Microsoft is bombing me! help! help!

Discussion in 'Computer Information' started by Fogar, Sep 19, 2003.

  1. Fogar

    San Guest

    Thanks a lot, Thor, for that information. I went through all the ones I
    still had downloaded, and took a main word from each, (I hope that I
    understood you right) and made a rule for each. Thirty-three words in all.

    I feel stupid if I say I'm not infected, after getting thousands of these
    things, but I feel the same saying I am, when I don't know much about it,
    because someone said that it's not my computer necessarily, but the one who
    has my address in their book, but I can't get into Registry Editor, which
    you say is a sign of infection.

    So, what I would like to know is, if I am infected, just blocking and
    deleting these emails is only taking care of the symptoms , and not the
    cause. Does anyone know right now how to get rid of the cause of it?

    Someone suggested going to Symantec and downloading a site, which I did,
    with no success.


    San, Sep 21, 2003
    1. Advertisements

  2. On that special day, San, () said...
    Uhoh. Go to and read item number 15.

    Gabriele Neukam

    Gabriele Neukam, Sep 21, 2003
    1. Advertisements

  3. Fogar

    San Guest

    Hi Gabriele, (and Thor)

    I did go to that site, and read item number 15 as you said. It sounds like
    my computer is infected, so, what?

    Also, I have tried going to google and changing my email address, but I
    can't figure where or how to do that.

    And, Thor, I have/ am receiving 217 emails as we speak, so I either followed
    your instructions wrong, or it didn't work on my computer. I know something
    is drastically wrong, because my computer which is usually very fast, with
    XP, is very slow now, to the point where I get up and do something else
    while I'm waiting, and also, with the email, why aren't I getting any
    'regular' emails, mixed in with these others?


    San, Sep 21, 2003
  4. Fogar

    Thor Guest

    You don't need to be infected to receive the emails. That (as I stated many
    times before in other threads about this virus as of late) is merely the
    characteristic of this virus's ability to forge the sender's address. So in
    all likelihood, **someone else** is infected, but the virus is putting
    *your* email address (because it was found on the infected machine) on the
    emails as the sender. Naturally, when an email server (monitoring for
    viruses) detects the virus, it bounces back a message to who it *thinks* is
    the sender, but is not necessarily always the *actual* sender (due to the
    forged address). It's like someone else sending a letter through the postal
    service, and putting your return address on the envelope. If someone looks
    at the envelope, then they assume the letter came from you, and not the true
    party who sent it. If you have scanned your machine with fully updated
    antivirus software, and found no infection, then in all likelihood, your
    machine is clean. The bounce-back feature of email servers was once a great
    asset to slowing virus infection rates by notifying the infected party to
    check their computer for viruses. Unfortunately, with the advent of viruses
    that forge the sender address, it merely creates more confusion and

    Thor, Sep 21, 2003
  5. Fogar

    Thor Guest

    What action did you specify for the message rule?

    Addtionally, if you are infected, then simply go to the symantec link that
    was posted, and follow the removal instructions. You should always scan for
    a suspected infection in safe mode at the very least. Viruses and worms can
    disable, or stealth themselves from antivirus software. Safe mode prevents
    many viruses from executing at startup, thus enabling the antivirus software
    to scan and detect it.
    Thor, Sep 21, 2003
  6. Fogar

    Thor Guest

    Mcafee has updated their "Stinger" removal tool, and it will remove the swen
    virus as well as many others. I suggest you download and try it. It's easier
    than following the removal steps posted by Symantec.
    Thor, Sep 21, 2003
  7. Fogar

    Plato Guest

    My point was, and yeah, I wasnt' clear, is that norton is not an email
    filtering app. ie to filter out spam, etc
    Plato, Sep 21, 2003
  8. "Someone on here" posted misinformation...sort of...

    Some people consider having a worm ridden e-mail on your computer
    to be an infection, and in that vein you *do* "have" swen.a, but removal
    at that point is as simple as deleting an e-mail.

    I would call that a possible exposure to swen.a myself.

    I wouldn't consider someone to "have" swen.a unless they
    have executed the program and infested the computer which
    would then require a more complicated removal procedure.
    No, not any more than Viagra spams make your member limp.
    FromTheRafters, Sep 21, 2003
  9. Yep.

    Am I infected? Scan to find out.
    Does receiving these e-mails mean I'm infected? No.
    ...but it doesn't mean you are *not* either.

