What is this file name and what is it. Should I worry?

upd02.scr
.scr file

Is this a virus?

when did you get it and how?

Bevharrismail@aol.com

:wtf:

LOL

(of course not laughing at your misfortune of receiving the worm)

yahoo detected a problem.

or if you were targeted individually :scared:

in fairness, these worms use bogus (publicly available) email addresses to hide behind.

You should post the headers so we can find your culprit. The true FROM IP address will be in the headers.

1. Open the email (NOT the attachment)

2. Once open, look above the Delete/Reply/Forward/Spam.... buttons, on the far right for a link to Full Headers, click it.

3. Once you have the headers open, copy ALL the Received information (that will give us the IP address paths).

4. Paste the Received info here.

<69.140.106.155>
Return-Path: <bevharrismail@aol.com>
Received: from 69.140.106.155 (HELO ashok.com) (69.140.106.155) by mta198.mail.scd.yahoo.com with SMTP; Sat, 29 Jan 2005 10:46:16 -0800
Date: Sat, 29 Jan 2005 10:46:11 -0800
To: "Coppertop" <coppertop98125@yahoo.com>
From: "Bevharrismail" <Bevharrismail@aol.com>
Subject: Delivery service mail
Message-ID: <modhjnviiuwtjwidgqw@yahoo.com>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="--------rwbdtjvfbnlydncwwbot"
Content-Length: 18732

and just the RECEIVED lines (there should be several).

X-Apparently-To: coppertop98125@yahoo.com via 000.000.000.000; Sat, 29 Jan 2005 10:46:16 -0800
X-YahooFilteredBulk: 69.140.106.155
Authentication-Results: mta198.mail.scd.yahoo.com from=aol.com; domainkeys=neutral (no sig)
X-Originating-IP: <69.140.106.155>
Return-Path: <bevharrismail@aol.com>
Received: from 69.140.106.155 (HELO ashok.com) (69.140.106.155) by mta198.mail.scd.yahoo.com with SMTP; Sat, 29 Jan 2005 10:46:16 -0800
Date: Sat, 29 Jan 2005 10:46:11 -0800
To: "Coppertop" <coppertop98125@yahoo.com>
From: "Bevharrismail" <Bevharrismail@aol.com> Add to Address Book
Subject: Delivery service mail
Message-ID: <modhjnviiuwtjwidgqw@yahoo.com>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="--------rwbdtjvfbnlydncwwbot"
Content-Length: 18732

Your originating sender is inside the Comcast IP block of addresses:

Comcast Cable Communications, Inc. JUMPSTART-3 (NET-69-136-0-0-1)
69.136.0.0 - 69.143.255.255
Comcast Cable Communications, Inc DC15-NROCK1 (NET-69-140-0-0-1)
69.140.0.0 - 69.140.255.255

I don't think Comcast has any connection to AOL does it?

comcast HS internet at home now. Comcast is the provider. Hell I have comcast fer that matter.

AOL would interfacce with comcast...

But the originating IP was a Comcast address. That's entirely different than "interfacing."

Only Comcast can tell you which user was on THAT IP (the last 3 digits) at THAT exact moment.

Write to abuse@comcast.net and see if you can get the information. I doubt they will give it to you without an attorney and a subpoena, but you can try. The most likely outcome will be that they take an abuse/spam complaint and you'll never hear from them again.

it is simple to spoof an e-mail header...REALLY simple. Believe me, I know about this...so be careful about making any accusations. Any savvy virus sender will have spoofed the header. Anyway, it might be that the worm mailed out from an unsuspecting 'puter.

badly, evidently. ;-)

I'd have it tested for anthrax.

W32.Beagle.BA@mm

go to Symantec or another big AV vendor for a removal tool.

btw, post on the Computer Group if you need help.

possible bagel varient...

http://www.google.com/search?hl=en&q=upd02.scr&btnG=Google+Search

http://www.itweb.co.za/Sections/AARDVARK/Copy.asp?StoryID=149248

A new variant of the Bagle worm surfaced this morning and early security reports say it appears to be the year's most dangerous worm to date.

Two Bagle variants arrived in the last 24 hours, but only one appears to pose a real threat, says Justin Stanford, CEO of anti-virus vendor NOD32 South Africa

----snip---

A sample that NOD32 received from a client this morning carried the subject: "DELVERY FAILURE: User krzysztof.szubka" and carries the attachment: "upd02.scr".

Anti-virus vendor Symantec says it will issue a level two alert on the Bagle variant, adding that it has received reports from different countries, mostly from Europe and Asia.

google's your friend too. heheheh

:toast:

yes

I sometimes forget.

attachment am I okay ? I ran my Symantec virus scan and didn't find anything.

http://www.itweb.co.za/Sections/AARDVARK/Copy.asp?StoryID=149248

google's an old friend of mine :shrug:

supports our ideals!

Your's is the 2nd posting on DU about it
That's OK
In April, Pest Patrol found "PC Anywhere" installed in my desktop PC and I never installed it
Remote access programs installed on your PC are a bad deal
Whenever you find an app or entry which you do not know what it is,
for example your firewall tells you an app is trying to access the'Net
Google it and you will find out what it is
There are a couple of Apps which you can get which give you a bunch of info on the processes on your computer
Right now I have a 30 day free version of Security Task Manager
it's really cool,
but I think after the 30 days I'll get WinTasks 5- it really gives you a lot of info on the running processes and has a direct connection to the liutilities library

include *.exe, *.com, *.bat, *.scr, *.vbs and *.dll

The IP address 69.140.106.155 comes up as
pcp04417719pcs.nrockv01.md.comcast.net
which, although from comcast, appears to be from Rockville Maryland.
Unless Bev has moved recently....but, I don't think so.

More likely from someone who has both Bev's email and your email in their addressbook.

Sometimes these things pick an address to use as the 'from' line and then send to everyone else in the address book using THAT name.

HG

It is not likely her fault here. I frequently view websites like copvcia, whatreallyhappened, and infowars.com. All have complained in past of being hacked into and having false emails sent out. All have warned NOT to open these emails. And all have said the authorities were contacted, and guess what...nothing was done. Big surprise, huh? (choking on own sarcasm) Ask yourself, why would Bev be mailing you a file you don't even recognize? Don't want to sound paranoid folks, but if we believe democracy is being usurped, then the system is failing. And if it is failing the fascists will do anything in their power to keep from being exposed. Just be careful.