Forums Últimos mensajes - Powered by IBM
 
Tags Palabras claves

Es un virus o que?

31/01/2004 - 22:59 por Maria Garcia | Informe spam
Ayuda Hacer una pregunta
Hola, disculpen el crosspotting pero necesito opiniones.


Acabo de recibir un email, con un ejecutable, que por razones obvias no
envío adjunto. Al final adjunto el encabezado, el cuerpo del mensaje
contiene lo siguiente:

**************
hi, I am from Austria and you'll don't believe me, but a trojan horse in on
your pc.
I've scanned the network-ports on the internet. (I know, that's illegal) And
I have found your pc. Your pc is open on the internet for everybody!
Because the lsass.exe trojan is running on your system. Check this, open the
task manager and try to stop that! You'll see, you can't stop this trojan.
When you use win98/me you can't see the trojan!!

On my system was this trojan, too! And I've found a tool to kill that bad
thing.
I hope that I've helped you!

Sorry for my bad english!

greets

********************************

No tengo amigos en Austria ;-) Ni enemigos que yo sepa. Os agradeceré
opiniones.

Saludos, MGarcia
****************************************************************************


Return-Path: <informe-intermedio-owner@alertaantivirus.es>
Received: from smtp2.red.es (smtp2.red.es [194.69.254.22])
by lmin01.st1.spray.net (Postfix) with ESMTP id AB1D49605;
Sat, 31 Jan 2004 12:28:16 +0100 (MET)
Received: from pasteur.nucleo.cpd (pasteur.dmz.cpd [172.16.250.208])
by smtp2.red.es (Postfix) with ESMTP
id 983E94B41; Sat, 31 Jan 2004 14:21:10 +0100 (CET)
Received: by pasteur.nucleo.cpd (Postfix on SuSE Linux 8.0 (i386), from
userid 502)
id DD041D0B; Sat, 31 Jan 2004 12:14:45 +0100 (CET)
Delivered-To: informe-intermedio@alertaantivirus.es
Received: from smtp2.red.es (unknown [172.16.250.33])
by pasteur.nucleo.cpd (Postfix on SuSE Linux 8.0 (i386)) with ESMTP
id 409CA8D6; Sat, 31 Jan 2004 12:11:17 +0100 (CET)
Received: from ns1.nic.es (unknown [172.16.250.30])
by smtp2.red.es (Postfix) with ESMTP
id AA8314655; Sat, 31 Jan 2004 14:17:31 +0100 (CET)
Received: from S7T6G.es (213-0-146-78.dialup.nuria.telefonica-data.net
[213.0.146.78])
by ns1.nic.es (Sendmail on Linux RedHat 7.3 (i386)) with ESMTP
id 0F69C1CCE; Sat, 31 Jan 2004 12:12:10 +0100 (CET)
From: cat@alertaantivirus.es
Subject: a trojan is on your computer!
Importance: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MSMail-Priority: Normal
Message-ID: <66442700624465.27492xsmail@alertaantivirus.es>
MIME-Version: 1.0
boundary="fe094554b9127e.bc76be2e4afef"
Date: Sat, 31 Jan 2004 12:12:10 +0100 (CET)
To: undisclosed-recipients: ;
X-Loop: informe-intermedio@alertaantivirus.es
X-Sequence: 294
Errors-To: informe-intermedio-owner@alertaantivirus.es
Precedence: list
X-no-archive: yes
List-Id: <informe-intermedio.alertaantivirus.es>
List-Help: <mailto:sympa@alertaantivirus.es?subject=help>
List-Subscribe:
<mailto:sympa@alertaantivirus.es?subject=subscribe%20informe-intermedio>
List-Unsubscribe:
<mailto:sympa@alertaantivirus.es?subject=unsubscribe%20informe-intermedio>
List-Post: <mailto:informe-intermedio@alertaantivirus.es>
List-Owner: <mailto:informe-intermedio-request@alertaantivirus.es>
List-Archive: <http://sympa/wws/arc/informe-intermedio>
email Siga el debateRespuesta 6 respuestasRespuesta Tengo una respuesta

Preguntas similare

Mostrar todos los temas similares

Leer las respuestas

#1 JM Tella Llop [MVP Windows] ·
31/01/2004 - 23:02 | Informe spam
Los mensajes de conocidos y mucho más desconocidos con adjuntos deben borrarse inmediatamente.


