PC seems infected - cannot detect virus

Discussion in 'NZ Computing' started by steve, Sep 20, 2003.

  1. steve

    steve Guest

    Warwick wrote:
    > Hi,
    > I'd like to ask some questions of the group in general and particularly
    > those using xtra for email.
    >
    > I received 280 emails this morning.
    > About 1/3 are fake patches purporting to be from msoft, the rest are admin
    > messages re bounced emails that I didn't send (knowingly).


    Someone with a BIG address book (with you in it) has the virus and thew
    virus has used your address as the FROM: address.
     
    steve, Sep 20, 2003
    #1
    1. Advertising

  2. steve

    max Guest

    On Sat, 20 Sep 2003 16:27:24 -0700, "Warwick" <>
    wrote:

    >Hi,
    >I'd like to ask some questions of the group in general and particularly
    >those using xtra for email.
    >
    >I received 280 emails this morning.
    >About 1/3 are fake patches purporting to be from msoft, the rest are admin
    >messages re bounced emails that I didn't send (knowingly).
    >
    >This has all the hallmarks of a virus infection however AVG does not detect
    >any.
    >
    >Q.Are other xtra customers receiving multiple copies of the msoft patch
    >scam? or is it part of my ghost infection?
    >
    >
    >Q: Could the script have run and installed a trojan AVG don't know about?
    >
    >Q: Which one of the current viri in circulation best fits the symptoms?
    >Again other xtra customers getting bounced messages they did not send?
    >(seems vaguely reminiscent of Klez which spoofed the from field of emails
    >and caused this kind of confusion).
    >
    >
    >AVG did detect a script exploit in temporary internet files. The warning
    >popped up while I was surfing and I immediately ran the protection and
    >cleaned the script.
    >
    >All windows critical updates are installed and were installed during time of
    >infection. (if it is an infection).
    >
    >Sorry to have to draw on your collective wisdom here, but Ive been trawling
    >thru the symantec site and no viri seem to match symptoms properly.
    >AVG similairly updated to most current and reports a clean machine.
    >
    >cheers
    >Warwick
    >
    >
    >
    >
    >---
    >Outgoing mail is certified Virus Free.
    >Checked by AVG anti-virus system (http://www.grisoft.com).
    >Version: 6.0.520 / Virus Database: 318 - Release Date: 9/18/2003
    >


    I have had the same type of thing over the last few months. It is
    other peoples computers and not mine, as I am fully patched and
    protected. I hits my email address in waves, and lasts about a day
    before it stops. Get about 200 emails in that time. This type of thing
    is what will probably kill the internet in time.
     
    max, Sep 20, 2003
    #2
    1. Advertising

  3. steve

    max Guest

    On Sat, 20 Sep 2003 16:27:24 -0700, "Warwick" <>
    wrote:

    >Hi,
    >I'd like to ask some questions of the group in general and particularly
    >those using xtra for email.
    >
    >I received 280 emails this morning.
    >About 1/3 are fake patches purporting to be from msoft, the rest are admin
    >messages re bounced emails that I didn't send (knowingly).
    >
    >This has all the hallmarks of a virus infection however AVG does not detect
    >any.
    >
    >Q.Are other xtra customers receiving multiple copies of the msoft patch
    >scam? or is it part of my ghost infection?
    >
    >
    >Q: Could the script have run and installed a trojan AVG don't know about?
    >
    >Q: Which one of the current viri in circulation best fits the symptoms?
    >Again other xtra customers getting bounced messages they did not send?
    >(seems vaguely reminiscent of Klez which spoofed the from field of emails
    >and caused this kind of confusion).
    >
    >
    >AVG did detect a script exploit in temporary internet files. The warning
    >popped up while I was surfing and I immediately ran the protection and
    >cleaned the script.
    >
    >All windows critical updates are installed and were installed during time of
    >infection. (if it is an infection).
    >
    >Sorry to have to draw on your collective wisdom here, but Ive been trawling
    >thru the symantec site and no viri seem to match symptoms properly.
    >AVG similairly updated to most current and reports a clean machine.
    >
    >cheers
    >Warwick
    >
    >
    >
    >
    >---
    >Outgoing mail is certified Virus Free.
    >Checked by AVG anti-virus system (http://www.grisoft.com).
    >Version: 6.0.520 / Virus Database: 318 - Release Date: 9/18/2003
    >


