Re: Virus Problem ** Help!**

Discussion in 'A+ Certification' started by David BlandIII, Feb 26, 2004.

  1. Sounds like a good moral to me. And you mean to tell me that all those
    Microsoft updates were fakes!? Man that's scary. I'm glad I didn't act on
    any of them. I was somewhat suspicious as they all came along at the same
    time
    I started getting the virus e-mails. We live and learn.

    --
    David Bland

    "Karl S." <> wrote in message
    news:p...
    > On Fri, 20 Feb 2004 08:05:46 +0000, David BlandIII wrote:
    >
    > > Perhaps some of you bright lads & lasses can help me with a rather
    > > perplexing problem. Having cruised the net since the early days of the
    > > web, I have (on occasion) run into the random virus here and there,
    > > perhaps as many as five or six time a year. I always keep NAV running
    > > and I do a lot of downloading. Every one in a while I'll download a
    > > virus infected file and get that cool little sound letting me know that
    > > Norton's found one.
    > >
    > > This is all quite normal and no problem at all. In all of my webbing
    > > years I have probably only gotten two or three virus infected e-mails.
    > > However, after visiting several newsgroups early in January of this
    > > year, I noticed a slow tide of virus infected e-mails that has recently
    > > turned into a torrent. At this rate I may have to pull this account
    > > altogether. I'd like to avoid this scenario, however, so I was wondering
    > > if anyone could shed some light on the root cause of my problem?
    > >
    > > Over the last month I have been instituting e-mail filters in an attempt
    > > to prevent the infected emails from being downloaded from my server
    > > altogether. I thought it would be simple enough to do as all of the
    > > infected e-mail notices came from a handful of sources and all contained
    > > similar messages. The sources seem to be from the various ISP's own
    > > e-mail management systems and included addresses such as:
    > >
    > > -
    > > -
    > > -
    > > -
    > > - even Norton Antivirus's own E-mail Protection Program
    > >
    > > The names listed in the "From" field all contained terms such as
    > > Microsoft Internet Mail Storage System, Inet Mail Delivery Service, or
    > > the ever-ubiquitous "Administrator," and the message line would always
    > > be blank or say something like "user unknown."
    > >
    > > In the body of all of these e-mails there is usually a simple message
    > > always stating the same thing such as:
    > >
    > > "I'm afraid the message returned below could not be delivered to the
    > > following addresses:
    > > Undeliverable mail to "
    > >
    > > I've included the full return path of the latest such e-mail which had
    > > listed "Administrator" in the From filed and "mail: user unknown" in the
    > > message field. The body of the letter stated:
    > >
    > > Undeliverable mail to Message follows:
    > >
    > > The e-mail usually has an attachment with the original infected e-mail.
    > >
    > > =============================================================
    > >
    > >
    > > Return-Path: <>
    > > Received: from prserv.net ([192.168.1.7]) by mta015.verizon.net
    > > (InterMail vM.5.01.06.06 201-253-122-130-106-20030910) with
    > > ESMTP id
    > > <> for
    > > <>; Thu, 19 Feb 2004 12:32:11 -0600
    > > Received: from prserv.net (32.97.166.32) by sc009pub.verizon.net
    > > (MailPass SMTP server v1.1.1 - 121803235448JY) with ESMTP id
    > > <4-26778-35-26778-125958-1-1077315531> for mta015.verizon.net; Thu, 19
    > > Feb 2004 12:32:12 -0600 Date: Thu, 19 Feb 2004 18:31:50 +0000 (GMT)
    > > X-Comment: Sending client does not conform to RFC822 minimum
    > > requirements X-Comment: Date has been added by Maillennium. Received:
    > > from rbpgp (slip32-106-141-81.bar.es.prserv.net[32.106.141.81])
    > > by attglobal.net (out2) with SMTP
    > > id <2004021918313320206pca04e>; Thu, 19 Feb 2004 18:31:37
    > > +0000
    > > FROM: "Administrator" <> TO: " "
    > > <>
    > > SUBJECT: mail: user unknown
    > > Mime-Version: 1.0
    > > Content-Type: multipart/alternative;
    > > boundary="vylvuuh"
    > > Message-Id: <>
    > >
    > > ================================================================
    > >
    > > The thing that perplexes me about all of these e-mails is that they all
