[<a href='2460.html'>Next Message in Time</a>] | 
[<a href='2458.html'>Previous Message in Time</a>] | 
[<a href='2460.html'>Next Message in Topic</a>] | 
[<a href='2458.html'>Previous Message in Topic</a>] <br/><br/>
<b>Message ID:</b> 2459 <br/>
<b>Date:</b> Thu Mar  1 21:06:17 GMT 2001 <br/>
<b>Author:</b> Yodason <br/>
<b>Subject:</b> RE: [EQ_Tinkering] please read, I picked up a virus <br/>
<br/><br/>
<div id="ygrps-yiv-901563421">
<html><head>
 
 
<style></style>
</head>
 
<div><span class="ygrps-yiv-901563421610460521-01032001"><font face="Arial" color="#0000ff" size="2">hmmm i 
think i might have that too, what scanner picks it up</font></span></div>
<blockquote><span title="qreply"> <blockquote>
  <div class="ygrps-yiv-901563421OutlookMessageHeader" dir="ltr" align="left"><font face="Tahoma"
 size="2">-----Original Message-----<br><b>From:</b> Funky T. Munky 
  [mailto:toking@...]<br><b>Sent:</b> Thursday, March 01, 2001 12:30 
  AM<br><b>To:</b> Rainpudle@...; R. Schilling; Naninna; Miss Spot; marie; 
  kinanmer@...; Kelley Allred; JesikaHarrison@...; 
  jenna turner; J. Shafer; EQ_Tinkering@yahoogroups.com; Echo 
  Vane<br><b>Subject:</b> [EQ_Tinkering] please read, I picked up a 
  virus<br><br></font></div>
  <div><font face="Arial" size="2">
  <table cellSpacing="0" cellPadding="0" width="100%" border="0">
    <tbody>
    <tr>
      <td vAlign="top" align="left"></td>
      <td vAlign="top" align="left">
        <center></center>
        <p><font size="2">Hiya all, I&#39;m a moron and managed to pick up a virus, I 
        really had no idea it was there until i started getting strange crashes 
        (IEXPLORE cause a general protection fault in module wsock32.dll) and a 
        bunch of my everquest log files and opt files started showing up on my 
        desktop. If you arent running any antivirus software/havent run it in a 
        while, please do so soon. </font>
        <p> 
        <p><font size="2">Below you will find some info on the nasty little bug 
        that got me. Sorry all, I&quot;ll try and be a little more vigilant in the 
        future</font> 
        <p> 
        <p> 
        <p><font size="2">Joe</font> 
        <p> 
        <p>Win32:Hybris</p><b>Win32:Hybris</b> is an Internet worm which has the 
        capability to update itself via Internet. There is a kernel part and 
        separate &quot;plugins&quot; which can be swaped or even upgraded via Internet. 
        These plugins are encrypted with quite strong cryptography. 
        <p>When executed, Win32:Hybris infects WSOCK32.DLL and sends itself in a 
        separate message complementary&nbsp; to any meassage sent from the 
        infected computer.&nbsp; The subject, text of the message and the name 
        of the attached file are part of the plugin so they could be changed via 
        upgrade mechanism. The basic version can contain the texts in English, 
        French, Spanish and Portugese. The English message has sometimes the 
        subject &quot;Snowhite and the Seven Dwarfs - The REAL story!&quot; and the body 
        contains the adult version of the well known tale.&nbsp; 
        <p>The upgrade mechanism of this worm is very flexible and could be 
        changed in the future via the special plugins. Currently it can download 
        the plugins from the dedicated web page and it can get them from the 
        special Usenet discussion group called alt.comp.virus. All instances of 
        worm can upload and download the encrypted plugins in a special format 
        with identifier and version number into this mailing group. Another 
        plugins are responsible for ZIP and RAR infections. There could be some 
        more in the future. </p></td></tr></tbody></table></font></div><br><br><tt>Your 
  use of Yahoo! Groups is subject to the <a rel="nofollow"
 target="_blank" href="http://docs.yahoo.com/info/terms/">Yahoo! Terms of Service</a>.</tt> 
<br></blockquote></span></blockquote></html> 
</div>