Loading ...
Sorry, an error occurred while loading the content.
 

Problems with computer

Expand Messages
  • Xenia Stanford
    For all you computer gurus out there - I wonder if you have any advice for me. It seems that someone is using my email address to send out viruses. I assume
    Message 1 of 5 , Aug 21, 2003
      For all you computer gurus out there - I wonder if you have any advice for
      me. It seems that someone is using my email address to send out viruses. I
      assume this because I scanned my email and computer using two different
      up-to-date virus scanning software and no viruses were found but I keep
      receiving email such as the one below. What can I do to stop this?

      Return-Path: <HUBNY1/VNUUSA.VNUUSA@...>
      Received: from mail40.megamailservers.com ([216.251.36.40])
      by priv-edtnes53.telusplanet.net
      (InterMail vM.5.01.05.17 201-253-122-126-117-20021021) with ESMTP
      id
      <20030821142855.GRII19380.priv-edtnes53.telusplanet.net@...
      rs.com>
      for <xenias@...>; Thu, 21 Aug 2003 08:28:55 -0600
      Received: from smtpny3.vnuusa.com (smtpny3.vnuusa.com [63.251.31.165])
      by mail40.megamailservers.com (8.12.9/8.12.9) with ESMTP id h7LESrdx044075
      for <president@...>; Thu, 21 Aug 2003 10:28:54 -0400 (EDT)
      Received: from hubny1.vnuusa.org (unverified) by smtpny3.vnuusa.com
      (Content Technologies SMTPRS 4.3.10) with ESMTP id
      <T64306e59f10abe14a5708@...> for <president@...>;
      Thu, 21 Aug 2003 10:21:07 -0400
      To: president.knowmap.com.VNUUSA@...
      Date: Thu, 21 Aug 2003 10:28:34 -0400
      X-Priority: 3 (Normal)
      From: HUBNY1/VNUUSA.VNUUSA@...
      Subject: Virus Alert - ScanMail for Lotus Notes --> Re: Wicked screensaver
      Message-ID: <OF98F0A503.C21384B0-ON85256D89.004F8551@...>
      X-MIMETrack: Serialize by Router on HUBNY1/VNUUSA
      (Release 5.0.12 |February 13, 2003) at 08/21/2003 10:28:36 AM
      MIME-Version: 1.0
      Content-type: text/plain; charset="us-ascii"

      -----Original Message-----
      From: HUBNY1/VNUUSA.VNUUSA@...
      [mailto:HUBNY1/VNUUSA.VNUUSA@...]
      Sent: August 21, 2003 8:29 AM
      To: president.knowmap.com.VNUUSA@...
      Subject: Virus Alert - ScanMail for Lotus Notes --> Re: Wicked
      screensaver


      (A virus has been detected in a message you originated and has been
      logged.)


      Date: 08/21/2003 10:28:34 AM
      Subject: Re: Wicked screensaver
      Virus: WORM_SOBIG.F
      File: document_9446.pif
      From: president@...@VNUUSA
      To: gmeo@...
      Bcc: Gary Meo
      Action: Deleted;

      Scanned by ScanMail for Lotus Notes 2.6
      with scanengine 6.510-1002
      and patternfile lpt$vpn.618



      http://www.afhs.ab.ca
    • owner dist gen
      Dear Xenia, There is probably nothing you can do. Likely, someone who has you in their address book has the virus. Their computer sends out messages pretending
      Message 2 of 5 , Aug 21, 2003
        Dear Xenia,

        There is probably nothing you can do.

        Likely, someone who has you in their address book has the virus. Their
        computer sends out messages pretending to come from addresses it finds
        in its address book. It will likely stop in a day or two, either when
        they realize they have a virus or when the program moves onto someone
        else in the infected computer's address.
        Reading headers is not hard and you might be able to take the original
        message (not the one you see) and tell who is sending the address. If
        you get a warning from someone you know, you could ask them to copy
        only the header and send it to you and see if you can figure out who is
        infected.

        Sorry, not much help.
        On Thursday, Aug 21, 2003, at 09:49 Canada/Mountain, Xenia Stanford
        wrote:

        > What can I do to stop this?

        http://www.afhs.ab.ca
      • Phil
        Xenia, Several virus programs steal email addresses from files on the computer they are running on, then use the acquired address to fake the from
        Message 3 of 5 , Aug 21, 2003
          Xenia,

          Several virus programs 'steal' email addresses from files on the computer
          they are running on, then use the acquired address to fake the from
          information in the emails it sends out. This looks like an automated
          message. The mail system (in this case probably for gmeo@... )
          has virus scanning software, and automatically 'replies' to messages when it
          detects a virus.