    Well your system clock is stuffed for a start.
     
    max, Sep 20, 2003
    #3
  4. steve

    pbs Guest

    Warwick wrote:
    > Hi,
    > I'd like to ask some questions of the group in general and particularly
    > those using xtra for email.
    >
    > I received 280 emails this morning.
    > About 1/3 are fake patches purporting to be from msoft, the rest are admin
    > messages re bounced emails that I didn't send (knowingly).
    >
    > This has all the hallmarks of a virus infection however AVG does not detect
    > any.

    [snip]

    I am (Still) receiving 3-10 email a minute to the email address on
    this posting. So far I have received in excess 1000 emails with about
    a dozen different headers + some from ISPs who inform me that they
    have delete the attachment which was infected.

    The subject line varies but tends to have the word Microsoft in them.
    They seem to come in a pattern of 8 long ones with 3 attachments
    making a total size of 160K. Followed by a short one with 3
    attachments.

    As I use a Linux box all email to this address is going to
    /dev/null. :)

    I know that this address is compromised (as I use it for posting
    to the usenet, it has been well and truly trawled and placed onto
    one of those CD I get spammed about with subject lines like
    "Buy a CD of 1 Billion email addresses", "I'm a Nigerian scam
    artist" and "This is a product YOU must have".

    I think the emails are comming from someone who has bought a such a cd,
    a how to spam manual and a virus attack manual.

    The mind boggles as to what band width is being taken up with this
    stuff. Here an I in Wellington downloading it from a server in the
    UK and if I am getting this stuff so probably are other "billion email
    addresses on the CD"
     
    pbs, Sep 20, 2003
    #4
  5. steve

    Mainlander Guest

    In article <fFQab.153205$>,
    says...
    > Hi,
    > I'd like to ask some questions of the group in general and particularly
    > those using xtra for email.
    >
    > I received 280 emails this morning.
    > About 1/3 are fake patches purporting to be from msoft, the rest are admin
    > messages re bounced emails that I didn't send (knowingly).
    >
    > This has all the hallmarks of a virus infection however AVG does not detect
    > any.


    So it could be a new virus not yet detected by AVG.
     
    Mainlander, Sep 20, 2003
    #5
  6. steve

    Murray Guest

    And so Xtra's email virus filter does not work either....

    "Warwick" <> wrote in message
    news:fFQab.153205$...
    > Hi,
    > I'd like to ask some questions of the group in general and particularly
    > those using xtra for email.
    >
    > I received 280 emails this morning.
    > About 1/3 are fake patches purporting to be from msoft, the rest are admin
    > messages re bounced emails that I didn't send (knowingly).
    >
    > This has all the hallmarks of a virus infection however AVG does not

    detect
    > any.
    >
    > Q.Are other xtra customers receiving multiple copies of the msoft patch
    > scam? or is it part of my ghost infection?
    >
    >
    > Q: Could the script have run and installed a trojan AVG don't know about?
    >
    > Q: Which one of the current viri in circulation best fits the symptoms?
    > Again other xtra customers getting bounced messages they did not send?
    > (seems vaguely reminiscent of Klez which spoofed the from field of emails
    > and caused this kind of confusion).
    >
    >
    > AVG did detect a script exploit in temporary internet files. The warning
    > popped up while I was surfing and I immediately ran the protection and
    > cleaned the script.
    >
    > All windows critical updates are installed and were installed during time

    of
    > infection. (if it is an infection).
    >
    > Sorry to have to draw on your collective wisdom here, but Ive been

    trawling
    > thru the symantec site and no viri seem to match symptoms properly.
    > AVG similairly updated to most current and reports a clean machine.
    >
    > cheers
    > Warwick
    >
    >
    >
    >
    > ---
    > Outgoing mail is certified Virus Free.
    > Checked by AVG anti-virus system (http://www.grisoft.com).
    > Version: 6.0.520 / Virus Database: 318 - Release Date: 9/18/2003
    >
    >
     
