[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Anyone know a Don Laird or E. Laird ?



PureBytes Links

Trading Reference Links

Sure did....here are the contents:
MZ                @                                       
!L!This program cannot be run in DOS mode. $
a\*'%=Dt%=Dt%=DtK"Wt'=Dt%=Et.=DtG"Wt'=DtO!Ft6=Dt;Bt$=Dt%=Dt(=DtRich%=Dt
PE  L 4         
                                                      
                         P    0                            p  T
  p                           .text   b                        `.data
<                          @  .rsrc      0      0              @  
                                   wuPdp*wm6I     
{P{
"{a{{{("{{0{Ћ{ {{    
xxx        4              4      4       @       5      4       B       P5  RegisterServiceProcess  Kernel32    WMI_UNIQUE_EVENT_NAME   2 G     UQVWh j jj  Etf =   u
u 3w  = u_u8 Yt
V Vh  th P u #j Puj 1  $  u׋_^ Ujh  h d    Pd%    ĘSVWeE    j( 0  4  $ 
,  , (  4 
8  v    uh 0 *  h  h    $  UEP
   QUREPMQ@ h  h      D 2u>"   Fut<"u>"uFut
< wFuE    EP  Et
E%  
   PVj j  PEPH "E	MPQ=   ËeURP EMd
    _^[]À> fFu%L %< h   h   7   Ð3ÐÐ%X %T %h %` %d d  OG5d  $  @  F5       OG5V  `                                    ~      0  >                       p  P      .  >        :atoi   _exit H _XcptFilter Fexit   _acmdln X __getmainargs _initterm  __setusermatherr   _adjust_fdiv  i __p__commode  n __p__fmode   __set_app_type   _except_handler3  MSVCRT.dll   _controlfp   GetCurrentProcessId >GetProcAddress  &GetModuleHandleA  eSetEvent   CloseHandle GetLastError  1 CreateEventA  PGetStartupInfoA KERNEL32.dll    WmiDeinitializeService   WmiRunService  WmiInitializeService  wmicore.dll                                                                                                                                                                                                                                !
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             !
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             !
                                                                                                                                                                                                                        
                                                             
                                                                 
    0                 	  H   `0  P                  Py4   V S _ V E R
S I O N _ I N F O                ?                        
 S t r i n g F i l e I n f o      0 4 0 9 0 4 B 0   L   C o m p a n y
N a m e     M i c r o s o f t   C o r p o r a t i o n   X   F i l e D e s
c r i p t i o n     W M I   s e r v i c e   e x e   h o u s i n g   8   F
i l e V e r s i o n     5 . 0 0 . 1 7 5 5 . 1   .   I n t e r n a l N a m
e   w m i e x e     t (  L e g a l C o p y r i g h t   C o p y r i g h t
( C )   M i c r o s o f t   C o r p .   1 9 8 1 - 1 9 9 8   >
  O r i g i n a l F i l e n a m e   w m i e x e . e x e     x ,  P r o d u
c t N a m e     M i c r o s o f t ( R )   W i n d o w s   N T ( R )   O p e
r a t i n g   S y s t e m   <   P r o d u c t V e r s i o n   5 . 0 0 . 1
7 5 5 . 1   D    V a r F i l e I n f o     $    T r a n s l a t i o n

         ..\..\chicago\i386\wmiexe.exe
         Ґ                                      NB10
4   e:\nt\private\windows\wmi\chicago\i386\wmiexe.pdb

> -----Original Message-----
> From: mking@xxxxxxxx [mailto:mking@xxxxxxxx]
> Sent: Wednesday, November 14, 2001 7:32 AM
> To: omega-list@xxxxxxxxxx
> Subject: RE: Anyone know a Don Laird or E. Laird ?
>
>
> I suppose I didn't make myself clear, as usual.  I saw what NAV said.
> I was just curious if you looked at it with an editor?  I guess not.
>
> David
>
>
>
> >From: "M. Simms" <prosys@xxxxxxxxxxxxxxxx>
> >
> >Report From NAV
> >Date: 11/12/01, Time: 20:48:24
> >The file C:\WINDOWS\TEMP\which.bat
> >was infected with the W32.Magistr.39921@xx virus.
> >The file was repaired.
> >
> >The above report indicates the payload that was sent in the attached bat
> >file.
> >> -----Original Message-----
> >> From: mking@xxxxxxxx [mailto:mking@xxxxxxxx]
> >> Sent: Tuesday, November 13, 2001 4:13 PM
> >> To: omega-list@xxxxxxxxxx
> >> Subject: RE: Anyone know a Don Laird or E. Laird ?
> >>
> >>
> >> No,  I don't recall getting your first mail on this subject.
> >>
> >> I am only a member of the Code list and Omega list,  and I
> havent recieved
> >> that file either.  Just curious,  did you look into the file
> >> before or after
> >> it was repaired to see what was in it?
> >>
> >> David
> >>
> >> >From: "M. Simms" <prosys@xxxxxxxxxxxxxxxx>
> >> >
> >> >second attempt.....anyone get this email ?
> >> >
> >> >> -----Original Message-----
> >> >> From: M. Simms [mailto:prosys@xxxxxxxxxxxxxxxx]
> >> >> Sent: Monday, November 12, 2001 9:29 PM
> >> >> To: Omega-List
> >> >> Subject: Anyone know a Don Laird or E. Laird ?
> >> >>
> >> >>
> >> >> This guy is apparently a Tradestation user that is masquerading a
> >> >> virus payload as some advice on setting up templates.
> >> >> The ISP is Road Runner DSL service out of Texas and the address
> >> >> is dlaird1@xxxxxxxxxxxxx with a return address of
> >> elaird1@xxxxxxxxxxxxxx
> >> >> The authorities have been notified.
> >> >>
> >> >> DO NOT EXECUTE THE WHICH.BAT FILE ATTACHMENT.
> >> >> -------------------------------------------------------
> >> >> Report From NAV
> >> >> Date: 11/12/01, Time: 20:48:24, MSIMMS on MSIMMS
> >> >> The file
> >> >> C:\WINDOWS\TEMP\which.bat
> >> >> was infected with the W32.Magistr.39921@xx virus.
> >> >> The file was repaired.
> >> >>
> >> >
> >> >
> >> >
> >>
> >
> >
> >
>