posted on February 16, 2004 09:00:05 AM new
Got this today...Is this a new way of sending the "My Doon" virus? Did eBay / microsoft really send this out?
Content-transfer-encoding: 8bit
eBay Inc. and the Microsoft Corp. detect new virus!
We highly recommend to use this program for destruction of a new virus!
Read the description below:
Quick Info
File Name:
EBayDoomCln-KB836528-v3-ENU.exe
Download Size:
132 KB
Date Published:
2/16/2004
Version:
3.1
Overview
This tool will help to remove the Edoom.A, Edoom.B, Ebayjuice.A, and Ebayjuice.B worms from infected systems. Once the tool has run—after the End-User License Agreement (EULA) is accepted—it automatically checks for infection and removes any of the targeted worms that are found. If a machine is infected with the Edoom.B worm, the tool will also provide the user with the default version of the hosts file and set the "read-only" attribute for that file.
After running, the tool displays a message describing the outcome of the detection and removal process. The tool can be safely deleted after it has run. Also, the tool creates a log file named doomcln.log in the %WINDIR%\debug folder.
This tool will not:
Detect or remove any viruses or worms other than Edoom.A, Edoom.B, Ebayjuice.A and Ebayjuice.B
Detect or remove future variants of Mydoom or Doomjuice
Prevent the machine from being re-infected with Mydoom if, for example, an infected e-mail attachment is re-executed
eBay sent this e-mail to you because your Notification Preferences indicate that you want to receive
information about Special Events & Promotions. eBay will not request personal data (password, credit
card/bank numbers) in an e-mail.
posted on February 16, 2004 09:26:29 AM new
I deleted it right away (was able to recover from recently deleted files however)..just didnt make sense that eBay would be sending out stuff like this..i did not download at any rate.
Here are the headers:
Return-Path: <[email protected]>
Received: from rly-xk05.mx.aol.com (rly-xk05.mail.aol.com [172.20.83.42]) by air-xk04.mail.aol.com (v97.18) with ESMTP id MAILINXK41-5a04030ae7d8d; Mon, 16 Feb 2004 06:50:48 -0500
Received: from frost.he.net (frost.he.net [65.19.164.2]) by rly-xk05.mx.aol.com (v97.10) with ESMTP id MAILRELAYINXK510-5a04030ae7d8d; Mon, 16 Feb 2004 06:50:21 -0500
Received: from frost.he.net ([127.0.0.2]) by frost.he.net for <[email protected]>; Mon, 16 Feb 2004 03:48:41 -0800
Message-Id: <[email protected]>
Date: Mon, 16 Feb 2004 03:48:41 -0800
To: [email protected]<[email protected]>
Subject: Alert for Safety. Att. eBay users!
From: eBay<[email protected]>
Content-type: multipart/mixed; boundary="4030ae197459b"
X-AOL-IP: 65.19.164.2
X-AOL-SCOLL-SCORE: 0:XXX:XX
X-AOL-SCOLL-URL_COUNT: 0
posted on February 16, 2004 09:41:37 AM new
I doubt that ebay would ever get into virus protection via emails. This has to be a hacker and a darn good one. They're getting more and more clever.
-------------- sig file ----------- *There is no conclusive evidence that life is serious*
Overview
This tool will help to remove the Mydoom.A, Mydoom.B, Doomjuice.A (aka "MyDoom.C" ) and Doomjuice.B worms from infected systems. Once the tool has run—after the End-User License Agreement (EULA) is accepted—it automatically checks for infection and removes any of the targeted worms that are found. If a machine is infected with the Mydoom.B worm, the tool will also provide the user with the default version of the hosts file and set the "read-only" attribute for that file. This action will allow the user to visit previously-blocked Microsoft and antivirus websites.
After running, the tool displays a message describing the outcome of the detection and removal process. The tool can be safely deleted after it has run. Also, the tool creates a log file named doomcln.log in the %WINDIR%\debug folder.
This tool will not:
Detect or remove any viruses or worms other than Mydoom.A, Mydoom.B, Doomjuice.A, and Doomjuice.B
Detect or remove future variants of Mydoom or Doomjuice
Prevent the machine from being re-infected with Mydoom if, for example, an infected e-mail attachment is re-executed
Detect or remove malware that exists on a system as a result of the backdoor component created by Mydoom.A or Mydoom.B (besides Doomjuice.A and Doomjuice.B).
Delete any e-mail that contains Mydoom.A or Mydoom.B
I LOVE Endicia! You will too – Click here!
[ edited by glassgrl on Feb 16, 2004 10:04 AM ]
posted on February 16, 2004 10:14:53 AM new
The filename may somewhat resemble a valid one but that does not mean the underlying executable is anything you should run on your computer.
You can name a file anything you want.
The mail looks like a spoof to me. Why would eBay or Microsoft be sending anything from Hurricane Electric (he.net), a public ISP?
Signed,
Mr. Melvin
--
Being denied live help is unacceptable.
[ edited by fluffythewondercat on Feb 16, 2004 10:15 AM ]