    Murray, Sep 20, 2003
    #6
  7. steve

    Ralph Fox Guest

    On Sat, 20 Sep 2003 17:45:35 +1200, in article
    <>, max wrote:

    > Well your system clock is stuffed for a start.



    Warwick's system clock will look right to him (correct time of day
    showing in the clock), but he has his time zone set to California
    time.

    His message says it was posted Saturday 16:27 California time
    which is Sunday 11:27 New Zealand time.

    All our posts will look to Warwick as if they were backdated 19 hours.


    --
    Cheers,
    Ralph

    "There is only one boss, the customer. And he can fire everybody in
    the company from the chairman on down, simply by spending his money
    somewhere else." -- Sam Walton
     
    Ralph Fox, Sep 20, 2003
    #7
  8. steve

    Guest Guest

    ISP rebates for viruses (was PC seems infected - cannot detect virus)

    When a new virus or worm is unleashed, say on the 18th September, then you
    can expect that its signature will not be contained in the virus scanners
    like F-Prot, McAfee, Symantec until it has been detected, reported and
    assesessed. Typically, this may take 2 or 3 days. So by 21st September, the
    virus scanners will have updated signature files to detect the virus and
    provide a kill routine. And that's a very best case scenario. After the
    signatures are updated, and the ISP or users have updated to use them, you
    can expect the speed of virus propagation to be cut back.

    When an ISP provides virus protection as part of its service, and heavily
    advertises the fact, it will create a customer expectation that they will be
    protected from all viruses getting through. This is an unrealistic
    expectation, given the obvious window of a few days during which a new virus
    will be able to spread rampantly. But customers will feel that they are
    paying for a service, and not being provided with what they are paying for.
    Understandably they will feel aggrieved when they find themselves on the
    receiving end of tens or hundreds of viruses.
    If they are paying for connect time or by volume, and the viruses have a
    payload of 70KB or 100KB each, then they will also feel aggrieved at having
    to pay for the additional connect time or volume charges due to the
    unexpected virus deliveries. Such has been the case with the Sobig.F worm
    and the Swen (fake Microsoft update) worm in the past month. One would
    expect that there is a legal obligation on the ISP to offer recompense under
    such circumstances. It is up to the consumer to make this point to the
    provider of the service.

    Where the ISP does not offer virus protection, there is less of a case.


    "Murray" <> wrote in message
    news:bkha3n$g2l$...
    > And so Xtra's email virus filter does not work either....
    >
    >
     
    Guest, Sep 20, 2003
    #8
  9. steve

    Warwick Guest

    Hi,
    I'd like to ask some questions of the group in general and particularly
    those using xtra for email.

    I received 280 emails this morning.
    About 1/3 are fake patches purporting to be from msoft, the rest are admin
    messages re bounced emails that I didn't send (knowingly).

    This has all the hallmarks of a virus infection however AVG does not detect
    any.

    Q.Are other xtra customers receiving multiple copies of the msoft patch
    scam? or is it part of my ghost infection?


    Q: Could the script have run and installed a trojan AVG don't know about?

    Q: Which one of the current viri in circulation best fits the symptoms?
    Again other xtra customers getting bounced messages they did not send?
    (seems vaguely reminiscent of Klez which spoofed the from field of emails
    and caused this kind of confusion).


    AVG did detect a script exploit in temporary internet files. The warning
    popped up while I was surfing and I immediately ran the protection and
    cleaned the script.

    All windows critical updates are installed and were installed during time of
    infection. (if it is an infection).