    > > seem to be messages from other systems' e-mail programs telling me that
    > > an e-mail that I was sending was for some reason undeliverable. Of
    > > course I have sent no such e-mail to any of the return addresses listed
    > > in the messages. I assumed that some program was sniffing the newsgroups
    > > I posted mesages in and got my e-mail and started trying to replicate a
    > > virus infected message by sending it out to others using my return
    > > address, thus these various e-mail systems are sending this junk back to
    > > me. That's my theory anyway.
    > >
    > > The problem is that the volume of e-mail is increasing despite over
    > > fifteen e-mail filters that I've tried to establish (including a block
    > > sender list). Apparently these e-mail management systems are designed to
    > > alter the messages to avoid blocking as e-mail from the same systems
    > > (even blocked addresses) keep showing up again and again using slightly
    > > wording in the From and Message fields, as well as in the message body.
    > >
    > > Seeing as how the block senders list and e-mail filters have been
    > > unsuccessful, I resorted changing the email address that I have been
    > > using but today I found that two of my other e-mail addresses that I
    > > never use when visiting newsgroups and only use in business
    > > correspondence, have now also become infected with this virus problem.
    > > In other words I'm receiving virus e-mails from on all three e-mail
    > > accounts now. At this point I don't know what to do. Is my only recourse
    > > to pull the entire Verizon account and never again venture into an
    > > online newsgroup such as this? Any suggestions would be very much
    > > appreciated. Thanks.
    > >
    > > David Bland<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0
    > > Transitional//EN"> <HTML><HEAD>
    > > <META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
    > > <META content="MSHTML 6.00.2800.1400" name=GENERATOR> <STYLE></STYLE>
    > > </HEAD>
    > > <BODY bgColor=#ffffff>
    > > <DIV><FONT face=Arial>Perhaps some of you bright&nbsp;lads &amp;
    > > lasses&nbsp;can help me with a rather perplexing problem.</FONT></DIV>
    > > <DIV><FONT face=Arial>Having cruised the net since the early days of the
    > > web, I have (on occasion) run into</FONT></DIV> <DIV><FONT
    > > face=Arial>the random virus here&nbsp; and there, perhaps as many as
    > > five or six time a year. I always</FONT></DIV> <DIV><FONT
    > > face=Arial>keep NAV running and I do a lot of downloading. Every one in
    > > a while I'll download a</FONT></DIV> <DIV><FONT face=Arial>virus
    > > infected file and get that cool little sound letting me know that
    > > Norton's found</FONT></DIV> <DIV><FONT face=Arial>one.</FONT></DIV>
    > > <DIV><FONT face=Arial></FONT>&nbsp;</DIV> <DIV><FONT face=Arial>This is
    > > all quite normal and no problem at all. In all of my webbing years I
    > > have probably</FONT></DIV> <DIV><FONT face=Arial>only gotten two or
    > > three virus infected e-mails. However, after visiting several
    > > newsgroups</FONT></DIV> <DIV><FONT face=Arial>early in January of this
    > > year, I noticed a slow tide of virus infected e-mails that has
    > > recently</FONT></DIV> <DIV><FONT face=Arial>turned into a torrent. At
    > > this rate I may have to pull this account altogether. I'd like to
    > > avoid</FONT></DIV> <DIV><FONT face=Arial>this scenario, however, so I
    > > was wondering if anyone could shed some light on the root</FONT></DIV>
    > > <DIV><FONT face=Arial>cause of my problem?</FONT></DIV> <DIV><FONT
    > > face=Arial></FONT>&nbsp;</DIV> <DIV><FONT face=Arial>Over the last month
    > > I have been instituting e-mail filters in an attempt to prevent the
    > > infected</FONT></DIV> <DIV><FONT face=Arial>emails from being downloaded
    > > from&nbsp;my server altogether. I thought it would be
    > > simple</FONT></DIV> <DIV><FONT face=Arial>enough to do as all of the
    > > infected e-mail notices came from a handful of sources and
    > > all</FONT></DIV> <DIV><FONT face=Arial>contained similar messages. The
    > > sources seem to be from the various ISP's own e-mail</FONT></DIV>
    > > <DIV><FONT face=Arial>management systems and included addresses such
    > > as:</FONT></DIV> <DIV><FONT face=Arial></FONT>&nbsp;</DIV> <DIV><FONT
    > > face=Arial>&nbsp;&nbsp;&nbsp; - <A
    > >

