Computer Virus Found. Unlike any other?

Factual Questions
1

Hey,

Today was a bad one. My friend recieved an email from his friend of Bill Clinton giving some of the female interns, well. HeaD. My friend forwarded it to me in amazement.

Well. What wasnt in the email was a JPG, rather a 20 page, and I mean 20 PAGE code. Unlike any other I have ever seen. And I have had programming experiance with C++, vB, and qB.

I could have written what was infront of me with my eyes closed. It Was Random,.

Here is an exert from it:

ajbv/adkwenmnva/eoijbv a092345u sdv wopihjennngj}
asdlfkj//ak3lnwetlknlvs09843jlkads/f/afjoj43tjlka
aldnflng4op934m.bvkjewro9u4hjal;/ajf0934uliergoig

Times that (above) by about 34 million , and that is what you had.

??? Is it understandable?

Anyway, after veiwing that email, without suspicion, I closed IE and on my desktop, all my text files had changed icons. So I searched under find files/folders for *.txt. And every txt file had a changed icon. So then i searched for this icon, because I had never seen this one before, and it was no where to be found.

Then, it all turned into one big shit sandwich. My computer reset itself 6 times in one hour while I was trying to figure out the problem with my sound card, WHICH WAS CAUSED BY THIS VIRUS… It had gotten worse and worse, from one channel not working off my stereo amp, to a scratchy noise, so loud you couldnt hear music , and then nothing. No sound at all. Not on cd’s, games or mp3’s.

Now I was REALLY _____ off…

My ‘start’ menu button had dissapeared. And the files/progs on my desktop couldnt be opened…

Next time my computer had reset, without my permission, I could use my start menu button again, and icons, and I ran a nortons virus check. NOTHING. there were no viruses found on my system…

Has anybody come across such a pile of toothpaste with pinch of turd?

Please, tell me how to end this misery. and I will grant you THREE wishes.

Regards,
UD

2

I cant even tell what type of computer it is or what operating system you are using. Not enough information.

What makes you think it wasn’t just an encoded JPG ? They look just like what you typed when they are encoded & could have easily been 20 pages.

Sorry, but you didn’t give enough information for me to suggest a cure.

3

This is not authoritative, but I’ve found that on my system (Win 98, IE 4.0) that the file icons in directory listings sometimes randomly change when viewed from IE. The condition occurs only after opening a large number of web pages and is temporary; everything returns to normal once I close IE.

For the rest of the problems cited in the OP, no idea; at the very least it is necessary to know the name + extension of the downloaded file. If the file downloaded was not an executable, there is no way that it could have done any damage. If it was, all bets are off.

4

Don’t know if this has anything to do with it, but let’s all wish this Argentinian youngster a long, painful trip to hell.

5

Here’s a possibility for what might have happened.

MS Windows has a specal type of file with the extension SHS or SHB that can propagate a virus. This kind of file is normally used by Windows for internal purposes so its actual extension is almost never visible unless you change a particular setting in Explorer. What is sometimes done by virus writers is to create an infected file and give it two extensions, like PICTURE.JPG.SHS. The unfortunate recipient will see PICTURE.JPG, click on it and get infected.

For more info, search on SHS and Virus.

6

The code is just the standard uuencoded file (you can tell easily if each line is exactly the same length – and it looks that way from your excerpt). E-mail converts any file attachment into ASCII text. Most e-mail software these days does this automatically, so it shows up as an icon. However, the encoding/decoding still has to occur.

Sometimes, the mail gets garbled in transit and the recipient’s software doesn’t convert the coded ASCII text. then you get lines and lines of code – all the same length.

In this form, the file is harmless. It needs to be decoded first, even if it was the most dangerous virus in the world. If you have a virus, it could not have come from that e-mail.

As to the symptoms, I know of no virus that can affect the sound card, so the sound card problems have another source, possibly something going wrong with the card. It’s possible that the vanishing icons can be tied in with that, or with some software that’s corrupted and is messing with your system. The trick is to track down the source. If you’re using Window Me, the cure is simple: use System Restore to put the setting back to where it last worked. Otherwise, try reinstalling any software that has to do with your sound card (you can delete the sound card from the device manager and see if it reinstalls, but have the disks for your card handy before your try this).

Bottom line: even if the e-mail you described was a virus, it could not have affected your computer (especially since you never ran it). That would explain why the virus scanners found nothing (but try the free online scanner at http:\houscall.antivirus.com if you want to check again).