    Sorry to have to draw on your collective wisdom here, but Ive been trawling
    thru the symantec site and no viri seem to match symptoms properly.
    AVG similairly updated to most current and reports a clean machine.

    cheers
    Warwick




    ---
    Outgoing mail is certified Virus Free.
    Checked by AVG anti-virus system (http://www.grisoft.com).
    Version: 6.0.520 / Virus Database: 318 - Release Date: 9/18/2003
     
    Warwick, Sep 21, 2003
    #9
  10. steve

    Warwick Guest

    "steve" <> wrote in message
    news:RYQab.2603$...
    > Warwick wrote:
    > > Hi,
    > > I'd like to ask some questions of the group in general and particularly
    > > those using xtra for email.
    > >
    > > I received 280 emails this morning.
    > > About 1/3 are fake patches purporting to be from msoft, the rest are

    admin
    > > messages re bounced emails that I didn't send (knowingly).

    >
    > Someone with a BIG address book (with you in it) has the virus and thew
    > virus has used your address as the FROM: address.
    >


    Ty
    After more trawling Swen seems the likely candidate.
    However its not on my machine according to AVG.
    To be extra sure I looked for the reg entries and files SWEN is supposed to
    create and they are not there.
    Fingers crossed and hope ur right. Its not me but someone elses infection
    that is causing all this.

    cheers



    ---
    Outgoing mail is certified Virus Free.
    Checked by AVG anti-virus system (http://www.grisoft.com).
    Version: 6.0.520 / Virus Database: 318 - Release Date: 9/18/2003
     
    Warwick, Sep 21, 2003
    #10
  11. steve

    max Guest

    On Sat, 20 Sep 2003 21:26:09 +0000, Ralph Fox
    <-echo.invalid> wrote:

    >On Sat, 20 Sep 2003 17:45:35 +1200, in article
    ><>, max wrote:
    >
    >> Well your system clock is stuffed for a start.

    >
    >
    >Warwick's system clock will look right to him (correct time of day
    >showing in the clock), but he has his time zone set to California
    >time.
    >
    >His message says it was posted Saturday 16:27 California time
    >which is Sunday 11:27 New Zealand time.
    >
    >All our posts will look to Warwick as if they were backdated 19 hours.


    Maybe but California is behind NZ, not in front.
     
    max, Sep 21, 2003
    #11
  12. steve

    Gib Bogle Guest

    pbs wrote:

    > Warwick wrote:
    >
    >> Hi,
    >> I'd like to ask some questions of the group in general and particularly
    >> those using xtra for email.
    >>
    >> I received 280 emails this morning.
    >> About 1/3 are fake patches purporting to be from msoft, the rest are
    >> admin
    >> messages re bounced emails that I didn't send (knowingly).
    >>
    >> This has all the hallmarks of a virus infection however AVG does not
    >> detect
    >> any.

    >
    > [snip]
    >
    > I am (Still) receiving 3-10 email a minute to the email address on this
    > posting. So far I have received in excess 1000 emails with about
    > a dozen different headers + some from ISPs who inform me that they
    > have delete the attachment which was infected.
    >
    > The subject line varies but tends to have the word Microsoft in them.
    > They seem to come in a pattern of 8 long ones with 3 attachments
    > making a total size of 160K. Followed by a short one with 3
    > attachments.
    >
    > As I use a Linux box all email to this address is going to
    > /dev/null. :)
    >
    > I know that this address is compromised (as I use it for posting
    > to the usenet, it has been well and truly trawled and placed onto
    > one of those CD I get spammed about with subject lines like
    > "Buy a CD of 1 Billion email addresses", "I'm a Nigerian scam
    > artist" and "This is a product YOU must have".
    >
    > I think the emails are comming from someone who has bought a such a cd,
    > a how to spam manual and a virus attack manual.
    >
    > The mind boggles as to what band width is being taken up with this
    > stuff. Here an I in Wellington downloading it from a server in the
    > UK and if I am getting this stuff so probably are other "billion email
    > addresses on the CD"


    The mind does indeed boggle (I should know ;-). Time for me to repeat
    my proposal (which no-one takes seriously): the only way to control this
    abuse of the Internet will be to impose a tiny charge for email. Don't
    ask me how to achieve this.

