| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 36795 | 2003-08-20 10:17:00 | Viruses | Brendonny (929) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 168989 | 2003-08-20 10:17:00 | Hi everyone, Umm I was just wondering I have been getting sent a lot of viruses recently (the messages have been cleaned or deleted before I get them and I get the notifictaion) but I've been getting a lot of bounce messages to one of my personal e-mail addresses saying I've been trying to send out a virus to someone I don't know. They don't specify a virus but I'm quite concerned. I've since changed the password to the account and I'm still getting them. Is there any way of stopping the bounce messages?? It is a yahoo.co.nz address if it helps anyone. I use Incredimail as my mail program because it isn't that common so viruses shouldn't spread through there. I don't have the address listed in any other mail program. My parents use Outlook but my address is no where in there. But all I want is my mailbox back. Any tips?? Any suggestions would be appreciated. Brendan |
Brendonny (929) | ||
| 168990 | 2003-08-20 10:40:00 | Not much you can do. Someone who has your e-mail address on thier PCalso has a virus. It is being sent by them, but its using your address purporting to be the sender. Unless you can determine who it is and get them to cleanup their PC, not a lot can be done. |
godfather (25) | ||
| 168991 | 2003-08-20 11:05:00 | > Umm I was just wondering I have been getting sent a > lot of viruses recently (the messages have been > cleaned or deleted before I get them and I get the > notifictaion) but I've been getting a lot of bounce > messages to one of my personal e-mail addresses > saying I've been trying to send out a virus to > someone I don't know. They don't specify a virus but > I'm quite concerned. I've since changed the password > to the account and I'm still getting them. > Is there any way of stopping the bounce messages?? Hello Brendonny You are not alone in having this problem The same thing is happing to me as well :( Instead I have a hotmail dot com address (only one account so far has the e-mail I have two accounts) Here are the herder & message I am getting: (XXXXX is my address that I edited out :)) e-mail 1 From : NNZHUB000*at*bnz.co.nz To : XXXXXXXXXXXXXXX@hotmail.com Subject : Security Alert - ScanMail for Lotus Notes Date : Wed, 20 Aug 2003 17:04:18 +1200 MIME-Version: 1.0 Received: from inet.bnz.co.nz ([202.49.97.71]) by mc4-f31.law16.hotmail.com with Microsoft SMTPSVC(5.0.2195.5600); Tue, 19 Aug 2003 22:08:36 -0700 X-Message-Info: JGTYoYF78jEHjJx36Oi8+YDSEg8qKPPD X-Priority: 3 (Normal) Message-ID: <OF03C88610.25B27948-ONCC256D88.001BDC5B@bnz.co.nz > X-MIMETrack: Serialize by Router on INET/WLG/BNZ/NAG_AP(Release 5.0.12 |February 13, 2003) at 20/08/2003 17:08:37 Return-Path: NNZHUB000@bnz.co.nz X-OriginalArrivalTime: 20 Aug 2003 05:08:38.0299 (UTC) FILETIME=[1D5BAEB0:01C366D9] Date: 8/20/2003 17:4:18 Subject: Re: Re: My details From: XXXXXXXXXXXXXXX@hotmail.com To: CN=Trina Henare/OU=AKL/OU=BNZ/O=NAG_AP @ NAG File: wicked_scr.scr Action: quarantine Event: File Type Blocking The contents of this E-mail may contain information that is legally privileged and/or contains information confidential to the recipient. This information is not to be used by any other person and/or organisation. The views in this document do not necessarily reflect those of the Bank of New Zealand. ----------------------------------------------------------------------- e-mail 2 From : exim*at*scms.waikato.ac.nz To : <XXXXXXXXXXXXXXX@hotmail.com > Subject : Rejected: Your details Date : Wed, 20 Aug 2003 17:33:52 +1200 Received: from ghoul.scms.waikato.ac.nz ([130.217.241.35]) by mc8-f18.law1.hotmail.com with Microsoft SMTPSVC(5.0.2195.5600); Tue, 19 Aug 2003 22:33:55 -0700 Received: from exim by ghoul.scms.waikato.ac.nz with local (Exim 4.14)id 19pLbU-0002o9-5ifor XXXXXXXXXXXXXXX@hotmail.com; Wed, 20 Aug 2003 17:33:52 +1200 X-Message-Info: JGTYoYF78jEHjJx36Oi8+YDSEg8qKPPD In-Reply-To: <E19pLbG-0002nT-2C@ghoul.scms.waikato.ac.nz > Message-Id: <E19pLbU-0002o9-5i@ghoul.scms.waikato.ac.nz > Return-Path: < > X-OriginalArrivalTime: 20 Aug 2003 05:33:55.0691 (UTC) FILETIME=[A5CB53B0:01C366DC] Your