7

Update:

I am running Win 98, version 2, with 64 megs RAM and 40x cd rom, 10.2gig hard disk.

This has only happened in the last 20 minutes, but now my cd rom isnt working either!!

There is power running to it, because my controller works, although the cd’s cannot be read. this is all too coincidental.

I am at breaking point with this thing… ’

This may give more clues?!!?

"------=_NextPart_000_223d_2ad7_3b5d
Content-Type: application/msword;
name=“If Men TRULY ran the world.doc”
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename=“If Men TRULY ran the world.doc”
BUT, the first few lines after that are:

“0M8R4KGxGuEAAAAAAAAAAAAAAAAAAAAAPgADAP7/CQAGAAAAAAAAAAAAAAABAAAAMAAAAAAAAAAA
EAAAMgAAAAEAAAD+////AAAAAC8AAAD/////////////////////////////////////////////
////////////////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////////////////
///////////////////////////////////////////////////////////////////////////s
pcEANyAJBAAA8BK/AAAAAAAAEAAAAAAABAAAJxEAAA4AYmpialUWVRYAAAAAAAAAAAAAAAAAAAAA
AAAJBBYAJSwAADd8AAA3fAAAJw0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD//w8AAAAA”

I have noticed in the 4th to last line the word pc, then after the character “E”, it has ANy. Could this tie in with pcANYWHERE (which i have ) ???

Thanks for your replies…

I will cut and paste more of the text after this line… (read it if you wish.)
IAWLc3wh0L0rIE+K3qBJJoNy+oEYUUDXBQ2ItDqiAD+kYygibx8BGv39lj1AxKJB9QMQKA3AwYez
7r3uFx772r6DjP6ibddNRvz1YuCkKIWcYeysNwt1J2nAfy3onxp9RVo5RWb88Y90Qh+85XWIMhL0
AbB2dhwMA+0LhX4HG31GyHUMTnbFn+YCyoHxBlYgCPcPlh5Q2EB6B4dP3K4S8b/UiTWFwXnTDnMI
38o+KMxTtYQ+r8uIe33V2leOnqQfMeYlzohTkSERR7sPYkA9wAo95AQMHS3TqPX8tdhpoD1I24Ll
PzdxxXzgAvcphrFQSdAATE+wLYen5K4lOPXqRCDYS84oATJlHzSjhzEoCPf3AAiCA93T22D3fTXV
Pxy9SNVwVY3OaESAqxlfLTxNn2fEID29vy9hKFugDW/eK/HTYWn57bWwNx7AiNobQ2u9jjyeWRkS
lFCDOMbiiiiciRSFHqYR6FDwC96mRSqtInhtyq1Vmu4JLjzyNxrAMJ2plz3LT4/JY2nJOUHD03cY
vnKlOAdv1QAtgtbpesgeaN9SV0JBJzPxJn2AICDfDGYAa/v7kDeFeeTj/wCpQQxzftv44bvEREDY
cxEAv7g+W6V9n0F6k50SoBzbxooAUSmWLh7IDje/W/yw9evsrhb8e/UmbkVIHODHlfNG/criDI4l
6W+ERbdK76eifUmTSMn+2niigm7QBU+GMhMHb7h+X9vtrpJaA9SkhlL828aMXuumJsQZGHqA3AQ+
WAAsI9PGsHy3h3z5zDKdeZtMcvMTeZXrB66d4hNFxZBqs1+fTBF2URRb2WIomAFMkoAkGwe3rWxm
2j/UpbOHa48ycOdFdHMYEl8PbCROxQKUEylQDtAbXEL/ALtdo+l/Uo8o5icwsIFcEwKmiOGtgIYb
3Ewn8gRAfyFH8ldVrp31N0SJpq8tNfLAn4rHxRIxzWAfrWZkDqI9bUDT/qch3lHllrztG4lP+FUh
NcQ6Bb5O1r1g+y+LHqD7dwWY17nvJnXMzjk0ZsZ23DGARVA7VYjlFVNZNqU6Z01UyiUxev01myGn
vU5bgmUOV2u1SJNyoFIpi5DdwkL2goY3yfcJh8RG/j7K7Qap9TkpbByj1moYTFEe7FgCwB4gAg19
t+v+tXD+qT1OxEwjyr1uW9rAGLEEA6B4XZ18NdPepoUSqLcqNbkcFN2KKlxNI51kwERL5h/kyD0v
0APD312FNT+pudQpycqNbEKUolFMMVKBR6AAGG7URv0v4+P0UQ1J6mSRCB+1LrUygqiddb8Jk7jh
2gAAYStSgPh7gH6a1Dunhnzz5AYiXBdn8ldfTmMpSjeWRZJY6ZoYHDXu8o3mINinsAHEO29h9tbl
R1B6kzdii3Q5Va7TM3TTQRSDD0+0E0wsBu/yvrW9nbbpXZPqX1JlEAQHldr1ETJCUzpPDkxUAw+A
h3E7R/Lb81YsHHD1ABy1hnq/J3XbrMo6IUg2k8th5BVJHrrkcrtilAoJgU6iZDGMBAMPaAXAKyU2
pPUoFE5g5Ya+Bwc4mBH8HJdhQHp2gfyhGwB1C5b39tcCmnfUrOZQC8ucDImfvADFw5ABKA/VEAFA
ev5R6fTXGXT3qYdpSDy2wCwGuKv4RRE1htcLfLWsHW3/ANduyGnfUmuN+XWCeNg/yMQ8PC/8F426
/lotpv1I1xKb9r7B2wgCYCRHC29hEniPxJiPxfpf1LVikBxn9QbHJ7L8kjuXeGjL5y7bPcicrYc3
P5qjNuVqgBQ8sAIUiRAKAB+XxuNe8to71JVjqnDmdiKAKCUQInhjMAJ2haxboD4+29dUmhfUnIgd
H9tjGDCc3cC5sNZCcvURsA/L2t1t4V1zcefUfUUTWV5q4qouh3C3cmwmOOoQTBYQKcWtygPttXH+
zv6kPeop+25jYqKgUDqDhrDuDt9gG+WvYfb766o8bfUh8tNInOKBQImQ5LJYkyT7u/oJjdrYLj7h
HrXw340eo43VSVT5vwBTJpil3fhBiI2NYBEf4t1N9Nd19xw9RxwmRNPnZElBup9icmHsUDHIBQsK
gkSMIjf2dffetebL4Kc1NzYkTDdo8zInLMdTft5QYFbFUUUVXTU3mI+Ys2FFXtKb2eH0VbnENnDO
KjGbsURdNWiKLkW4CVHzCJlKbyym6gW4dAH2V//Rv8pSvkvd17reI2t7vZX1SlKUpSlK+e4e/t7B
t237+lvHw8b19UpSlKUpSlKUpSlKUpSlKUpSlKUpSlKUpSlKUpSvwRtb6RtX7SlKUpSlKUpSlKUp
SlKUpSv/0r/KUpSlKUpSlKUpSlKUpSlKUpSlKUpSlKUpSlKUpSlKUpSlKUpSlKUpSlKUpSlKUpSl
KUpSlKUpX//Z

