Re: Erotic girls blowjobbing executive men
Name
good for you folks with anit-virus software?
<quv...@yahoo.com> wrote in message news:V9%Cd.42282$Yt1....@fe08.lga...
> please find pictures attached
>
>
--------------------------------------------------------------------------------
>
>
The Ghost In The Machine
<e...@maill.add>
wrote
on Thu, 06 Jan 2005 07:02:36 GMT
<go5Dd.1916$v76...@newsread3.news.pas.earthlink.net>:
> Damn anti-virus deleted the pictures before I could view them. Were they
> good for you folks with anit-virus software?
>
> <quv...@yahoo.com> wrote in message news:V9%Cd.42282$Yt1....@fe08.lga...
>> please find pictures attached
>>
>>
$ uuencode < post
$ unzip pic003.zip
$ strings pic003.scr
...
T : ception occuru!
:Nop
if not -i{ "%s" g
...
KERNEL32.DLL
ADVAPI32.DLL
CRTDLL.DLL
SHELL32.DLL
USER32.DLL
WININET.DLL
WS2_32.DLL
LoadLibraryA
GetProcAddress
ExitProcess
RegCloseKey
atoi
ShellExecuteA
wsprintfA
InternetOpenA
bind
and then there's the message at the top which strings for some
reason is filtering out, but 'vi' can readily see:
This program cannot be run in DOS mode.
ICON.ICO also shows up under 'vi', interspersed with NULs.
Presumably this is 'W' format.
$ file pic003.scr
pic003.scr: MS Windows PE 32-bit Intel 80386 GUI executable
not relocatable
$
If there's a picture in there, which I doubt, it's lodged
along with something else which can do process control,
registry edits, and execution of another program somewhere.
In short, a garden-variety piece of Windows-specific trojan malware.
Caveat emptor.
[.sigsnip]
--
#191, ewi...@earthlink.net -- insert random "pr0n" here
It's still legal to go .sigless.