Mail Archives: djgpp/2001/05/12/08:50:13

www.delorie.com/archives/browse.cgi

search

Mail Archives: djgpp/2001/05/12/08:50:13

Message-ID: <000e01c0dae1$7e1e8500$0301000a@marvin>

From: "Alexander Lehmann" <lehmann AT nexgo DOT de>

To: <jmendez AT persystems DOT com>

Cc: <dj AT delorie DOT com>, <tony AT dictator DOT nt DOT tuwien DOT ac DOT at>, <jventer AT writeme DOT com>,

<webmaster AT bloodshed DOT nu>, <salvador AT inti DOT gov DOT ar>, <set-soft AT usa DOT net>,

<deef AT pobox DOT oleane DOT com>, <hsc AT techfak DOT uni-kiel DOT de>,

<allegro AT canvaslink DOT com>, <listserv AT canvaslink DOT com>,

<fsforder AT gnu DOT org>, <djgpp AT delorie DOT com>, <Ian AT shelob DOT force9 DOT co DOT uk>,

<neldredge AT hmc DOT edu>, <brennan AT rt66 DOT com>, <mmastrac AT acs DOT ucalgary DOT ca>,

<jan AT stack DOT nl>, <jules AT acris DOT demon DOT co DOT uk>, <hpa AT transmeta DOT com>,

<gvelicha AT wam DOT umd DOT edu>, <mb002 AT hi DOT ft DOT hse DOT nl>, <george AT il DOT ft DOT hse DOT nl>,

<sandmann AT clio DOT rice DOT edu>, <bill AT tanihwa DOT org DOT com>,

<junaid AT barney DOT eng DOT monash DOT edu DOT au>, <turnbull AT shako DOT sk DOT tsukuba DOT ac DOT jp>,

<rudd AT cyberoptics DOT com>, <alaric AT abwillms DOT demon DOT co DOT uk>,

<listserv AT delorie DOT com>, <djgpp-request AT delorie DOT com>,

<jhunter AT kendaco DOT telebyte DOT net>, <mar22 AT usa DOT net>, <indrek AT warp DOT edu DOT ee>,

<richdawe AT bigfoot DOT com>, <orangy AT inetlab DOT com>, <acc AT asterix DOT inescn DOT pt>,

<elf AT netcom DOT com>, <bowman AT montana DOT com>, <schultz AT ma DOT tum DOT de>,

<nicolas AT bnp-eng DOT remcomp DOT com>, <jpdelprat AT teaser DOT fr>,

<blp01 AT uow DOT edu DOT au>, <acmq AT coe DOT ufrj DOT br>, <Shawn AT talula DOT demon DOT co DOT uk>,

<tntjpgriff AT tsnxt DOT co DOT uk>, <bg914 AT FreeNet DOT Carleton DOT CA>,

<mrb8 AT waikato DOT ac DOT nz>, <snarfy AT goodnet DOT com>, <zager AT post DOT comstar DOT ru>,

<blizzar AT hem DOT passagen DOT se>, <ppodsiad AT elka DOT pw DOT edu DOT pl>,

<ST001906 AT HRZ1 DOT HRZ DOT TU-Darmstadt DOT De>, <jk55 AT cornell DOT edu>,

<karuottu AT freenet DOT hut DOT fi>, <eliz AT is DOT elta DOT co DOT il>, <fighteer AT cs DOT net>,

<grbhat AT unigoa DOT ernet DOT in>, <bodfish AT austen DOT notis DOT com>,

<bdavidson AT ra DOT isisnet DOT com>, <Demmer AT LStM DOT Ruhr-Uni-Bochum DOT De>,

<jae AT laden DOT ilk DOT de>, <x-aes AT telelogic DOT com>, <prime AT UDel DOT Edu>,

<peter AT agnes DOT dida DOT physik DOT uni-essen DOT de>, <harbaum AT ibr DOT cs DOT tu-bs DOT de>,

<Jim AT anolis DOT bnr DOT usu DOT edu>, <kheidens AT actrix DOT gen DOT nz>, <kvhk AT barco DOT com>,

<ghogenso AT u DOT washington DOT edu>, <dbjh AT gmx DOT net>, <omega AT es DOT co DOT nz>,

<kunst AT prl DOT philips DOT nl>, <yitzg AT idt DOT net>,

<lehmann AT mathematik DOT tu-darmstadt DOT de>, <leisner AT sdsp DOT mc DOT xerox DOT com>,

<randym AT acm DOT org>, <mallory AT wcug DOT vwu DOT edu>, <csmiller AT iname DOT com>,

<naderr AT topaz DOT cqu DOT edu DOT au>, <nicolas AT JUPITER DOT saclay DOT cea DOT fr>,

<ash AT cinf DOT usm DOT md>, <bpaddock AT execpc DOT com>, <peuha AT cc DOT helsinki DOT fi>,

<prashant_tr AT yahoo DOT com>, <prins AT quark DOT cs DOT sun DOT ac DOT za>,

<salters AT admin DOT fanshawec DOT on DOT ca>, <Shumw001 AT Cerritos DOT edu>,

<ams AT ludd DOT luth DOT se>, <aes AT solia DOT gsfc DOT nasa DOT gov>, <ljt AT sierrasemi DOT com>,

<nedu AT ee DOT washington DOT edu>, <waider AT waider DOT ie>, <terra AT diku DOT dk>,

<awesley AT galaxy DOT anutech DOT com DOT au>, <Kbwms AT aol DOT com>,

<mwood AT mhw DOT OIT DOT IUPUI DOT EDU>, <lehmann AT usa DOT net>

Subject: Fw: Computer Virus Information from a Friend!