message was rejected because it has an apparently executable attachment "movie0045.pif". Please read www.scms.waikato.ac.nz ----------------------------------------------------------------------- e-mail 3 From : auto-filter*at*xtra.co.nz To : XXXXXXXXXXXXXXX@hotmail.com Subject : Virus Alert Date : Wed, 20 Aug 2003 20:45:57 +1200 MIME-Version: 1.0 Received: from mta204-rme.xtra.co.nz ([210.86.15.147]) by mc6-f5.law1.hotmail.com with Microsoft SMTPSVC(5.0.2195.5600); Wed, 20 Aug 2003 01:45:59 -0700 Received: from localhost ([210.86.15.141]) by mta204-rme.xtra.co.nz with SMTP id <20030820084557.IFCH1211.mta204-rme.xtra.co.nz@localhost > for <XXXXXXXXXXXXXXX@hotmail.com > ; Wed, 20 Aug 2003 20:45:57 +1200 X-Message-Info: JGTYoYF78jEHjJx36Oi8+YDSEg8qKPPD Message-Id: <20030820084557.IFCH1211.mta204-rme.xtra.co.nz@localhost > Return-Path: auto-filter*at*txtra.co.nz X-OriginalArrivalTime: 20 Aug 2003 08:45:59.0842 (UTC) FILETIME=[7AB93820:01C366F7] An attachment called (WORM_SOBIG.F) in an email that appears to have been sent from your email address to (tkitez@xtra.co.nz) contained the virus (WORM_SOBIG.F), which has been deleted. If you do not believe you were the actual sender, the Klez virus is likely to be the culprit. The Klez virus works by forging the 'From' address inside the virus infected email, which means you can receive a virus alert from Xtra even if you are not necessarily the actual sender. Information on Xtra's anti-virus email filter: xtra.co.nz More on the Klez virus: xtra.co.nz Help with filtering anti-virus email alerts from Xtra: xtra.co.nz Help with removing a virus from your computer: xtra.co.nz If you have any other questions, please forward this email along with your enquiry to anti-virus*at*xtra.co.nz ----------------------------------------------------------------------- e-mail 4This one HAS the virus which I did not open becuas Hotmail told me it was the W32/Sobig.f@MM virus From : <roxanne*at*globe.net.nz > To : <XXXXXXXXXXXXXXX@hotmail.com > Subject : Re: Wicked screensaver Date : Wed, 20 Aug 2003 17:37:06 +1200 Attachment : application.pif (100k) MIME-Version: 1.0 Received: from NLWTS01 ([219.88.104.178]) by mc7-f24.law1.hotmail.com with Microsoft SMTPSVC(5.0.2195.5600); Tue, 19 Aug 2003 22:37:13 -0700 X-Message-Info: 6sSXyD95QpWgCBWUvHx8NNdDCbTE47+p X-MailScanner: Found to be clean Importance: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MSMail-Priority: Normal X-Priority: 3 (Normal) Return-Path: roxanne*a*tglobe.net.nz Message-ID: <MC7-F24iaMJKhpXnXML000c8b1d@mc7-f24.law1.hotmail.com > X-OriginalArrivalTime: 20 Aug 2003 05:37:17.0858 (UTC) FILETIME=[1E4B9020:01C366DD] See the attached file for details ----------------------------------------------------------------------- |
stu140103 (137) | ||
| 168992 | 2003-08-20 11:07:00 | Send a bcc e-mail to all your contacts telling them what has happened and please "patch", and stop bandying your name around the internet(maybe not the last bit). | Rod ger (316) | ||
| 168993 | 2003-08-20 11:11:00 | & I do not have the Virus on my computer ( I have NAV 2002 with lasted Viruses definitions) | stu140103 (137) | ||
| 168994 | 2003-08-20 11:13:00 | & I do not know the above peple. | stu140103 (137) | ||
| 168995 | 2003-08-20 12:18:00 | All those emails you have there stu are variants of the w32.sobig virus. | PoWa (203) | ||
| 168996 | 2003-08-20 12:19:00 | Stu This may help you When you can identify a isp in the header info try emailing abuse@isp etc with the header information they maybe able to track the customer and inform them of the virus. Most isp's keep email activity logs and their technical support should be able to identify the customer, they will not however tell you who it is. I have recently done this for both a New Zealand isp and a overseas isp. I received a email from a unknown person (which contained a virus attachment) inside and outside New Zealand domain where the isp was clearly identifiable in the header information. Oh if there is a ip number in the header, as source, do a whois, that will reveal a lot of information as well. Oh by the way one of those people that sent you one of those emails seems to be on a novell network CN=Trina Henare/OU=AKL/OU=BNZ/O=NAG_AP |
beama (111) | ||
| 1 | |||||