Jose Manuel Tella Llop
MVP - Windows

http://www.multingles.net/jmt.htm
Este mensaje se proporciona "como está" sin garantías de ninguna clase, y no otorga ningún derecho.
This posting is provided "AS IS" with no warranties, and confers no rights.
You assume all risk for your use.


"Maria Garcia" wrote in message news:


Hola, disculpen el crosspotting pero necesito opiniones.


Acabo de recibir un email, con un ejecutable, que por razones obvias no
envío adjunto. Al final adjunto el encabezado, el cuerpo del mensaje
contiene lo siguiente:

**************
hi, I am from Austria and you'll don't believe me, but a trojan horse in on
your pc.
I've scanned the network-ports on the internet. (I know, that's illegal) And
I have found your pc. Your pc is open on the internet for everybody!
Because the lsass.exe trojan is running on your system. Check this, open the
task manager and try to stop that! You'll see, you can't stop this trojan.
When you use win98/me you can't see the trojan!!

On my system was this trojan, too! And I've found a tool to kill that bad
thing.
I hope that I've helped you!

Sorry for my bad english!

greets

********************************

No tengo amigos en Austria ;-) Ni enemigos que yo sepa. Os agradeceré
opiniones.

Saludos, MGarcia
****************************************************************************


Return-Path:
Received: from smtp2.red.es (smtp2.red.es [194.69.254.22])
by lmin01.st1.spray.net (Postfix) with ESMTP id AB1D49605;
Sat, 31 Jan 2004 12:28:16 +0100 (MET)
Received: from pasteur.nucleo.cpd (pasteur.dmz.cpd [172.16.250.208])
by smtp2.red.es (Postfix) with ESMTP
id 983E94B41; Sat, 31 Jan 2004 14:21:10 +0100 (CET)
Received: by pasteur.nucleo.cpd (Postfix on SuSE Linux 8.0 (i386), from
userid 502)
id DD041D0B; Sat, 31 Jan 2004 12:14:45 +0100 (CET)
Delivered-To:
Received: from smtp2.red.es (unknown [172.16.250.33])
by pasteur.nucleo.cpd (Postfix on SuSE Linux 8.0 (i386)) with ESMTP
id 409CA8D6; Sat, 31 Jan 2004 12:11:17 +0100 (CET)
Received: from ns1.nic.es (unknown [172.16.250.30])
by smtp2.red.es (Postfix) with ESMTP
id AA8314655; Sat, 31 Jan 2004 14:17:31 +0100 (CET)
Received: from S7T6G.es (213-0-146-78.dialup.nuria.telefonica-data.net
[213.0.146.78])
by ns1.nic.es (Sendmail on Linux RedHat 7.3 (i386)) with ESMTP
id 0F69C1CCE; Sat, 31 Jan 2004 12:12:10 +0100 (CET)
From:
Subject: a trojan is on your computer!
Importance: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MSMail-Priority: Normal
Message-ID:
MIME-Version: 1.0
boundary="fe094554b9127e.bc76be2e4afef"
Date: Sat, 31 Jan 2004 12:12:10 +0100 (CET)
To: undisclosed-recipients: ;
X-Loop:
X-Sequence: 294
Errors-To:
Precedence: list
X-no-archive: yes
List-Id: <informe-intermedio.alertaantivirus.es>
List-Help: <mailto:?subject=help>
List-Subscribe:
<mailto:?subject=subscribe%20informe-intermedio>
List-Unsubscribe:
<mailto:?subject=unsubscribe%20informe-intermedio>
List-Post: <mailto:
List-Owner: <mailto:
List-Archive: <http://sympa/wws/arc/informe-intermedio>



Respuesta Responder a este mensaje
#2 JM Tella Llop [MVP Windows] ·
31/01/2004 - 23:02 | Informe spam
Los mensajes de conocidos y mucho más desconocidos con adjuntos deben borrarse inmediatamente.


Jose Manuel Tella Llop
MVP - Windows

http://www.multingles.net/jmt.htm
Este mensaje se proporciona "como está" sin garantías de ninguna clase, y no otorga ningún derecho.
This posting is provided "AS IS" with no warranties, and confers no rights.
You assume all risk for your use.