Date: Sat, 12 May 2001 14:42:56 +0200

MIME-Version: 1.0

X-Priority: 3

X-MSMail-Priority: Normal

X-Mailer: Microsoft Outlook Express 5.50.4133.2400

X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400

Reply-To: djgpp AT delorie DOT com

Hi,

the Mail sent by Javier Mendez to the list contains the Happy Time Virus:


bye, Alexander

----- Original Message ----- 
From: <lehmann AT usa DOT net>
To: <lehmann AT nexgo DOT de>
Sent: Saturday, May 12, 2001 2:33 PM
Subject: Computer Virus Information from a Friend!


> Greetings, lehmann AT nexgo DOT de
> 
> I thought you would be interested in knowing about this computer Virus...
> 
> Name: VBS/Haptime AT MM
> 
> Characteristics:
> This Visual Basic Script virus will append itself to files, delete files,
> and can spread via embedded VBScript, contained in the body of HTML
> formatted email messages.
> When the script is permitted to run, the virus inserts itself at the end
> of .ASP, .HTM, .HTML, .HTT, and .VBS files. If the current day plus the
> current month is equal to 13, the virus attempts to delete .DLL and .EXE
> files on local and network drives.
> The virus saves its viral code to HELP.HTA and HELP.VBS in the first
> directory found on the C: drive, and to HELP.HTM and UNTITLED.HTM in the
> WINDOWS directory.
> A registry key value is created to set the HELP.HTM file to the current
> wallpaper which results in the execution of the virus at system startup,
> if active desktop is enabled:
> HKCU\Control Panel\Desktop\wallPaper=%WinDir%\HELP.HTM
> In a similar fashion to JS/Kak AT M, this virus configures the default
> stationary used by Microsoft Outlook Express to an external file,
> %WinDir%\UNTITLED.HTM. This causes each message sent from Outlook Express
> to contain hidden viral code. These setting are modified in the registry
> to accomplish this task:
> HKCU\Identities\(User ID)\Software\Microsoft\Outlook
> Express\5.0\Mail\Message Send HTML="1"
> HKCU\Identities\(User ID)\Software\Microsoft\Outlook
> Express\5.0\Mail\Compose Use Stationery="1"
> HKCU\Identities\(User ID)\Software\Microsoft\Outlook
> Express\5.0\Mail\Stationery Name="%WinDir%\Untitled.htm"
> Additionally, the .HTT files in the %WinDir%\WEB directory are infected,
> which results in the virus getting executed each time a folder is viewed
> as a web page.
> The virus keeps track of the number of times that it has been executed by
> creating a new registry key and incrementing a key value in this key:
> HKCU\Software\Help\
> Once the counter reaches a multiple of 366, the virus will unsuccessfully
> attempt to attach UNTITLED.HTM to the email message which it sends.
> 
> To check your system for this Virus, and to learn how to protect yourself
> from computer viruses, visit the McAfee.com Clinic at
> http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=2103.
> 
> For complete information on this Virus, view McAfee.com's Virus
> Information Library listing at
> http://vil.mcafee.com/dispVirus.asp?virus_k=99080.
> 
> This email was sent to you by Alexander Lehmann
> 
>

- Raw text -

webmaster	delorie software privacy
Copyright � 2019 by DJ Delorie	Updated Jul 2019