    Gib
     
    Gib Bogle, Sep 21, 2003
    #12
  13. steve

    Ralph Fox Guest

    On Sun, 21 Sep 2003 12:12:58 +1200, in article
    <>, max wrote:

    > On Sat, 20 Sep 2003 21:26:09 +0000, Ralph Fox
    > <-echo.invalid> wrote:
    >
    > >All our posts will look to Warwick as if they were backdated 19 hours.

    >
    > Maybe but California is behind NZ, not in front.



    Exactly.

    For example, your post is dated Sunday 12:12:58 New Zealand time,
    which is the same as Saturday 17:12:58 California time.

    You see Sunday 12:12:58, but Warwick will see Saturday 17:12:58,
    precisely because...
    (a) California time is behind NZ (19 hours behind at the moment);
    (b) Warwick's newsreader, Outlook Express, will convert the date & time
    to what has been configured as Warwick's local time (California time).



    --
    Cheers,
    Ralph

    "There is only one boss, the customer. And he can fire everybody in
    the company from the chairman on down, simply by spending his money
    somewhere else." -- Sam Walton
     
    Ralph Fox, Sep 21, 2003
    #13
  14. steve

    Ralph Fox Guest

    Re: ISP rebates for viruses (was PC seems infected - cannot detect virus)

    On Mon, 22 Sep 2003 11:57:51 +1200, in article
    <XO5bb.154072$>, Warwick wrote:

    > But there is one new one with subject "Ha Ha Ha" a
    > joke about snow white and 7 dwarves and a virus attachment.



    This is W32/Hybris. It is almost 2 years old now.

    http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=98873
    http://www.symantec.com/avcenter/venc/data/w95.hybris.gen.html



    --
    Cheers,
    Ralph

    "There is only one boss, the customer. And he can fire everybody in
    the company from the chairman on down, simply by spending his money
    somewhere else." -- Sam Walton
     
    Ralph Fox, Sep 21, 2003
    #14
  15. steve

    Steve B Guest

    On Sat, 20 Sep 2003 16:27:24 -0700, "Warwick" <>
    wrote:

    >Hi,
    >I'd like to ask some questions of the group in general and particularly
    >those using xtra for email.
    >
    >I received 280 emails this morning.
    >About 1/3 are fake patches purporting to be from msoft, the rest are admin
    >messages re bounced emails that I didn't send (knowingly).
    >

    Same for me on TelstraClear (Paradise connection, domain hosted - for
    historical reasons) on ClearNet.

    I have emailed T-C several times, pleading with them to use the virus
    and spam detector of which they're so proud (ditto Xtra) to preserve
    me from what looks like "spam" from their own screening system.

    The body of the message in my case (whether claiming to have detected
    incoming infected mail or accusing me of sending it) has a consistent
    phrase:

    "This message has been processed by clear.net using Brightmail(r)
    Anti-Virus Technology powered by Symantec.

    "The file hocje.exe (or many and various similar nonsense names) was
    infected with the virus Worm.Automat.AHB (or other randomly chosen
    name) and has been deleted because the file cannot be cleaned."

    It should be simplicity itself for the ISPs to detect these phrases
    and stop the damned things from reaching us. But all I've had to date
    from T'Clear are two automated responses.

    When they finally get in on Monday morning (do the support staff work
    a five-day week?!) we might get something done.

    However, since I have my own domain, not a paradise.net.nz or
    clear.net.nz address, I gather I will have to PAY to get their
    spam'n'virus "service".

    Hmmmm, how convenient for TestiCular's (and Xtra's) marketing that
    this should have happened just as they have a new product to sell.

    Steve B.

