null@192.168.0.20

gpint · February 7th, 2001, 09:38 AM

Does anyone know anything about an email that is received with the return address of null@192.168.0.20 (this is the ip address of the machine that sent the email).

Is this a virus? I searched the different antivirus sites and have not found anything.

February 7th, 2001, 09:47 AM

Ummm I think when I had a customers PC that was infected with the KAK virus, it had originated from an email that appeared to be sent from a NULL address. Be careful because if it IS KAK then it's a real bugger to get rid of. It causes Internet Explorer to crash when you visit the antivirus research centre (www.sarc.com) so I guess that's one way of finding out if you've got it or not! Happy virus hunting!!

------------------
[ i N S A N i T Y 2 0 o 1 ]

gpint · February 7th, 2001, 10:11 AM

Thanks for the quick response. I wasnt familliar with this version of the KAK virus, I checked the registry on the infected machine and it was there. Thanks for your help

February 7th, 2001, 03:21 PM

KAK is fairly easy to get rid of if you remember to fdisk /mbr with a clean, protected boot disk after you clean the system.

------------------
Sarchasm: The gulf between the author of sarcastic wit, and
the recipient who doesn't get it.

gpint · February 8th, 2001, 11:10 AM

I just found that this is not the KAK virus, but is W95.Hybris.Gen.dr

I couldnt find anything about it at sarc, does anyone know anything about this virus.
What it does, and how to get rid of it.

Jeff the Brit · February 8th, 2001, 12:20 PM

Go here for info : http://vil.nai.com/vil/dispVirus.asp?virus_k=98873

Free virus checkers that will cure your problem include F-Prot ( www.complex.is/f-prot ) and InnoculateIT ( www.cai.com )

Good luck !

------------------
Still scrambling up the learning curve ...

February 9th, 2001, 08:54 PM

W95.Hybris is a worm that spreads by email as an attachment to outgoing emails. It was discovered in late September of 2000. Although very few reports of infection were reported in October 2000 when the worm was discovered, the worm is becoming more common in November and December

The message may include the text "Snow White and the Seven dwarves" and the attachment may have one of several different names, including, but not limited to:

anpo porn(.scr
atchim.exe
branca de neve.scr
dunga.scr
dwarf4you.exe
enano porno.exe
joke.exe
midgets.scr
sexy virgin.scr

Use Norton AntiVirus to repair the infected WSOCK32.DLL. Other files detected as W95.Hybris contain only the virus body and must be deleted.

http://www.sarc.com/avcenter/venc/da...ybris.gen.html

------------------
Everywhere you go, there you are...

February 7th, 2001, 09:38 AM	#1
gpint Registered User Join Date: Aug 2000 Location: Minnesota Posts: 198	null@192.168.0.20 Does anyone know anything about an email that is received with the return address of null@192.168.0.20 (this is the ip address of the machine that sent the email). Is this a virus? I searched the different antivirus sites and have not found anything.

February 8th, 2001, 12:20 PM	#6
Jeff the Brit Registered User Join Date: Aug 2000 Location: Saltburn, Cleveland, United Kingdom Posts: 632	Go here for info : http://vil.nai.com/vil/dispVirus.asp?virus_k=98873 Free virus checkers that will cure your problem include F-Prot ( www.complex.is/f-prot ) and InnoculateIT ( www.cai.com ) Good luck ! ------------------ Still scrambling up the learning curve ... __________________ I think I know just enough to know how much I don't know... I think...

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

February 7th, 2001, 09:47 AM	#2
SiCkNuT Guest Posts: n/a	Ummm I think when I had a customers PC that was infected with the KAK virus, it had originated from an email that appeared to be sent from a NULL address. Be careful because if it IS KAK then it's a real bugger to get rid of. It causes Internet Explorer to crash when you visit the antivirus research centre (www.sarc.com) so I guess that's one way of finding out if you've got it or not! Happy virus hunting!! ------------------ [ i N S A N i T Y 2 0 o 1 ]

February 7th, 2001, 10:11 AM	#3
gpint Registered User Join Date: Aug 2000 Location: Minnesota Posts: 198	Thanks for the quick response. I wasnt familliar with this version of the KAK virus, I checked the registry on the infected machine and it was there. Thanks for your help

February 7th, 2001, 03:21 PM	#4
GirlGeek Guest Posts: n/a	KAK is fairly easy to get rid of if you remember to fdisk /mbr with a clean, protected boot disk after you clean the system. ------------------ Sarchasm: The gulf between the author of sarcastic wit, and the recipient who doesn't get it.

February 8th, 2001, 11:10 AM	#5
gpint Registered User Join Date: Aug 2000 Location: Minnesota Posts: 198	I just found that this is not the KAK virus, but is W95.Hybris.Gen.dr I couldnt find anything about it at sarc, does anyone know anything about this virus. What it does, and how to get rid of it.

February 9th, 2001, 08:54 PM	#7
jfesler Guest Posts: n/a	W95.Hybris is a worm that spreads by email as an attachment to outgoing emails. It was discovered in late September of 2000. Although very few reports of infection were reported in October 2000 when the worm was discovered, the worm is becoming more common in November and December The message may include the text "Snow White and the Seven dwarves" and the attachment may have one of several different names, including, but not limited to: anpo porn(.scr atchim.exe branca de neve.scr dunga.scr dwarf4you.exe enano porno.exe joke.exe midgets.scr sexy virgin.scr Use Norton AntiVirus to repair the infected WSOCK32.DLL. Other files detected as W95.Hybris contain only the virus body and must be deleted. http://www.sarc.com/avcenter/venc/da...ybris.gen.html ------------------ Everywhere you go, there you are...