Message-ID:	<000e01c0dae1$7e1e8500$0301000a@marvin>
From:	"Alexander Lehmann" <lehmann AT nexgo DOT de>
To:	<jmendez AT persystems DOT com>
Cc:	<dj AT delorie DOT com>, <tony AT dictator DOT nt DOT tuwien DOT ac DOT at>, <jventer AT writeme DOT com>,
	<webmaster AT bloodshed DOT nu>, <salvador AT inti DOT gov DOT ar>, <set-soft AT usa DOT net>,
	<deef AT pobox DOT oleane DOT com>, <hsc AT techfak DOT uni-kiel DOT de>,
	<allegro AT canvaslink DOT com>, <listserv AT canvaslink DOT com>,
	<fsforder AT gnu DOT org>, <djgpp AT delorie DOT com>, <Ian AT shelob DOT force9 DOT co DOT uk>,
	<neldredge AT hmc DOT edu>, <brennan AT rt66 DOT com>, <mmastrac AT acs DOT ucalgary DOT ca>,
	<jan AT stack DOT nl>, <jules AT acris DOT demon DOT co DOT uk>, <hpa AT transmeta DOT com>,
	<gvelicha AT wam DOT umd DOT edu>, <mb002 AT hi DOT ft DOT hse DOT nl>, <george AT il DOT ft DOT hse DOT nl>,
	<sandmann AT clio DOT rice DOT edu>, <bill AT tanihwa DOT org DOT com>,
	<junaid AT barney DOT eng DOT monash DOT edu DOT au>, <turnbull AT shako DOT sk DOT tsukuba DOT ac DOT jp>,
	<rudd AT cyberoptics DOT com>, <alaric AT abwillms DOT demon DOT co DOT uk>,
	<listserv AT delorie DOT com>, <djgpp-request AT delorie DOT com>,
	<jhunter AT kendaco DOT telebyte DOT net>, <mar22 AT usa DOT net>, <indrek AT warp DOT edu DOT ee>,
	<richdawe AT bigfoot DOT com>, <orangy AT inetlab DOT com>, <acc AT asterix DOT inescn DOT pt>,
	<elf AT netcom DOT com>, <bowman AT montana DOT com>, <schultz AT ma DOT tum DOT de>,
	<nicolas AT bnp-eng DOT remcomp DOT com>, <jpdelprat AT teaser DOT fr>,
	<blp01 AT uow DOT edu DOT au>, <acmq AT coe DOT ufrj DOT br>, <Shawn AT talula DOT demon DOT co DOT uk>,
	<tntjpgriff AT tsnxt DOT co DOT uk>, <bg914 AT FreeNet DOT Carleton DOT CA>,
	<mrb8 AT waikato DOT ac DOT nz>, <snarfy AT goodnet DOT com>, <zager AT post DOT comstar DOT ru>,
	<blizzar AT hem DOT passagen DOT se>, <ppodsiad AT elka DOT pw DOT edu DOT pl>,
	<ST001906 AT HRZ1 DOT HRZ DOT TU-Darmstadt DOT De>, <jk55 AT cornell DOT edu>,
	<karuottu AT freenet DOT hut DOT fi>, <eliz AT is DOT elta DOT co DOT il>, <fighteer AT cs DOT net>,
	<grbhat AT unigoa DOT ernet DOT in>, <bodfish AT austen DOT notis DOT com>,
	<bdavidson AT ra DOT isisnet DOT com>, <Demmer AT LStM DOT Ruhr-Uni-Bochum DOT De>,
	<jae AT laden DOT ilk DOT de>, <x-aes AT telelogic DOT com>, <prime AT UDel DOT Edu>,
	<peter AT agnes DOT dida DOT physik DOT uni-essen DOT de>, <harbaum AT ibr DOT cs DOT tu-bs DOT de>,
	<Jim AT anolis DOT bnr DOT usu DOT edu>, <kheidens AT actrix DOT gen DOT nz>, <kvhk AT barco DOT com>,
	<ghogenso AT u DOT washington DOT edu>, <dbjh AT gmx DOT net>, <omega AT es DOT co DOT nz>,
	<kunst AT prl DOT philips DOT nl>, <yitzg AT idt DOT net>,
	<lehmann AT mathematik DOT tu-darmstadt DOT de>, <leisner AT sdsp DOT mc DOT xerox DOT com>,
	<randym AT acm DOT org>, <mallory AT wcug DOT vwu DOT edu>, <csmiller AT iname DOT com>,
	<naderr AT topaz DOT cqu DOT edu DOT au>, <nicolas AT JUPITER DOT saclay DOT cea DOT fr>,
	<ash AT cinf DOT usm DOT md>, <bpaddock AT execpc DOT com>, <peuha AT cc DOT helsinki DOT fi>,
	<prashant_tr AT yahoo DOT com>, <prins AT quark DOT cs DOT sun DOT ac DOT za>,
	<salters AT admin DOT fanshawec DOT on DOT ca>, <Shumw001 AT Cerritos DOT edu>,
	<ams AT ludd DOT luth DOT se>, <aes AT solia DOT gsfc DOT nasa DOT gov>, <ljt AT sierrasemi DOT com>,
	<nedu AT ee DOT washington DOT edu>, <waider AT waider DOT ie>, <terra AT diku DOT dk>,
	<awesley AT galaxy DOT anutech DOT com DOT au>, <Kbwms AT aol DOT com>,
	<mwood AT mhw DOT OIT DOT IUPUI DOT EDU>, <lehmann AT usa DOT net>
Subject:	Fw: Computer Virus Information from a Friend!
Date:	Sat, 12 May 2001 14:42:56 +0200
MIME-Version:	1.0
X-Priority:	3
X-MSMail-Priority:	Normal
X-Mailer:	Microsoft Outlook Express 5.50.4133.2400
X-MimeOLE:	Produced By Microsoft MimeOLE V5.50.4133.2400
Reply-To:	djgpp AT delorie DOT com