    PS: I thought this might explain an odd incident I had a week or so
    ago, when I was told that a virus had been cleaned by the Norton AV in
    *my* system and the accompanying mail message deleted (a plain text
    message: why would it have to do that?)

    The sender swore he'd virus-checked his system with NAV only the day
    before, and following my notification, he went and did it again with a
    freshly-updated NAV. Both times the scan came up clean.

    More puzzlingly, while the allegedly infected message was an
    individual one to me, it was in connection with a mailing list in
    which we both participate; within a couple of hours either side, he
    had sent messages to the list as a whole, and none of the other list
    participants reported receiving a virus or virus warning in respect of
    those messages.

    A false positive in NAV? I suppose it's possible. Has anyone else had
    a similar experience?
     
    Steve B, Sep 21, 2003
    #15
  16. steve

    Steve B Guest

    Re: ISP rebates for viruses (was PC seems infected - cannot detect virus)

    On Sun, 21 Sep 2003 09:55:12 +1200, <> wrote:

    >When a new virus or worm is unleashed, say on the 18th September, then you
    >can expect that its signature will not be contained in the virus scanners
    >like F-Prot, McAfee, Symantec until it has been detected, reported and
    >assesessed. Typically, this may take 2 or 3 days. So by 21st September, the
    >virus scanners will have updated signature files to detect the virus and
    >provide a kill routine. And that's a very best case scenario. After the
    >signatures are updated, and the ISP or users have updated to use them, you
    >can expect the speed of virus propagation to be cut back.
    >

    However, as I report in my message on the main thread, the spurious
    "virus warnings" in my case have two paragraphs of plain text that is
    perfectly consistent from message to message:

    >"This message has been processed by clear.net using Brightmail(r) Anti-Virus
    >Technology powered by Symantec.
    >
    >"The file hocje.exe (or many and various similar nonsense names) was infected
    >with the virus Worm.Automat.AHB (or other randomly chosen name) and has
    >been deleted because the file cannot be cleaned."


    Is it too much to expect (even on a weekend) that the ISP
    (TelstraClear in my case) should pick up this plain and simple
    identifier and act on it?

    Steve B.
     
    Steve B, Sep 21, 2003
    #16
  17. steve

    Warwick Guest

    Re: ISP rebates for viruses (was PC seems infected - cannot detect virus)

    <> wrote in message news:...
    > When a new virus or worm is unleashed, say on the 18th September, then you
    > can expect that its signature will not be contained in the virus scanners
    > like F-Prot, McAfee, Symantec until it has been detected, reported and
    > assesessed. Typically, this may take 2 or 3 days. So by 21st September,

    the
    > virus scanners will have updated signature files to detect the virus and
    > provide a kill routine. And that's a very best case scenario. After the
    > signatures are updated, and the ISP or users have updated to use them, you
    > can expect the speed of virus propagation to be cut back.
    >
    > When an ISP provides virus protection as part of its service, and heavily
    > advertises the fact, it will create a customer expectation that they will

    be
    > protected from all viruses getting through. This is an unrealistic
    > expectation, given the obvious window of a few days during which a new

    virus
    > will be able to spread rampantly. But customers will feel that they are
    > paying for a service, and not being provided with what they are paying

    for.
    > Understandably they will feel aggrieved when they find themselves on the
    > receiving end of tens or hundreds of viruses.
    > If they are paying for connect time or by volume, and the viruses have a
    > payload of 70KB or 100KB each, then they will also feel aggrieved at

    having
    > to pay for the additional connect time or volume charges due to the
    > unexpected virus deliveries. Such has been the case with the Sobig.F worm
    > and the Swen (fake Microsoft update) worm in the past month. One would
    > expect that there is a legal obligation on the ISP to offer recompense

    under
    > such circumstances. It is up to the consumer to make this point to the
    > provider of the service.
    >
    > Where the ISP does not offer virus protection, there is less of a case.
    >
    >
    > "Murray" <> wrote in message
    > news:bkha3n$g2l$...
    > > And so Xtra's email virus filter does not work either....
    > >
    > >

    >
    >


    Ive got an uncapped dial up service so the extra bandwidth is not a cost
    issue.

