[POSSIBLE VIRUS:###] Interview with Robert Dean

James Conway jwc at snf.stanford.edu
Fri Mar 18 09:23:56 PST 2005


Hello Janine:



Just for your information:

The virus was contained in the Resume.doc and appears with a 
filename.***.zlo extension. (Resume.doc.zlo)  I identified it this 
morning as the W32.MYDOOML at mm virus and today's semantic antivirus 
definitions file has this new variant's definition in it's package. 
These are old yet persistent level two viruses that have been wandering 
around and creating backdoors on many systems.

I too run the same software including spysweeper on my system and it did 
not catch it as of yesterday until the noon sweep I ran on my system 
just after I received your message.   On launch of my PC today it 
flagged me again as evidently the attachment and your previous email was 
not deleted from the trash directory of my mailer app. despite me 
manually deleting it.

  The SNF network and SU has been swamped with these problems since 
about noon Thursday last week.

I have also seen several others on several other PC's I administrate 
this week at SNF:
 Alexa 
<http://securityresponse.symantec.com/avcenter/venc/data/spyware.alexa.html> 
-- W32.NETSKY at dd 
<http://www.sarc.com/avcenter/venc/data/w32.netsky.u@mm.html> --several 
morphs of W32.MYDOOML at mm 
<http://securityresponse.symantec.com/avcenter/venc/data/w32.mydoom.l@mm.html>   
--> [Removal tool information 
<http://securityresponse.symantec.com/avcenter/venc/data/w32.mydoom@mm.removal.tool.html>] 
I attached the removal tool for this one.

I see other email from you in the queue. 

If you have a clean copy of the resume.doc go ahead and send it to me again.

Thank you,

James Conway


Janine Hannibal wrote:

>James,
>
>I appreciate your concern but I run a virus program (with updated
>definitions) and spysweeper every single day. I do not have a virus.
>
>Thank you.
>Janine
>
>____________________________________________________________________________
>___________________________________________________
>Janine Hannibal . Stanford University . 330 Serra Mall . Room CISX204 .
>Stanford, CA . 94305-4075 . ph:650-724-0068 . janineh at stanford.edu
>
>-----Original Message-----
>From: James Conway [mailto:jwc at snf.stanford.edu] 
>Sent: Thursday, March 17, 2005 12:53 PM
>To: janineh at stanford.edu
>Cc: computer at snf.stanford.edu
>Subject: Re: [POSSIBLE VIRUS:###] Interview with Robert Dean
>
>janine:
>
>You likely have a virus in your email attachment resume2.doc.zm9 file 
>and your system may have been compromised.
>I have been seeing a lot of this problem with attachments on the network 
>this week.
>
>Please update your virus definitions and run spy sweeper.
>I would recommend you go to the stanford essential system software and 
>download and install all the appropriate spy ware and antivirus software 
>they recommend.
>
>Could you please printout the resume for me and drop it off to me when 
>you can.
>
>Thank you,
>
>James Conway
>
>
>
>
>Janine Hannibal wrote:
>
>  
>
>>Hello Everyone,
>>As per Paul's message, I will be setting up an interview with Robert Dean.
>>Will you let me know several available days/times so I can have him come in
>>to see as many of you as possible in one visit?
>>
>>Thanks so much for your assistance.
>>Janine
>>
>>___________________________________________________________________________
>>    
>>
>_
>  
>
>>___________________________________________________
>>Janine Hannibal . Stanford University . 330 Serra Mall . Room CISX204 .
>>Stanford, CA . 94305-4075 . ph:650-724-0068 . janineh at stanford.edu
>>-----Original Message-----
>>From: Paul Rissman [mailto:rissman at stanford.edu] 
>>Sent: Thursday, March 17, 2005 11:20 AM
>>To: Janine Hannibal
>>Cc: Mary Tang; John Shott; jwc at stanford.edu; Mahnaz Mansourpour; Ed Myers;
>>Robert Dean
>>Subject: Fwd: [POSSIBLE VIRUS:###] process and ebeam guy
>>
>>Hi Janine,
>>
>>Can you setup an interview with (Mary/John/Mahnaz/James Conway/Ed) with 
>>Robert Dean?
>>
>>Thanks,
>>
>>Paul
>>
>> 
>>
>>    
>>
>>>X-Sieve: CMU Sieve 2.2
>>>X-Ironport-AV: i="3.90,114,1107763200";
>>>  d="scan'208,32,48"; a="106900170:sNHT48841956"
>>>To: rissman at stanford.edu
>>>Subject: [POSSIBLE VIRUS:###] process and ebeam guy
>>>Sensitivity:
>>>X-Mailer: Lotus Notes Release 6.5.2 June 01, 2004
>>>From: Robert_Dean at Etec.com
>>>Date: Thu, 24 Feb 2005 10:08:49 -0800
>>>X-MIMETrack: Serialize by Router on EMAUSTGW02/APPLIED MATERIALS(Release 
>>>6.5.2|June 01, 2004) at
>>>02/24/2005 12:08:53 PM
>>>
>>>
>>>Hi Paul,
>>>
>>>I got an email from Bob Sills about a job possibilty in your group at 
>>>Stanford. The job, as it is described, is to interface with vendors, do 
>>>processing and exposures. This sounds like a good fit to me as I have been
>>>      
>>>
>
>  
>
>>>doing resist development, process development and e-beam evaluation on all
>>>      
>>>
>
>  
>
>>>MEBES tools for 20 years at Etec. As of the end of March I will not be at 
>>>Applied/Etec and will be looking for a job. I've taken the liberty of 
>>>attaching a resume.  I do need a couple of things. First, the job must be 
>>>full time and second I have a minimum salary requirement that must be met.
>>>      
>>>
>
>  
>
>>>If you are interested or want to talk about it give me a call.
>>>
>>>Thanks,
>>>
>>>Robert Dean
>>>(510) 552-0443
>>>
>>>
>>>
>>>
>>>
>>>The content of this message is Applied Materials Confidential.  If you are
>>>      
>>>
>
>  
>
>>>not the intended recipient and have received this message in error, any 
>>>use or distribution is prohibited.  Please notify me immediately by reply 
>>>e-mail and delete this message from your computer system.  Thank you.
>>>   
>>>
>>>      
>>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://snf.stanford.edu/pipermail/computer/attachments/20050318/d73decd8/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: FxMydoom.exe
Type: application/x-msdownload
Size: 161416 bytes
Desc: not available
URL: <http://snf.stanford.edu/pipermail/computer/attachments/20050318/d73decd8/attachment.bin>


More information about the computer mailing list