    Many people are confused by AV programs that delete
    a certain malware over and over and over again ~ they
    think that they are "infected" and it is "replicating" and
    or "regenerating" on their system. It doesn't help to un-
    confuse them when they get bounces purportedly from
    themselves at the same time. There are probably more
    people getting mailbombed then there are getting infested.
    FromTheRafters, Sep 21, 2003
  10. Be sure to use Bcc won't you?
    FromTheRafters, Sep 21, 2003
  11. Users were only given a short time to patch their machine against
    this one (MS01-020). Only two and a half years...he he he.

    ....but it's all Microsoft's fault somehow...
    I suspected this, thanks for posting this info.
    ....didn't know, thanks again. Must remember to check f-secure's
    write-ups more often, they're quite good.

    FromTheRafters, Sep 21, 2003
  12. Fogar

    Heather Guest

    Sorry San......I was away all day. Why on earth are you going to Google
    to change your address???? I meant for you to change/munge your address
    in Outlook Express.

    In OE, go to Tools/Accounts/News/Properties and change your email
    address in the slot that is named that........change it to say,
    or something.

    Because you are using your real email address, you are asking for mega
    spam and porn.

    Heather, Sep 22, 2003
  13. Fogar

    Heather Guest

    Thor.......thanks for the explanatory post to San........but she is
    still not getting it right.

    San......just put the first phrase of the email in the spot Thor is
    talking about and hit Add......doing this from memory as I don't have
    any of the MS ones on here........make sure you are hitting OK......I do
    have some very basic instructions on how to make message rules which I
    will send you if this address at charter net is real. Some of the
    people on another news group used them yesterday and they worked.

    But as I see further down, Gabriele picked up that you do have the
    virus, so get that off your computer first........

    Heather, Sep 22, 2003
  14. Fogar

    San Guest

    I hit 'delete'.
    I did that.

    You should always scan for
    I'm not real computer literate, so I don't know how to do this with safe
    mode, but I did go to the Stinger thing, and did that, actually twice.

    San, Sep 22, 2003
  15. Fogar

    R Guest

    But I have to download it before my filters and antivirus can
    catch it. And I have dialup. So it takes forever. My inbox is now
    unusable. Suggestions?
    R, Sep 22, 2003
  16. Fogar

    Bill Guest

    Create a new email account and don't use the address on usenet.
    Bill, Sep 22, 2003
  17. Fogar

    Thor Guest

    This still requires that the email download to your computer first. You want
    to select "delete from server". That will prevent the email from downloading
    in the first place.
    Thor, Sep 22, 2003
  18. Fogar

    kurt wismer Guest

    i don't know what email client you're using but some (mozilla, for
    example) can be configured to only download a preset number of bytes of
    each message (say for example, only downloading 10kb of each message,
    which means the entire message gets downloaded if it's less than 10kb
    and if it's over 10kb then only 10kb gets downloaded)...

    if there's a legitimate message that is over this limit there's the
    option to download that particular message in it's entirety...
    kurt wismer, Sep 22, 2003
  19. Fogar

    San Guest

    Okay, so I put the first phrase, such as 'undeliverable mail undeliverable
    message,' in 'body of message', then hit 'add', then OK,..... and do that
    for each and every one? I thought Thor said to just write a main word, hit
    add, then next one, all like in a string.

    I can't get it off my computer. I tried the Stinger thing twice, and the
    Symantec thing twice. I can't get into Regedit. I've got almost a thousand
    in OE now, and I'm just leaving them, because as soon as I delete them, it
    fills up again.

    ...I do
    This address is real. But I've only received like two emails from anyone
    else than the worm.

    The reason I went to Google to change my e- address is, because that's where
    I signed up for this list, and the same for yahoo lists.
    If I want to change it in OE, I have to do it through my cable provider, and
    then wouldn't I have to notify everyone that it's changed?

    San, Sep 22, 2003
  20. Fogar

    Heather Guest

    He did.......but you just need to make one or two Message Rules. Go to
    Tools/MessageRules/Mail and click on New. In the first box, tick off
    the one referring to the *body* of the email.

    In the second one, tick off Delete, Mark as Read and Stop Processing
    More Rules......this last one is important if you have a few rules.... the 3rd box, there is a blue highlight couple of
    words.....*contains specific words" on that. the top
    box put the following phrase and hit Add......"this is the latest
    version of Security Update" Do the same for "Cumulative Patch". And
    either in the same Rule or another the same with
    "undeliverable" and "undelivered"

    As to the name change.....I am not asking you to *really* change your
    email address......I am asking you to 'munge' ir or fake it for news
    groups and you do that thru the Tools/Accounts part in Outlook Express.
    It is only changing it for posts to news groups.......

    I hope this is clear. If not, I will write you off the group......

    But first.....get the durned virus off your computer because if you do
    have it then you are silently sending it out by the 100's. It won't
    show up in your Sent Box.

    Heather, Sep 22, 2003
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.