(although all the text is justified)

Regards,
UD

8

That’s a Word document in MIME format. It won’t do anything by itself unless you open it in Word. But if you did open it in Word, it may have given you a macro virus.

No, the strings in it like “pcEANy” don’t have any meaning.

View the message source and see if there’s any scripts or things besides that attachment. What e-mail program are you using?

9

FYI, the “corrupted icons” thing could be a symptom of an insidious bug that has existed since Win 95 and maybe before. Indeed, even Microsoft’s (albeit unofficial) TweakUI applet offers to fix it for you (TweakUI/“Repair” tab/“Rebuild icons”)

10

I cannot in any way be considered an expert, but this really sounds like a hardware problem. I suspect the power supply, though the sound card should also be loked at suspiciously.

I would recommend physically disconnecting the sound card first, and if the problem doesn’t go away, try to borrow a power supply and try that.

Second DarrenS on the Icon fix. With W9x, Tweak UI is your best friend.

11

Have you tried uuunencode on the file?

12

It’s base64, not uuencode. And why decode it if he hasn’t done it already? At best it’s a pointless e-mail; at worst it’s infected with a macro virus.

13

Okay,

My cd rom drive is back online.

That is one thing sorted,

BUT, I have already tried taking my sound card out, uninstalling the drivers, then putting it back in, then installing the drivers. NOTHING.

The power supply is not to blame. I have two computers here, and I have done as ** pmh ** said, which was to try a different power supply. So I took the power supply, which is working fine, out of my 2nd computer, and put it into the buggered computer. It still acts up. Thankyou for your thoughts though.

Coincidentally, the week before all this started, I purchased a 5 CH sound card. My guess is this one will work. Well. I will keep you posted ya.

Thanks for your replies.

Regards,
UD