[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [APML] OT: Help with Virus info

To: "Discussion of Film Astrophotography" <astro-photo@seds.org>
Subject: Re: [APML] OT: Help with Virus info
From: "Walter Willis" <wwillis1@qwest.net>
Date: Sat, 23 Aug 2003 09:23:05 -0700
In-Reply-To: <001401c36990$1eb82ea0$5345fea9@rocinante2>
List-Archive: <http://seds.org/mailman/private/astro-photo>
List-Help: <mailto:astro-photo-request@seds.org?subject=help>
List-Id: Discussion of Film Astrophotography <astro-photo.seds.org>
List-Post: <mailto:astro-photo@seds.org>
List-Subscribe: <http://seds.org/mailman/listinfo/astro-photo>,<mailto:astro-photo-request@seds.org?subject=subscribe>
List-Unsubscribe: <http://seds.org/mailman/listinfo/astro-photo>,<mailto:astro-photo-request@seds.org?subject=unsubscribe>
References: <HK10M1$E14FEE90567B08FD10F9449EFE932E97@libero.it><3F46D3D4.1040902@earthlink.net><001201c36922$ca4f3920$6400a8c0@c1852522a><003801c3695c$3a93d360$bcd685d9@pchome><005101c3698c$af223b60$6400a8c0@c1852522a><001401c36990$1eb82ea0$5345fea9@rocinante2>
Reply-To: Discussion of Film Astrophotography <astro-photo@seds.org>
Sender: astro-photo-bounces@seds.org
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US;rv:1.4) Gecko/20030624 Netscape/7.1 (ax)

Hello Brian

There is a good chance that you are not infected.  There are two things 
that the sobib.f virus does, which is the one that has the subject you 
listed. 

1)  It sends out email using email address found on the infected 
computer as the 'sender'.  So, somewhere it has found your email address 
on someones computer and it sent an email out that was infected.  
Because the receiving system thinks it is you, it replied to your email 
address.

2)  It sends out 'fake' virus software response emails.  There will be 
an attachement that has the infected file in it.  If your email was 
caught by a legitimate virus package and a note sent to you I don't 
think it would send the virus back.

Walter

Brian Larmay wrote:

>Hi, I havent been posting lately due to a possible vius that I may have.
>2 day s ago I was bombed by at least 200 virus emails with headers such as
>"your application", "your approved", "thank you", "Wicked Screensaver",
>etc., etc.
>
>Since then, the virus attacks have stopped, but now I get emails saying my
>mail is undeliverable which I havent even sent.
>
>I upgraded to AVG 7.0 antivirus and it cant find any virus in my OS.
>
>I recieved one email back which reads:
>
>
><snip>
>
>This is the Postfix program at host mail.messagingengine.com.
>
>I'm sorry to have to inform you that the message returned
>below could not be delivered to one or more destinations.
>
>For further assistance, please send mail to <postmaster>
>
>If you do so, please include this problem report. You can
>delete your own text from the message returned below.
>
>The Postfix program
>
><riceman@fastmail.fm>: host 10.202.2.150[10.202.2.150] said: 552 Common
>virus
>    payload files .pif and .scr blocked (eg. W32/Sobig). To send this file,
>    please zip it first (in reply to end of DATA command)
>
><snip>
>
>There is an attachment that came with it that reads: "Your application",
>with a file size of: 2.97 kb
>
>My assumption is that I am being used to deliver these viruses.
>
>Ive also scanned my OS with the Symantec W32.Sobig.E@mm removal tool and
>found nothing.
>
>Help!!
>
>Brian
>
>_______________________________________________
>Astro-Photo mailing list
>Astro-Photo@seds.org
>http://seds.org/mailman/listinfo/astro-photo
>
>
>  
>


_______________________________________________
Astro-Photo mailing list
Astro-Photo@seds.org
http://seds.org/mailman/listinfo/astro-photo

Follow-Ups:
- Re: [APML] OT: Help with Virus info
  - From: "Brian Larmay" <astrobri@ameritech.net>

References:
- [APML] Home Page updated
  - From: "lorenzi\@libero\.it" <lorenzi@libero.it>
- Re: [APML] Home Page updated
  - From: Michael Cole <mrcole@earthlink.net>
- Re: [APML] Home Page updated
  - From: "Robert Gendler" <robgendler@worldnet.att.net>
- Re: [APML] Home Page updated
  - From: "Marco Lorenzi" <lorenzi70@tiscali.it>
- [APML] OT: Iris Nebula
  - From: "Robert Gendler" <robgendler@worldnet.att.net>
- [APML] OT: Help with Virus info
  - From: "Brian Larmay" <astrobri@ameritech.net>

Prev by Author: Re: [APML] Pushing & Mars
Next by Author: [APML] Agfa Optima Prestige film
Prev by thread: Re: [APML] OT: Help with Virus info
Next by thread: Re: [APML] OT: Help with Virus info
Index(es):
- Author
- Thread