"Maria Garcia" wrote in message news:


Hola, disculpen el crosspotting pero necesito opiniones.


Acabo de recibir un email, con un ejecutable, que por razones obvias no
envío adjunto. Al final adjunto el encabezado, el cuerpo del mensaje
contiene lo siguiente:

**************
hi, I am from Austria and you'll don't believe me, but a trojan horse in on
your pc.
I've scanned the network-ports on the internet. (I know, that's illegal) And
I have found your pc. Your pc is open on the internet for everybody!
Because the lsass.exe trojan is running on your system. Check this, open the
task manager and try to stop that! You'll see, you can't stop this trojan.
When you use win98/me you can't see the trojan!!

On my system was this trojan, too! And I've found a tool to kill that bad
thing.
I hope that I've helped you!

Sorry for my bad english!

greets

********************************

No tengo amigos en Austria ;-) Ni enemigos que yo sepa. Os agradeceré
opiniones.

Saludos, MGarcia
****************************************************************************


Return-Path:
Received: from smtp2.red.es (smtp2.red.es [194.69.254.22])
by lmin01.st1.spray.net (Postfix) with ESMTP id AB1D49605;
Sat, 31 Jan 2004 12:28:16 +0100 (MET)
Received: from pasteur.nucleo.cpd (pasteur.dmz.cpd [172.16.250.208])
by smtp2.red.es (Postfix) with ESMTP
id 983E94B41; Sat, 31 Jan 2004 14:21:10 +0100 (CET)
Received: by pasteur.nucleo.cpd (Postfix on SuSE Linux 8.0 (i386), from
userid 502)
id DD041D0B; Sat, 31 Jan 2004 12:14:45 +0100 (CET)
Delivered-To:
Received: from smtp2.red.es (unknown [172.16.250.33])
by pasteur.nucleo.cpd (Postfix on SuSE Linux 8.0 (i386)) with ESMTP
id 409CA8D6; Sat, 31 Jan 2004 12:11:17 +0100 (CET)
Received: from ns1.nic.es (unknown [172.16.250.30])
by smtp2.red.es (Postfix) with ESMTP
id AA8314655; Sat, 31 Jan 2004 14:17:31 +0100 (CET)
Received: from S7T6G.es (213-0-146-78.dialup.nuria.telefonica-data.net
[213.0.146.78])
by ns1.nic.es (Sendmail on Linux RedHat 7.3 (i386)) with ESMTP
id 0F69C1CCE; Sat, 31 Jan 2004 12:12:10 +0100 (CET)
From:
Subject: a trojan is on your computer!
Importance: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MSMail-Priority: Normal
Message-ID:
MIME-Version: 1.0
boundary="fe094554b9127e.bc76be2e4afef"
Date: Sat, 31 Jan 2004 12:12:10 +0100 (CET)
To: undisclosed-recipients: ;
X-Loop:
X-Sequence: 294
Errors-To:
Precedence: list
X-no-archive: yes
List-Id: <informe-intermedio.alertaantivirus.es>
List-Help: <mailto:?subject=help>
List-Subscribe:
<mailto:?subject=subscribe%20informe-intermedio>
List-Unsubscribe:
<mailto:?subject=unsubscribe%20informe-intermedio>
List-Post: <mailto:
List-Owner: <mailto:
List-Archive: <http://sympa/wws/arc/informe-intermedio>



Respuesta Responder a este mensaje
#3 Maria Garcia
01/02/2004 - 00:14 | Informe spam
Gracias a ambos!

"Ignacio Adasme [MS MVP]" escribió en el mensaje
news:%
Hola,
lsass.exe no es un Virus sino un proceso critico del sistema operativo.
descarta ese mail y no ejecutes para nada lo que trae adjunto.

Probablemente Mydoom worm
Mira el siguiente enlace.
http://www.microsoft.com/security/a...mydoom.asp


Saludos,
Ignacio A.
MS MVP

(Quita NO-SPAM si quieres escribirme)
Respuesta Responder a este mensaje
#4 Maria Garcia
01/02/2004 - 00:14 | Informe spam
Gracias a ambos!

