SirCam and the Parents
Aug 19, 2001 | Q

Last week, I had dinner with my parents, and one of the topics of conversation was how idiotic someone has to be, in this day and age, to open an attachment without explicitly knowing what it is. Today, I got a call from my parents, asking how to fix the damage that occurred when my dad opened up an attachment that was infected with SirCam. I’m truly stunned — the man can operate on someone’s abdomen, but he can’t figure out comptuer viruses. (For future reference, Symantec has a removal tool that seems to do its job quickly and well.)

Comments

You’re missing out on a geeky good time if you delete SirCam files instead of taking the SirCam code out of them. To remove SirCam from a file, open it in a hex editor such as UltraEdit-32 and delete the first 137,216 bytes. Sometimes, you have to delete some additional bytes, but if you know what to look for (Word and Excel files begin with the bytes D0 CF 11, for example), you can usually remove the virus from a file, rename it to remove the “.lnk”, “.com”, “.exe”, or “.bat” extension added by SirCam, and open it normally.

• Posted by: Rogers Cadenhead on Aug 20, 2001, 12:57 PM

There’s also a utility called ClipSirc that will do that for you. I blogged it. See lake effect for more info.

From what I received, I found several boring, pointless things, and one very private (but frankly uninteresting) document. YMMV, depending on how much you dig voyeurism.

• Posted by: Dan Hartung on Aug 22, 2001, 6:14 PM

I’ve received mostly business documents that aren’t interesting nor confidential. And (possibly because of my spanish domain name), I have received a slew of Spanish-language versions, none of which I have the patience to translate.

• Posted by: Jason Levine on Aug 22, 2001, 6:54 PM
Please note that comments automatically close after 60 days; the comment spammers love to use the older, rarely-viewed pages to work their magic. If comments are closed and you want to let me know something, feel free to use the contact page!