Virus trouble
04 September 2002, 09:18 AM
#1
Scooby Regular
Thread Starter
Join Date: Apr 2000
Posts: 404
Likes: 0
Received 0 Likes
on
0 Posts
I'm running McAfee Virus Scan v6.02.3000 at my PC at home. 2 things have started happening of late:
1. I'm getting loads of mails with virus attachments from people unknown (no major problem because the virus checker pickes them up)
2. More worringly, I'm getting 'failed delivery' messages from my ISP in relation to messages I haven't even sent. These messages are getting bounced back from the relevant postmaster because of a virus attachment. Oddly enough though, I recognise the 3 people that these so called messages have been bounced back from - 2 scoobynet members and the guy I bought my PC from.
I ran McAfee again last night and it picked up a virus with a .scr root. It wouldn't let me clean, delete or qurantine the offending article. When I tried to find the file using search in file manager, I couldn't find it. I ran the virus checker again and everything looks all clear.
What's going on? Should I worry further?
Cheers
Kav (non IT-type)
1. I'm getting loads of mails with virus attachments from people unknown (no major problem because the virus checker pickes them up)
2. More worringly, I'm getting 'failed delivery' messages from my ISP in relation to messages I haven't even sent. These messages are getting bounced back from the relevant postmaster because of a virus attachment. Oddly enough though, I recognise the 3 people that these so called messages have been bounced back from - 2 scoobynet members and the guy I bought my PC from.
I ran McAfee again last night and it picked up a virus with a .scr root. It wouldn't let me clean, delete or qurantine the offending article. When I tried to find the file using search in file manager, I couldn't find it. I ran the virus checker again and everything looks all clear.
What's going on? Should I worry further?
Cheers
Kav (non IT-type)
05 September 2002, 08:25 AM
#2
Scooby Regular
Thread Starter
Join Date: Apr 2000
Posts: 404
Likes: 0
Received 0 Likes
on
0 Posts
......just got this back this morning concerning an e-mail I never sent.
This message was created automatically by mail delivery software (Exim).
A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:
scoobynet-southern-events@yahoogroups.com
This message has been rejected because it has
an apparently executable attachment demo.scr
This is a virus prevention measure.
If you meant to send this file then please
package it up as a zip file and resend it.
------ This is a copy of the message, including all the headers. ------
------ The body of the message is 333145 characters long; only the first
------ 65536 or so are included here.
Return-path: <davidkavanagh@madasafish.com>
Received: from [195.92.67.23] (helo=mail18.svr.pol.co.uk)
by cmailg2.svr.pol.co.uk with esmtp (Exim 3.35 #1)
id 17miKV-0008Ez-00
for scoobynet-southern-events@yahoogroups.com; Wed, 04 Sep 2002 23:08:55 +0100
Received: from modem-119.cleaner-wrasse.dialup.pol.co.uk ([62.136.246.119] helo=Zkwx)
by mail18.svr.pol.co.uk with smtp (Exim 3.35 #1)
id 17miIv-0005N8-00
for scoobynet-southern-events@yahoogroups.com; Wed, 04 Sep 2002 23:07:18 +0100
From: davidkavanagh <davidkavanagh@madasafish.com>
To: scoobynet-southern-events@yahoogroups.com
Subject: For more information
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary=Tf34257249F785
Message-Id: <E17miIv-0005N8-00.2002-09-04-23-07-18@mail18.svr.pol.co.uk>
Date: Wed, 04 Sep 2002 23:07:18 +0100
--Tf34257249F785
Content-Type: text/html;
Content-Transfer-Encoding: quoted-printable
<HTML><HEAD></HEAD><BODY>
<iframe src=3Dcid:H407948WGF18 height=3D0 width=3D0>
</iframe>
<FONT></FONT></BODY></HTML>
--Tf34257249F785
Content-Type: audio/x-midi;
name=demo.scr
Content-Transfer-Encoding: base64
Content-ID: <H407948WGF18>
The common link here is that all of these phantom mails are being sent to people with a Scoobynet connection.
