Still having trouble with figuring out spam.

Discussion in 'privacy general' started by MakoFusion, Sep 4, 2003.

Thread Status:
Not open for further replies.
  1. MakoFusion

    MakoFusion Registered Member

    Joined:
    Jun 25, 2003
    Posts:
    130
    I still cannot figure this out...

    Can anyone make heads or tails on the Header that the email claims to have said my original email came from? The header is in the body and put into a quote.

    X-Message-Info: 6sSXyD95QpX1U6JAw42dFsq8wiHNpyMg
    Received: from popcorn.brookdalecc.edu ([130.156.20.253]) by mc2-f14 with Microsoft SMTPSVC(5.0.2195.5600); Fri, 5 Sep 2003 18:22:25 -0700
    Received: (from root@localhost) by popcorn.brookdalecc.edu (8.11.1/8.11.1) id h861HTV52283; Fri, 5 Sep 2003 21:17:29 -0400 (EDT) (envelope-from root)
    Date: Fri, 5 Sep 2003 21:17:29 -0400 (EDT)
    Message-Id: <200309060117.h861HTV52283@popcorn.brookdalecc.edu>
    From: postmaster@popcorn.brookdalecc.edu
    To: WhiteMateriaXV@hotmail.com
    Subject: VIRUS IN YOUR MAIL TO <egualtieri@brookdalecc.edu>
    Return-Path: root@popcorn.brookdalecc.edu
    X-OriginalArrivalTime: 06 Sep 2003 01:22:26.0027 (UTC) FILETIME=[54AD13B0:01C37415]
    V I R U S A L E R T
    =====================================================================
    We found a virus in your mail to <egualtieri@brookdalecc.edu>.
    To prevent the virus from spreading any further, we stopped delivery of this email. <egualtieri@brookdalecc.edu> did NOT receive your message!
    Our viruschecker found the following virus:
    W32.Sobig.f
    Check your system for viruses and resend your mail.
    By clicking the link below, you can search the McAfee Antivirussite with Google for more information on this virus.
    http://www.google.com/search?q=inurl:vil.nai.com%20W32.Sobig.f
    For your reference, here are the headers from your email:
    =====================================================================
    ------------------------- BEGIN HEADERS -----------------------------
    END HEADERS ------------------------------
    We use AMaViS, http://amavis.org/
    AMaViS - A Mail Virus Scanner, licenced GPL
     
  2. Peaches4U

    Peaches4U Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    5,070
    Location:
    At my computer
    Re:Help with Spam?

    Highlight your email in question [unopened] and then click on FILE on your toolbar, then click on PROPERTIES, then click DETAILS - then click on MESSAGE SOURCE You do not want to do this if you suspect your mail may contain a virus

    If you did not send any emails, then you may well be a host for a virus. On the other hand, is the mail you are getting from a known source or unknown? Are your known contacts advising you that you have a virus? Give us a bit more detail. ThanksI recommend you do an online independent scan of your computer with either Panda or TrendMicro [scans are free] - if you have a virus, it will be removed, if not then go to Symantec for the removal tool for Sobig. Do you have an anti-virus software installed and if you do, did it warn you of any infection?
     
  3. Peaches4U

    Peaches4U Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    5,070
    Location:
    At my computer
    Re:Help with Spam?

    Click on the following URL and see if any of the Worms described there relate to your situation.

    http://search.symantec.com/custom/us/query.html
     
  4. meneer

    meneer Registered Member

    Joined:
    Nov 27, 2002
    Posts:
    1,132
    Location:
    The Netherlands
  5. DolfTraanberg

    DolfTraanberg Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    676
    Location:
    Amsterdam
    Re:Help with Spam?

    only the returnpath is showing your address
    does the next line give you any clues:

    From: <WhiteMateriaXV@hotmail.com>

    Dolf
     
  6. Peaches4U

    Peaches4U Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    5,070
    Location:
    At my computer
    Re:Help with Spam?

    Hi Mak - I subscribe to TechTV newsletters and this is what they wrote about the Sobig virus and thus may explain what is happening to you.

    "Sobig pulls a random name from the hard drive of an infected PC and uses it as the return address when it mails itself out to new victims. Since you're running an updated antivirus program and you don't open attachments, the virus probably isn't on your system. Some of your friends think you sent the virus because Sobig used your email address as the return address. "

    The way I understand the above is that one your your real email contacts has an infected computer and Sobig is using you as a host from the infected addy list. It may well be that the spam mail contains the virus which is why McAfee keeps telling you the mail was infected that was sent out. Try asking all your email contacts to remove your email addy from their address book and see what happens. If the spam continues, then you may have to look elsewhere, if it stops then you know more or less where the problem lies thus all your email contacts will have to scan their computers, etc. to see who is compromised.

    Get the tool for Sobig removal from Symantec by downloading it to a diskette and then scan your computer and if you are infected, this tool will identify it and remove any trace of the virus. Also, download on a separate disk the removal tool for the other virus you mentioned If you come up clean then it would appear that an infected computer which has your email addy is using you to send the spam which I assume is also infected mail. In which case, I would not go to view the message source with the instructions I gave because as soon as you do this, bingo you are infected. Been there, done that so fair warning. I have had to deal with Sobig on two occasions and it was no picnic - it was sent using my neighbor's infected computer each time. If you are using Win XP, & if you are infected, the virus is most likely in your Restore System and a scan will not pick it up there .. but Wormguard will & will stop it from executing. Download the 30- day free trial of Wormguard and it will stop System Restore from running and a warning will be given when you try to access SR. In order to get the virus out of SR, you need to disable SR and then use the removal tools. Doing this you will lose all restore points but when you are positive you are clean, then set a new restore point from the date you are setting it. If your SR is clean, then Wormguard takes no action so you know you are okay in that area.

    Give my suggestions a shot, you have everything to gain and nothing to lose. Let us know how you make out.
     
Loading...
Thread Status:
Not open for further replies.