitializeService WmiRunService WmiInitializeService wmicore.dll !
!
!
0 H `0 P Py4 V S _ V E R
S I O N _ I N F O ?
S t r i n g F i l e I n f o 0 4 0 9 0 4 B 0 L C o m p a n y
N a m e M i c r o s o f t C o r p o r a t i o n X F i l e D e s
c r i p t i o n W M I s e r v i c e e x e h o u s i n g 8 F
i l e V e r s i o n 5 . 0 0 . 1 7 5 5 . 1 . I n t e r n a l N a m
e w m i e x e t ( L e g a l C o p y r i g h t C o p y r i g h t
( C ) M i c r o s o f t C o r p . 1 9 8 1 - 1 9 9 8 >
O r i g i n a l F i l e n a m e w m i e x e . e x e x , P r o d u
c t N a m e M i c r o s o f t ( R ) W i n d o w s N T ( R ) O p e
r a t i n g S y s t e m < P r o d u c t V e r s i o n 5 . 0 0 . 1
7 5 5 . 1 D V a r F i l e I n f o $ T r a n s l a t i o n
..\..\chicago\i386\wmiexe.exe
Ґ NB10
4 e:\nt\private\windows\wmi\chicago\i386\wmiexe.pdb
> -----Original Message-----
> From: mking@xxxxxxxx [mailto:mking@xxxxxxxx]
> Sent: Wednesday, November 14, 2001 7:32 AM
> To: omega-list@xxxxxxxxxx
> Subject: RE: Anyone know a Don Laird or E. Laird ?
>
>
> I suppose I didn't make myself clear, as usual. I saw what NAV said.
> I was just curious if you looked at it with an editor? I guess not.
>
> David
>
>
>
> >From: "M. Simms" <prosys@xxxxxxxxxxxxxxxx>
> >
> >Report From NAV
> >Date: 11/12/01, Time: 20:48:24
> >The file C:\WINDOWS\TEMP\which.bat
> >was infected with the W32.Magistr.39921@xx virus.
> >The file was repaired.
> >
> >The above report indicates the payload that was sent in the attached bat
> >file.
> >> -----Original Message-----
> >> From: mking@xxxxxxxx [mailto:mking@xxxxxxxx]
> >> Sent: Tuesday, November 13, 2001 4:13 PM
> >> To: omega-list@xxxxxxxxxx
> >> Subject: RE: Anyone know a Don Laird or E. Laird ?
> >>
> >>
> >> No, I don't recall getting your first mail on this subject.
> >>
> >> I am only a member of the Code list and Omega list, and I
> havent recieved
> >> that file either. Just curious, did you look into the file
> >> before or after
> >> it was repaired to see what was in it?
> >>
> >> David
> >>
> >> >From: "M. Simms" <prosys@xxxxxxxxxxxxxxxx>
> >> >
> >> >second attempt.....anyone get this email ?
> >> >
> >> >> -----Original Message-----
> >> >> From: M. Simms [mailto:prosys@xxxxxxxxxxxxxxxx]
> >> >> Sent: Monday, November 12, 2001 9:29 PM
> >> >> To: Omega-List
> >> >> Subject: Anyone know a Don Laird or E. Laird ?
> >> >>
> >> >>
> >> >> This guy is apparently a Tradestation user that is masquerading a
> >> >> virus payload as some advice on setting up templates.
> >> >> The ISP is Road Runner DSL service out of Texas and the address
> >> >> is dlaird1@xxxxxxxxxxxxx with a return address of
> >> elaird1@xxxxxxxxxxxxxx
> >> >> The authorities have been notified.
> >> >>
> >> >> DO NOT EXECUTE THE WHICH.BAT FILE ATTACHMENT.
> >> >> -------------------------------------------------------
> >> >> Report From NAV
> >> >> Date: 11/12/01, Time: 20:48:24, MSIMMS on MSIMMS
> >> >> The file
> >> >> C:\WINDOWS\TEMP\which.bat
> >> >> was infected with the W32.Magistr.39921@xx virus.
> >> >> The file was repaired.
> >> >>
> >> >
> >> >
> >> >
> >>
> >
> >
> >
>
|