    Xtra's email virus filter is working, but it still sends the headers thru,
    with a notify that the attachment has been stripped. This is probably
    expected behaviour, tho you might consider filtering out the headers as
    well - i'd be bloody grateful for it. ( takes ten minutes to get 136
    headers ).

    134 more emails, pretty much the same pattern of SWEN-ish upgrades and fake
    bounced email notifyts. But there is one new one with subject "Ha Ha Ha" a
    joke about snow white and 7 dwarves and a virus attachment.

    I am still unsure about the infection, perhaps it is a new one. This is
    viscious and if I am one of millions of spammed clean machines then you'd
    think every router on the net would be jammed. (and they are not).

    cheers
    Warwick



    ---
    Outgoing mail is certified Virus Free.
    Checked by AVG anti-virus system (http://www.grisoft.com).
    Version: 6.0.520 / Virus Database: 318 - Release Date: 9/18/2003
     
    Warwick, Sep 22, 2003
    #17
  18. steve

    Steve Bell Guest

    steve <> wrote in message news:<RYQab.2603$>...
    > Warwick wrote:
    > > Hi,
    > > I'd like to ask some questions of the group in general and particularly
    > > those using xtra for email.
    > >
    > > I received 280 emails this morning.
    > > About 1/3 are fake patches purporting to be from msoft, the rest are admin
    > > messages re bounced emails that I didn't send (knowingly).

    >
    > Someone with a BIG address book (with you in it) has the virus and thew
    > virus has used your address as the FROM: address.


    Doubtful in my case, as all the "infected" messages I am accused of
    sending are to addresses that look like nonsense; surely, to generate
    a "genuine" bounce, the To: address would have to make sense too.

    Of course, they could have set up an account at eg:
    specifically to receive and bounce the mails. At
    an outside chance Zawciobi may be someone's name, but it turns up
    nothing on Google, and I'm not going to be so inconsiderate as to
    email him/her to find out if it's a real address.

    Much more likely that your address has just been lifted from a
    newsgroup or mail database and the message is a complete fake and was
    never bounced by anyone.

    TestraClear's brief on its virus-shielding service says explicitly
    that it does NOT notify the alleged sender of an infected message (for
    obvious reasons); just the intended recipient.

    cheers,

    Steve B.
     
    Steve Bell, Sep 22, 2003
    #18
  19. steve

    steve Guest

    Steve Bell allegedly said:

    > Of course, they could have set up an account at eg:
    > specifically to receive and bounce the mails. At
    > an outside chance Zawciobi may be someone's name, but it turns up
    > nothing on Google, and I'm not going to be so inconsiderate as to
    > email him/her to find out if it's a real address.


    Backwards, Zawciobi could be 'I-boi-cwa-Z"

    I boy crazy.

    Hmmm.....
     
    steve, Sep 22, 2003
    #19
  20. steve

    T.N.O. Guest

    "steve" wrote
    > Backwards, Zawciobi could be 'I-boi-cwa-Z"
    > I boy crazy.
    > Hmmm.....


    you know you've been online too long when... see above.
     
    T.N.O., Sep 22, 2003
    #20
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. chase12

    I'm infected anti-virus no help.

    chase12, Oct 7, 2003, in forum: Computer Security
    Replies:
    5
    Views:
    622
  2. Doug Fox
    Replies:
    10
    Views:
    759
    donutbandit
    Feb 28, 2004
  3. Juan

    infected by virus

    Juan, Dec 17, 2005, in forum: Computer Support
    Replies:
    6
    Views:
    375
  4. Mike

    Saving files from virus infected computer

    Mike, Mar 23, 2006, in forum: Computer Support
    Replies:
    3
    Views:
    2,717
    fred-bloggs
    Mar 25, 2006
  5. Replies:
    2
    Views:
    388
Loading...

Share This Page