    href="mailto:"></A></FONT></DI
    V>
    > > <DIV><FONT face=Arial>&nbsp;&nbsp;&nbsp; - <A
    > >

    href="mailto:eek:"></A></FONT>
    </DIV>
    > > <DIV><FONT face=Arial>&nbsp;&nbsp;&nbsp; - <A
    > >

    href="mailto:"></A></FON
    T></DIV>
    > > <DIV><FONT face=Arial>&nbsp;&nbsp;&nbsp; - <A
    > >

    href="mailto:"></A></FONT></
    DIV>
    > > <DIV><FONT face=Arial>&nbsp;&nbsp;&nbsp; - even Norton Antivirus's own
    > > E-mail Protection Program</FONT></DIV> <DIV>&nbsp;</DIV> <DIV><FONT
    > > face=Arial>The&nbsp;names listed in the "From" field all contained terms
    > > such as Microsoft Internet Mail</FONT></DIV> <DIV><FONT
    > > face=Arial>Storage System, Inet Mail Delivery Service, or the
    > > ever-ubiquitous "Administrator," and</FONT></DIV> <DIV><FONT
    > > face=Arial>the message line would always be blank or say something like
    > > "user unknown."</FONT>&nbsp;&nbsp;&nbsp;</DIV> <DIV>&nbsp;</DIV>
    > > <DIV><FONT face=Arial>In the body of all of these e-mails there is
    > > usually a simple message always stating the</FONT></DIV> <DIV><FONT
    > > face=Arial>same thing such as:</FONT></DIV> <DIV><FONT
    > > face=Arial></FONT>&nbsp;</DIV> <DIV><FONT face=Arial>&nbsp;
    > > "</FONT><FONT face="Times New Roman">I'm afraid the message returned
    > > below could not be delivered to the following addresses:<BR><FONT
    > > face=Arial>&nbsp;&nbsp; </FONT>Undeliverable mail to
    > > <B>"</B></FONT></DIV> <DIV><FONT face="Times New
    > > Roman"></FONT>&nbsp;</DIV> <DIV><FONT face=Arial>I've included the
    > > full&nbsp;return path of the latest such e-mail which&nbsp;had listed
    > > "Administrator"</FONT></DIV> <DIV><FONT face=Arial>in the From filed and
    > > "mail: user unknown" in the message field. The body of the
    > > letter</FONT></DIV> <DIV><FONT face=Arial>stated:</FONT></DIV>
    > > <DIV><FONT face=Arial></FONT>&nbsp;</DIV> <DIV><FONT
    > > face=Arial>&nbsp;&nbsp;&nbsp; <FONT face="Times New Roman">Undeliverable
    > > mail to <B><A
    > > href="mailto:"></A></B>
    > > </FONT></FONT></DIV>
    > > <DIV><FONT face=Arial><FONT face="Times New
    > > Roman"><STRONG>&nbsp;&nbsp;&nbsp; </STRONG>Message
    > > follows:</FONT><BR></FONT></DIV> <DIV><FONT face=Arial>The e-mail
    > > usually has an attachment with the original infected
    > > e-mail.</FONT></DIV> <DIV><FONT face=Arial></FONT>&nbsp;</DIV>
    > > <DIV><FONT
    > >

    face=Arial>=============================================================</DI
    V>
    > > <DIV><BR></DIV></FONT>
    > > <DIV><FONT face=Arial>Return-Path: &lt;<A
    > >

    href="mailto:"></A>&gt;<BR>Receive
    d:
    > > from prserv.net ([192.168.1.7]) by
    > >

    mta015.verizon.net<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
    > > (InterMail vM.5.01.06.06 201-253-122-130-106-20030910) with
    > > ESMTP<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; id
    > > &lt;<A
    > >

    href="mailto:">20040219
    </A>&gt;<BR>&nbsp;&nbsp;&nbsp;&
    nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
    > > for &lt;<A
    > > href="mailto:"></A>&gt;; Thu, 19
    > > Feb 2004 12:32:11 -0600<BR>Received: from prserv.net (32.97.166.32) by
    > > sc009pub.verizon.net (MailPass SMTP server v1.1.1 - 121803235448JY)
    > > with&nbsp; ESMTP id
    > > &lt;4-26778-35-26778-125958-1-1077315531&gt; for mta015.verizon.net;
    > > Thu, 19 Feb 2004 12:32:12 -0600<BR>Date: Thu, 19 Feb 2004 18:31:50 +0000
    > > (GMT)<BR>X-Comment: Sending client does not conform to RFC822 minimum
    > > requirements<BR>X-Comment: Date has been added by
    > > Maillennium.<BR>Received: from rbpgp
    > >