          You could try sending an email to:
          HUBNY1/VNUUSA.VNUUSA@... (where the message you got came from)
          abuse@... (a network abuse address for the mail server)
          abuse-noverbose@... (a network abuse address for the mail server)
          abuse@... (the network abuse address for scarborough.com)

          telling them that the virus detection / reporting software is not smart
          enough to figure out where the virus email actually came from, and to stop
          'spamming' you with messages saying you are sending virus emails, when you
          are not. The message you got does not include enough details to track where
          the virus really came from, but the original message they got would have.

          The message even shows which virus it detected ( WORM_SOBIG.F ), and the
          information about that virus:

          http://securityresponse.symantec.com/avcenter/venc/data/w32.sobig.f@...

          specifically shows that the virus fakes / spoofs the from information. You
          will probably be getting this type of message from several places, if the
          virus has decided to us your email for all the messages it sends. The
          addresses to complain to will change for each case. If one of the messages
          you get includes more information (the 'Received:' header lines like you
          show in the email you received) about the email that actually had the virus,
          that information can be used to trace where the virus is really coming from
          (possibly the actual email address, more like just the ISP for the person
          with the virus). From that you can complain to the ISP, and possibly get
          the virus removed, which would get the messages stopped.

          I went through all of this once in the same situation. I was lucky, in that
          I found real live human contacts, which were willing to listen, and
          understood that the software sending the messages was broken. From another
          context, I recognize some the email addresses I found for this, and this
          looks like mostly automated reporting systems. The second addresses is
          probably your best chance (send to all of them anyway).

          --
          Phil
          ----- Original Message -----
          From: "Xenia Stanford" <president@...>
          To: "List AFHS" <dist-gen@...>
          Sent: Thursday, August 21, 2003 9:49 AM
          Subject: Problems with computer


          > For all you computer gurus out there - I wonder if you have any advice for
          > me. It seems that someone is using my email address to send out viruses. I
          > assume this because I scanned my email and computer using two different
          > up-to-date virus scanning software and no viruses were found but I keep
          > receiving email such as the one below. What can I do to stop this?
          >
          > Return-Path: <HUBNY1/VNUUSA.VNUUSA@...>
          > Received: from mail40.megamailservers.com ([216.251.36.40])
          > by priv-edtnes53.telusplanet.net
          > (InterMail vM.5.01.05.17 201-253-122-126-117-20021021) with
          ESMTP
          > id
          >
          <20030821142855.GRII19380.priv-edtnes53.telusplanet.net@...
          > rs.com>
          > for <xenias@...>; Thu, 21 Aug 2003 08:28:55 -0600
          > Received: from smtpny3.vnuusa.com (smtpny3.vnuusa.com [63.251.31.165])
          > by mail40.megamailservers.com (8.12.9/8.12.9) with ESMTP id h7LESrdx044075
          > for <president@...>; Thu, 21 Aug 2003 10:28:54 -0400 (EDT)
          > Received: from hubny1.vnuusa.org (unverified) by smtpny3.vnuusa.com
          > (Content Technologies SMTPRS 4.3.10) with ESMTP id
          > <T64306e59f10abe14a5708@...> for
          <president@...>;
          > Thu, 21 Aug 2003 10:21:07 -0400
          > To: president.knowmap.com.VNUUSA@...
          > Date: Thu, 21 Aug 2003 10:28:34 -0400
          > X-Priority: 3 (Normal)
          > From: HUBNY1/VNUUSA.VNUUSA@...
          > Subject: Virus Alert - ScanMail for Lotus Notes --> Re: Wicked screensaver
          > Message-ID: <OF98F0A503.C21384B0-ON85256D89.004F8551@...>
          > X-MIMETrack: Serialize by Router on HUBNY1/VNUUSA
          > (Release 5.0.12 |February 13, 2003) at 08/21/2003 10:28:36 AM
          > MIME-Version: 1.0
          > Content-type: text/plain; charset="us-ascii"
          >
          > -----Original Message-----
          > From: HUBNY1/VNUUSA.VNUUSA@...
          > [mailto:HUBNY1/VNUUSA.VNUUSA@...]
          > Sent: August 21, 2003 8:29 AM
          > To: president.knowmap.com.VNUUSA@...
          > Subject: Virus Alert - ScanMail for Lotus Notes --> Re: Wicked
          > screensaver
          >
          >
          > (A virus has been detected in a message you originated and has been
          > logged.)
          >
          >
          > Date: 08/21/2003 10:28:34 AM
          > Subject: Re: Wicked screensaver
          > Virus: WORM_SOBIG.F
          > File: document_9446.pif
          > From: president@...@VNUUSA
          > To: gmeo@...
          > Bcc: Gary Meo
          > Action: Deleted;
          >
          > Scanned by ScanMail for Lotus Notes 2.6
          > with scanengine 6.510-1002
          > and patternfile lpt$vpn.618
          >
          >
          >
          > http://www.afhs.ab.ca
          >


          http://www.afhs.ab.ca
        • Xenia Stanford
          Thanks Mary. I did send the header info with my message so that if there was a clue maybe one could pick it up but not sure I could spot anything to help. This
          Message 4 of 5 , Aug 22, 2003
            Thanks Mary. I did send the header info with my message so that if there was
            a clue maybe one could pick it up but not sure I could spot anything to
            help. This was the third day of this problem and you are right, it seems to
            have died down late today.

