04-27-2004, 12:06 AM

ok... first off, if anyone knows anything about this, or has advice on how to fix this, please let me know.... im not going to go around repairing permissions or doing some crons task... so dont bother suggesting it....im a little tense at the moment, so excuse my slight sarcasm in some of my comments in this post...

this is my issue:

I have a mail account at college (penn state), and just today i recieved 2 messages (see image 1) from some U.S. National Bank or something... anyway, i knew it was fake... and just wanted to see what the link took me to (figuring it was either a funny webpage which asked to you put in your card number/pin on your ATM card, or something silly like that.)

So i opened the email... (see image 2) and that is what it said.

so, i click on the link..which is http://210.118.170.142/swf/ (WARNING... I DO NOT KNOW WHAT THAT SWF FILE DOES, CLICKING ON IT MAY INFECT YOUR COMPUTER)

so..i figured it was a flash file... swf.. but i failed to notice that it was a directory and not just a .swf... so clicking on the link did nothing at all...

notice, there was 2 of these messages... one with that link, and one with the link to the ip address alone... i clicked on the other link, which produced image # 3

ok... now... obviously it was some sort of virus or something... but anyway, it seemed to do nothing (like every other virus ive found... i click them for fun because nothing has ever previously affected mac...so ive tried to open the .exe files and stuff, or send them to my friends on winxp and stuff and laugh at them lol... )

anyway... what now happens is:

i click on a link in my inbox and what displays is image #2.... so i click on some other emails... and what i notice is, the virus switches the link of one email with the next... so i go to click on a message from a friend, and up pops a message from a forum... i click on the message from a forum, and up pops a tracked package from a few weeks ago....i click on the tracked package, and up pops an email from someone else...and so on... each link has a new destination...... although all the emails are still there, the links dont match up to what the title to them says they should be.

holy hell, someone help me!!!!!!!

if someone tells me to repair permissions i will make sure you get a virus!

04-27-2004, 12:26 AM

Get a virus?! Not bloody likey -- I was a doz boy too long! but what you are seeing is very strange but not a doz class virus... But it's quite strange, IP where that came from and such may help

04-27-2004, 12:31 AM

what are you telling me?

its not a virus? well its something.... go try to load the page with the IP/swf/ and tell me if it messes with your mail account ... if not, ill forward you the email, and you can give it a shot from there if you would like... but i guarantee you im not hallucinating or anything..and you can deny it all you want, but its on my computer...and i can give it to you to check out if you really want

04-27-2004, 12:32 AM

Quote:

Originally Posted by DualG5Lova

... if not, ill forward you the email, and you can give it a shot from there if you would like... but i guarantee you im not hallucinating or anything..and you can deny it all you want, but its on my computer...and i can give it to you to check out if you really want

What e-mail client received this?

04-27-2004, 12:38 AM

Someone e-mailed you links look to e-mails weeks older? Dude, this has been set up by your "friends" in PSU I bet

04-27-2004, 12:43 AM

its a university mail server.... psu.edu..

what are you getting at?

04-27-2004, 12:54 AM

Quote:

Originally Posted by witeshark

Someone e-mailed you links look to e-mails weeks older? Dude, this has been set up by your "friends" in PSU I bet

1. you misread what i said, whatever this "virus" (for lack of a better word) did to my mail, what is obvious that it did was scrambled my messages.... you know how you click on the email after reading the subject? and expect to get an email pertaining to that subject? well, its not...

2. none of my "friends" at psu could manage to do anything like this.. for one thing, its a big time offence to do what the phish was intended to do... which was make an email that collects bank information... the email was obviously set up to have you enter in your account information to a website that looked identical to a bank website, but instead of send it to the bank, it would just collect it and send it to the maker of the virus.

3. unless you have anything important to say, im not in the mood to hear the "repair permissions and crons tasks" lecture, nor in the mood to explain that yes, it really is a problem... the "big bad osx fortress" isnt so hard to break into when i clicked on the link.. pretty much saying "hey! hack me plz!"..... so i would rather hear something from someone who may have stumbled upon this somewhere on the web, or had this same thing happen to them, rather than the possibilities of my friends breaking through osx..

no offense...but currently im in the "instant gratification" mode... if you cant help me fix it, i really dont care to hear the stories of the "doz dayz"

04-27-2004, 01:10 AM

to add to the fun... the emails will not delete off the server

04-27-2004, 02:27 AM

Quote:

Originally Posted by DualG5Lova

to add to the fun... the emails will not delete off the server

I can imagine how frustrating something like that must be. My only to suggestions would be:

A) Make sure no one else on campus is experiencing similar problems, thus indicating a problem/infection with the server itself.

B) Purchase a Mac-specific anti-virus application. If there is indeed a virus infecting your machine, it will be difficult to remedy without such an application.

"C" would be to perform a complete format and reinstall of the OS, which is obviously a last resort.

BTW - This is completely unrelated, but you wouldn't happen to know a girl by the name of Jennifer Curley that attends your school, would you?

04-27-2004, 04:39 AM

…and "D" BACKUP! BACKUP! BACKUP! (or is that D, E and F?)

04-27-2004, 08:42 AM

Talk to ur admin and see what he has to say. Good luck.

04-27-2004, 10:35 AM

....um, what do you have against repairing permissions? This seems to me exactly the sort of problems that that would fix.

That IP address isn't giving me any info on Network Utility's Whois, and it didn't respond when I clicked it... so whatever that was it's probably down.

It sounds more like your mail itself got corrupted somehow, rather than Mail.app.

04-27-2004, 10:54 AM

i woke up this morning, after putting my G5 to sleep last night... when i hit the space bar, horizantal pink lines took up the entire screen... so i turned the computer off... then i powered it back up, and nothing worked... it was on, but no display.... i went and took a shower, came back, powered it on again, and its working....

i have no clue whats wrong.

btw... what i have against repair permissions is that it seems to be everyones solution to everything ... "oh your getting bad grades in school? try repairing permissions on your ibook..that might help"

anyway... i have repaired them...did not help

whatever it is, not only is on the server side, messing up my emails, but also on my side, affecting my computer in some weird way.

and no, i dont know jennifer.. sorry hehe

04-27-2004, 04:17 PM

What the hell are you smoking? There are no Mac OS X viruses were not on doz! It's just a permission's issue. Repair your permissions and run cron tasks, it's just a fault!

No one says that... ever.

04-27-2004, 04:38 PM

I just tried the page and nothing is loading on it