"Ignacio Adasme [MS MVP]" escribió en el mensaje
news:%
Hola,
lsass.exe no es un Virus sino un proceso critico del sistema operativo.
descarta ese mail y no ejecutes para nada lo que trae adjunto.

Probablemente Mydoom worm
Mira el siguiente enlace.
http://www.microsoft.com/security/a...mydoom.asp


Saludos,
Ignacio A.
MS MVP

(Quita NO-SPAM si quieres escribirme)
Respuesta Responder a este mensaje
#5 akira
01/02/2004 - 10:28 | Informe spam
la güeb de las minúsculas
www.aldeavirtual.com/espana/puppetmaster
Maria Garcia escribió en el mensaje de noticias



Hola, disculpen el crosspotting pero necesito opiniones.


Acabo de recibir un email, con un ejecutable, que por razones obvias


no
envío adjunto. Al final adjunto el encabezado, el cuerpo del mensaje
contiene lo siguiente:

**************
hi, I am from Austria and you'll don't believe me, but a trojan horse in


on
your pc.
I've scanned the network-ports on the internet. (I know, that's illegal)


And
I have found your pc. Your pc is open on the internet for everybody!
Because the lsass.exe trojan is running on your system. Check this, open


the
task manager and try to stop that! You'll see, you can't stop this trojan.
When you use win98/me you can't see the trojan!!

On my system was this trojan, too! And I've found a tool to kill that bad
thing.
I hope that I've helped you!

Sorry for my bad english!

greets

********************************

No tengo amigos en Austria ;-) Ni enemigos que yo sepa. Os agradeceré
opiniones.

Saludos, MGarcia



****************************************************************************


Return-Path:
Received: from smtp2.red.es (smtp2.red.es [194.69.254.22])
by lmin01.st1.spray.net (Postfix) with ESMTP id AB1D49605;
Sat, 31 Jan 2004 12:28:16 +0100 (MET)
Received: from pasteur.nucleo.cpd (pasteur.dmz.cpd [172.16.250.208])
by smtp2.red.es (Postfix) with ESMTP
id 983E94B41; Sat, 31 Jan 2004 14:21:10 +0100 (CET)
Received: by pasteur.nucleo.cpd (Postfix on SuSE Linux 8.0 (i386), from
userid 502)
id DD041D0B; Sat, 31 Jan 2004 12:14:45 +0100 (CET)
Delivered-To:
Received: from smtp2.red.es (unknown [172.16.250.33])
by pasteur.nucleo.cpd (Postfix on SuSE Linux 8.0 (i386)) with ESMTP
id 409CA8D6; Sat, 31 Jan 2004 12:11:17 +0100 (CET)
Received: from ns1.nic.es (unknown [172.16.250.30])
by smtp2.red.es (Postfix) with ESMTP
id AA8314655; Sat, 31 Jan 2004 14:17:31 +0100 (CET)
Received: from S7T6G.es (213-0-146-78.dialup.nuria.telefonica-data.net
[213.0.146.78])
by ns1.nic.es (Sendmail on Linux RedHat 7.3 (i386)) with ESMTP
id 0F69C1CCE; Sat, 31 Jan 2004 12:12:10 +0100 (CET)
From:
Subject: a trojan is on your computer!
Importance: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MSMail-Priority: Normal
Message-ID:
MIME-Version: 1.0
boundary="fe094554b9127e.bc76be2e4afef"
Date: Sat, 31 Jan 2004 12:12:10 +0100 (CET)
To: undisclosed-recipients: ;
X-Loop:
X-Sequence: 294
Errors-To:
Precedence: list
X-no-archive: yes
List-Id: <informe-intermedio.alertaantivirus.es>
List-Help: <mailto:?subject=help>
List-Subscribe:
<mailto:?subject=subscribe%20informe-intermedio>
List-Unsubscribe:
<mailto:?subject=unsubscribe%20informe-intermedio>
List-Post: <mailto:
List-Owner: <mailto:
List-Archive: <http://sympa/wws/arc/informe-intermedio>



Respuesta Responder a este mensaje
Ads by Google
Help Hacer una preguntaSiguiente Respuesta Tengo una respuesta
Search Busqueda sugerida