[ale] .scr file name a virus?
Irv Mullins
irvm at ellijay.com
Wed Jun 12 07:28:57 EDT 2002
On Tuesday 11 June 2002 09:44 pm, you wrote:
> I just got an email from some one I know that had a multi-part mime junk
> in it. The end was a large block that started off:
>
> Content-Type: audio/x-wav; name=%B %d,.scr
> Content-Transfer-Encoding: base64
> Content-ID: <Jm3lDq06>
>
> then the encoded crap started.
>
> Is .scr an auto-execute file ending for M$? I don't do enough M$ these
> days to really know.
.scr is just an .exe by another name.
If you got three files, the second one zero bytes long, then this is
probably the Klez virus. You can look at the first or third files using
khexedit, and see what's in 'em. First has always been an exe, third
is picked at random from the victim's hard drive.
I have received jpg's, html, and a "confidential' financial report as
the third part in various ones I've looked at.
Regards,
Irv
---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be
sent to listmaster at ale dot org.
More information about the Ale
mailing list