    (slip32-106-141-81.bar.es.prserv.net[32.106.141.81])<BR>&nbsp;&nbsp;&nbsp;&n
    bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
    > > by attglobal.net (out2) with
    > > SMTP<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; id
    > > &lt;2004021918313320206pca04e&gt;; Thu, 19 Feb 2004 18:31:37
    > > +0000<BR>FROM: "Administrator" &lt;<A
    > > href="mailto:"></A>&gt;<BR>TO: "
    > > " &lt;<A
    > >

    href="mailto:"></A>&gt;<BR>S
    UBJECT:
    > > mail: user unknown<BR>Mime-Version: 1.0<BR>Content-Type:
    > > multipart/alternative;<BR>&nbsp;boundary="vylvuuh"<BR>Message-Id: &lt;<A
    > >

    href="mailto:">20040219
    </A>&gt;</FONT></DIV>
    > > <DIV><FONT face=Arial></FONT>&nbsp;</DIV> <DIV><FONT
    > >

    face=Arial>================================================================<
    /FONT></DIV>
    > > <DIV><FONT face=Arial></FONT>&nbsp;</DIV> <DIV><FONT face=Arial>The
    > > thing that perplexes me about all of these e-mails is that they all seem
    > > to be</FONT></DIV> <DIV><FONT face=Arial>messages from other systems'
    > > e-mail programs telling me that an e-mail that I was</FONT></DIV>
    > > <DIV><FONT face=Arial>sending was for some reason undeliverable. Of
    > > course I have sent no such e-mail</FONT></DIV> <DIV><FONT face=Arial>to
    > > any of the return addresses listed in the messages. I assumed that some
    > > program</FONT></DIV> <DIV><FONT face=Arial>was sniffing the newsgroups I
    > > posted mesages in and got my e-mail and started</FONT></DIV> <DIV><FONT
    > > face=Arial>trying to replicate a virus infected message by sending it
    > > out to others using my</FONT></DIV> <DIV><FONT face=Arial>return
    > > address, thus these various e-mail systems are sending this junk back to
    > > me.</FONT></DIV> <DIV><FONT face=Arial>That's my theory
    > > anyway.</FONT></DIV> <DIV><FONT face=Arial></FONT>&nbsp;</DIV>
    > > <DIV><FONT face=Arial>The problem is that the volume of e-mail is
    > > increasing despite over fifteen&nbsp;e-mail</FONT></DIV> <DIV><FONT
    > > face=Arial>filters that I've tried to establish (including a block
    > > sender list). Apparently these</FONT></DIV> <DIV><FONT face=Arial>e-mail
    > > management systems are designed to alter the messages to avoid
    > > blocking</FONT></DIV> <DIV><FONT face=Arial>as e-mail from the same
    > > systems (even blocked addresses) keep showing up again</FONT></DIV>
    > > <DIV><FONT face=Arial>and again using slightly wording in the From and
    > > Message fields, as well as in the </FONT></DIV> <DIV><FONT
    > > face=Arial>message </FONT><FONT face=Arial>body.</FONT></DIV> <DIV><FONT
    > > face=Arial></FONT>&nbsp;</DIV> <DIV><FONT face=Arial>Seeing as how the
    > > block senders list and e-mail filters have been unsuccessful,
    > > I</FONT></DIV> <DIV><FONT face=Arial>resorted changing the email address
    > > that I have been using but today I found that two</FONT></DIV>
    > > <DIV><FONT face=Arial>of my other e-mail addresses that I never use when
    > > visiting newsgroups and only use</FONT></DIV> <DIV><FONT face=Arial>in
    > > business correspondence, have now also become infected with this virus
    > > problem.</FONT></DIV> <DIV><FONT face=Arial>In other words I'm receiving
    > > virus e-mails from on all three e-mail accounts now. At
    > > this</FONT></DIV> <DIV><FONT face=Arial>point I don't know what to do.
    > > Is my only recourse to pull the entire Verizon account</FONT></DIV>
    > > <DIV><FONT face=Arial>and never again venture into an online newsgroup
    > > such as this? Any suggestions</FONT></DIV> <DIV><FONT face=Arial>would
    > > be very much appreciated. Thanks.</FONT></DIV> <DIV><FONT
    > > face=Arial></FONT>&nbsp;</DIV> <DIV><FONT face=Arial>David
    > > Bland</FONT></DIV></BODY></HTML>