            Xenia

            -----Original Message-----
            From: owner-dist-gen@...
            [mailto:owner-dist-gen@...]On Behalf Of owner dist gen
            Sent: August 21, 2003 5:56 PM
            To: dist-gen@...
            Subject: Re: address being spoofed


            Dear Xenia,

            There is probably nothing you can do.

            Likely, someone who has you in their address book has the virus. Their
            computer sends out messages pretending to come from addresses it finds
            in its address book. It will likely stop in a day or two, either when
            they realize they have a virus or when the program moves onto someone
            else in the infected computer's address.
            Reading headers is not hard and you might be able to take the original
            message (not the one you see) and tell who is sending the address. If
            you get a warning from someone you know, you could ask them to copy
            only the header and send it to you and see if you can figure out who is
            infected.

            Sorry, not much help.
            On Thursday, Aug 21, 2003, at 09:49 Canada/Mountain, Xenia Stanford
            wrote:

            > What can I do to stop this?

            http://www.afhs.ab.ca

            http://www.afhs.ab.ca
          • Xenia Stanford
            Thanks for the suggestion Dennis Since I publish a web magazine, I have developed a way for people to sign up for free trial issues and also have subscribers,
            Message 5 of 5 , Aug 22, 2003
              Thanks for the suggestion Dennis

              Since I publish a web magazine, I have developed a way for people to sign up
              for free trial issues and also have subscribers, writers and advertisers
              whose names I keep in separate mailing groups by type of contact = thousands
              of contacts. I cannot warn them all unfortunately and any mass email warning
              could only add to the unwanted email.

              It is interesting that this is a topic in the Ziff-Davis ZDNet magazine on
              the web to which I subscribe. However, I think anyone (subscriber or not)
              can take a look at the article at the site below:

              http://techupdate.zdnet.com/techupdate/stories/main/0,14179,2914521,00.html

              The article writer says the service provider should be held accountable.
              Wish I could get telus to care!

              Like myself, David Berlind, the writer, did not find the virus on his
              system.

              Xenia Stanford

              -----Original Message-----
              From: pdg37e@... [mailto:pdg37e@...]
              Sent: August 22, 2003 6:17 AM
              To: dist-gen@...; Xenia Stanford
              Subject: Re: RE: address being spoofed


              Xenia,

              The only thing you might want to do is to advise all those persons that
              would have your email address in thier address book about what happened and
              suggest to them that they double check the virus scanner on thier systems.
              This type of thing can happen without them realizing it if they happen to
              have a virus on thier pc.

              Thanks,

              Dennis J Stevenson

              Lion Dennis J Stevenson, PDG
              Calgary North Hill Lions Club
              Voice: 403-295-0107
              Fax: 403-295-0113
              Cell: 403-605-7765
              Email: pdg37e@...

              ----- Original Message -----
              From: Xenia Stanford <president@...>
              Date: Friday, August 22, 2003 2:10 am
              Subject: RE: address being spoofed

              > Thanks Mary. I did send the header info with my message so that if
              > there was
              > a clue maybe one could pick it up but not sure I could spot
              > anything to
              > help. This was the third day of this problem and you are right, it
              > seems to
              > have died down late today.
              >
              > Xenia
              >
              > -----Original Message-----
              > From: owner-dist-gen@...
              > [owner-dist-gen@...]On Behalf Of owner dist gen
              > Sent: August 21, 2003 5:56 PM
              > To: dist-gen@...
              > Subject: Re: address being spoofed
              >
              >
              > Dear Xenia,
              >
              > There is probably nothing you can do.
              >
              > Likely, someone who has you in their address book has the virus. Their
              > computer sends out messages pretending to come from addresses it finds
              > in its address book. It will likely stop in a day or two, either when
              > they realize they have a virus or when the program moves onto someone
              > else in the infected computer's address.
              > Reading headers is not hard and you might be able to take the original
              > message (not the one you see) and tell who is sending the address. If
              > you get a warning from someone you know, you could ask them to copy
              > only the header and send it to you and see if you can figure out
              > who is
              > infected.
              >
              > Sorry, not much help.
              > On Thursday, Aug 21, 2003, at 09:49 Canada/Mountain, Xenia Stanford
              > wrote:
              >
              > > What can I do to stop this?
              >
              > http://www.afhs.ab.ca
              >
              > http://www.afhs.ab.ca
              >


              http://www.afhs.ab.ca
            Your message has been successfully submitted and would be delivered to recipients shortly.