Any ideas?
This message was created automatically by mail delivery software (Exim).
A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:
scoobynet-southern-events@yahoogroups.com
This message has been rejected because it has
an apparently executable attachment demo.scr
This is a virus prevention measure.
If you meant to send this file then please
package it up as a zip file and resend it.
------ This is a copy of the message, including all the headers. ------
------ The body of the message is 333145 characters long; only the first
------ 65536 or so are included here.
Return-path: <davidkavanagh@madasafish.com>
Received: from [195.92.67.23] (helo=mail18.svr.pol.co.uk)
by cmailg2.svr.pol.co.uk with esmtp (Exim 3.35 #1)
id 17miKV-0008Ez-00
for scoobynet-southern-events@yahoogroups.com; Wed, 04 Sep 2002 23:08:55 +0100
Received: from modem-119.cleaner-wrasse.dialup.pol.co.uk ([62.136.246.119] helo=Zkwx)
by mail18.svr.pol.co.uk with smtp (Exim 3.35 #1)
id 17miIv-0005N8-00
for scoobynet-southern-events@yahoogroups.com; Wed, 04 Sep 2002 23:07:18 +0100
From: davidkavanagh <davidkavanagh@madasafish.com>
To: scoobynet-southern-events@yahoogroups.com
Subject: For more information
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary=Tf34257249F785
Message-Id: <E17miIv-0005N8-00.2002-09-04-23-07-18@mail18.svr.pol.co.uk>
Date: Wed, 04 Sep 2002 23:07:18 +0100
--Tf34257249F785
Content-Type: text/html;
Content-Transfer-Encoding: quoted-printable
<HTML><HEAD></HEAD><BODY>
<iframe src=3Dcid:H407948WGF18 height=3D0 width=3D0>
</iframe>
<FONT></FONT></BODY></HTML>
--Tf34257249F785
Content-Type: audio/x-midi;
name=demo.scr
Content-Transfer-Encoding: base64
Content-ID: <H407948WGF18>
The common link here is that all of these phantom mails are being sent to people with a Scoobynet connection.
Any ideas?
05 September 2002, 08:34 AM
#3
Scooby Regular
Join Date: Jun 2000
Posts: 13,735
Likes: 0
Received 0 Likes
on
0 Posts
It's Klez.
Someone with the virus has you in their contacts book. As well as sending to people in the contacts book, it sends *from* people in the contacts book. So you get the failed bounces back to you.
Good, innit?
Nick.
Someone with the virus has you in their contacts book. As well as sending to people in the contacts book, it sends *from* people in the contacts book. So you get the failed bounces back to you.
Good, innit?
Nick.
05 September 2002, 08:58 AM
#4
Moderator
Join Date: Dec 1998
Location: Staffs
Posts: 23,573
Likes: 0
Received 0 Likes
on
0 Posts
05 September 2002, 04:34 PM
#6
Scooby Regular
Join Date: Aug 2002
Posts: 1,977
Likes: 0
Received 0 Likes
on
0 Posts
Hey kav, this may possibly return, due to the nature of the way the virus propogates.
May be less painfull to change your email address
ie get another email account.and inform all those who regularly
mail you. But if guys that have the virus add the new mail address
have your new account ....off we go again.
May be less painfull to change your email address
ie get another email account.and inform all those who regularly
mail you. But if guys that have the virus add the new mail address
have your new account ....off we go again.
05 September 2002, 05:02 PM
#7
Scooby Regular
Thread Starter
Join Date: Apr 2000
Posts: 404
Likes: 0
Received 0 Likes
on
0 Posts
Blimey!
Thanks mate. I've just been through the full process so hopefully Virus Scan should be on top of things now I've got the latest .DAT installed.
Are there any recommendations on how often you should update your software?
Cheers
Kav
Thanks mate. I've just been through the full process so hopefully Virus Scan should be on top of things now I've got the latest .DAT installed.
Are there any recommendations on how often you should update your software?
Cheers
Kav
Trending Topics
Thread
Thread Starter
Forum
Replies
Last Post