    >
    >
    > Those "Failed to send your email" emails are probably fakes, just like the
    > "Microsoft Update" fakes that "swen" is still throwing around. Your email
    > address was probably harvested from a newsgroup and used as a fake "From:"
    > address. There's no reason to believe your computer is itself infected. I
    > receive similar junk email, and I use linux. There are no viable viruses
    > or worms at this time that will infect linux. I don't know which email
    > software you use, but I find that Netscape 7 / Mozilla have a very
    > effective combination of junkmail and spam filters. Even that wasn't
    > enough, however, when I was receiving 60-80 virus-loaded junkmails a day,
    > so I changed my email address slightly, and kept the old one in my "From:"
    > line. Now the junk goes to a dead address. I still get some spam and virus
    > junkmail in my main inbox, but no more than a dozen at worst in a day. And
    > yes, some of those pretend to be bounces of email that "I" was supposed to
    > have originated... Until I check the "Received from" lines and determine
    > that they forged the "From:" line.
    >
    > Moral: Never post to any newsgroup with your main email address in the
    > "From:" line.
    >
    > Karl S.
    >
    > --
    > I'm still waiting for someone to WTFM!
    >
     
    David BlandIII, Feb 26, 2004
    #1
    1. Advertising

  2. Doug,

    I finally had time to review and install POPFile. I'm in evaluation/learning
    phase now. It looks
    interesting. I'll be interested to see how well it eventually categorizes
    all my e-mail. If I can get
    it to identify those nuisance virus alert messages so I can have Outlook
    Express not download
    them from the server, it'll be worth whatever amount of time it takes.

    Its not the prospect of a virus that bothers me but having to constantly
    delete those damned
    messages every time I open my inbox. Over the last week they had slowed to a
    trickle with
    my having received none for about three days. But now they've started ebbing
    in again. :-(

    David

    "Doug Scott" <> wrote in message
    news:...
    > David,
    >
    > > Sounds like a good moral to me. And you mean to tell me that all those
    > > Microsoft updates were fakes!?

    >
    > Microsoft had to put out a announcement that they will never send anyone
    > an email. What a defeat for the system, eh?
    >
    > > I started getting the virus e-mails. We live and learn.

    >
    > I just got a dozen in the last connect with my ISP. All were detected by
    > POPfile.
    >
    > Did you ever follow that up?
    >
    >
    > ---
    >
    > Doug
    >
    >
    >
    >
    >
     
    David BlandIII, Mar 2, 2004
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Phil B

    Virus, Virus, Virus.....

    Phil B, Sep 22, 2003, in forum: Computer Support
    Replies:
    2
    Views:
    566
    DaveW
    Sep 22, 2003
  2. DS

    Virus in virus?

    DS, Feb 8, 2004, in forum: Computer Support
    Replies:
    3
    Views:
    508
  3. Dangermouse

    virus or not virus

    Dangermouse, Oct 12, 2005, in forum: Computer Support
    Replies:
    5
    Views:
    540
    ellis_jay
    Oct 13, 2005
  4. Peter Maurice Cram

    Norton virus protection shutsdown - virus?

    Peter Maurice Cram, Sep 11, 2004, in forum: Computer Information
    Replies:
    2
    Views:
    626
    WebWalker
    Sep 12, 2004
  5. brenda

    Virus Virus

    brenda, Oct 15, 2007, in forum: Computer Support
    Replies:
    11
    Views:
    976
    Desk Rabbit
    Oct 16, 2007
Loading...

Share This Page