Greeting card virus spam - Autoloaded in Spam, Scam and Phishbusters http://www.dslreports.com/forum/r14323975 en Sun, 06 Dec 2009 00:01:22 EDT Sun, 06 Dec 2009 00:01:22 EDT Re: Greeting card virus spam - Autoloaded http://www.dslreports.com/forum/remark,14325513 rfnut : AVG caught it right off.

AVG Detected
]]> http://www.dslreports.com/forum/remark,14325513 Fri, 09 Sep 2005 07:05:47 EDT Re: Greeting card virus spam - Autoloaded http://www.dslreports.com/forum/remark,14324391 nwrickert : I downloaded, but I won't run it. It is a 920K windows executable. I looked for interesting text messages, but couldn't find any. It does appear to reference
KERNEL32.DLL
ADVAPI32.DLL
COMCTL32.DLL
COMDLG32.DLL
GDI32.DLL
OLE32.DLL
SHELL32.DLL
USER32.DLL

The chances are high that it is malware.

I suggest that you edit your post to deactivate the link. I usually do that by changing the ":" to "<b>:</b> which puts the colon in bold (not noticable) but prevents the link from being clickable. Someone who really wants to can still cut and paste.]]> http://www.dslreports.com/forum/remark,14324391 Thu, 08 Sep 2005 23:46:28 EDT Re: Greeting card virus spam - Autoloaded http://www.dslreports.com/forum/remark,14324303 Mordy : It's this »us.mcafee.com/virusInfo/default.···k=100021

Only mcafee found it (I scanned with quite a few different scanners). Seems like a pretty old virus.
--
Give generously to the Red Cross Hurricane Disaster Relief Fund]]> http://www.dslreports.com/forum/remark,14324303 Thu, 08 Sep 2005 23:35:53 EDT Re: Greeting card virus spam - Autoloaded http://www.dslreports.com/forum/remark,14324270 Dude111 : I went to the site and a file download box opened and wanted to DL "postcard041083.jpg.exe" (I assume that is the date April 10 1983) I DLed it and my AV did not flag it as a bad file,HOWEVER,I AM NOT GONNA EXECUTE IT (Just in case)

Anyone else??]]> http://www.dslreports.com/forum/remark,14324270 Thu, 08 Sep 2005 23:31:29 EDT Greeting card virus spam - Autoloaded http://www.dslreports.com/forum/remark,14323975 caesarv : I got this obvious fake greeting card email that wanted me to click on a fake link that went to »61.120.121.218 /%7Ecustomer/index.html, which I believe may be in Japan.
I tried to avoid clicking on the link, but my curiosity got the better of me. I first tried just the IP address alone but nothing was there. I then tried the entire link and the page immediately loaded AND a download was immediately started (BTW, I use Firefox 1.06). The file name was something that ended in .jpg.exe so I am fairly certain it was nothing good, not that I was expecting anything good! Anyhow, I quickly canceled the download and left the site.

Any brave souls out there with a disposable computer want to figure out what that really is? If it automatically downloaded the file, would it have automatically executed it too?

Edit: I added a space in the URL to prevent accidental clicking of the entire link. Now you will only get to the harmless parent directory.]]> http://www.dslreports.com/forum/remark,14323975 Thu, 08 Sep 2005 22:51:49 EDT