J
John C
Today I have received several returned e mails that I have never sent, they
appear to have been checked for viruses then sent to me, I am sure I have no
viruses and am wondering if my e mail address could have been hijacked some
how, yesterday I did not receive three confirmation e mails that normally
arrive without fail, today they were fine.
I have tonight run Mc Afee avert stinger 1.8.4 all was ok, also Mc Afee
virus scan V4.5.1 was fine, there were no mails in my sent items in outlook
that I did not recognise, my Zone alarm is set to its highest settings and
tests run on sygate online confirms that all ports etc are secure, also I do
not use the address book facility.
I have listed some of the returned mails below and would be grateful of any
advice.
John
The original message was received at Fri, 5 Sep 2003 09:49:44 -0500 (CDT)
from remote167-186.gua.net [168.234.167.186]
----- The following addresses had permanent fatal errors -----
<[email protected]>
(reason: data format error)
----- Transcript of session follows -----
ANTIVIRUS SYSTEM FOUND VIRUSES
From: <[email protected]>
To: <[email protected]>
Subject: Re: That movie
dfh85Enhn89939/wicked_scr.scr infected: I-Worm.Sobig.f
This Message Contain Viruses. You Will have to Clean your PC
with an Updated Antivirus Software Before Sending any Mail.
554 5.6.0 Viruses were detected
501 5.6.0 Data format error
V I R U S (A L E R T A)
Foi encontrado VIRUS no e-mail que voce enviou para
"(e-mail address removed)".
O seu envio foi cancelado!
Favor fazer uma verificacao geral no seu equipamento.
AMaViS - A Mail Virus Scanner, licenced GPL
Para sua referencia, seque os cabecalhos do seu e-mail:
------------------------- BEGIN HEADERS -----------------------------
Return-Path: <[email protected]>
Received: from MTLRECEPCION (remote167-186.gua.net [168.234.167.186])
by cpdadm06.grupolider.com.br () with ESMTP id h85JGgk14746
for <[email protected]>; Fri, 5 Sep 2003 16:16:43 -0300
Message-Id: <[email protected]>
From: <[email protected]>
To: <[email protected]>
Subject: Re: Wicked screensaver
Date: Fri, 5 Sep 2003 13:04:56 --0600
X-MailScanner: Found to be clean
Importance: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MSMail-Priority: Normal
X-Priority: 3 (Normal)
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="_NextPart_000_00EF0B6F"
X-AntiVirus: scanned for viruses by AMaViS 0.2.1 (http://amavis.org/)
This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:
(e-mail address removed)
This message has been rejected because it has
a potentially executable attachment "your_details.pif"
This form of attachment has been used by
recent viruses or other malware.
If you meant to send this file then please
package it up as a zip file and resend it.
------ This is a copy of the message, including all the headers. ------
Return-path: <[email protected]>
Received: from [168.234.167.186] (helo=MTLRECEPCION)
by server865.gisol.com with esmtp (Exim 4.20)
id 19vLcl-0007Pj-Ty
for (e-mail address removed); Fri, 05 Sep 2003 11:48:01 -0700
From: <[email protected]>
To: <[email protected]>
Subject: Re: Approved
Date: Fri, 5 Sep 2003 12:47:56 --0600
X-MailScanner: Found to be clean
Importance: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MSMail-Priority: Normal
X-Priority: 3 (Normal)
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="_NextPart_000_00DF8763"
Message-Id: <[email protected]>
This is a multipart message in MIME format
--_NextPart_000_00DF8763
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Please see the attached file for details.
--_NextPart_000_00DF8763
Content-Type: application/octet-stream;
name="your_details.pif"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="your_details.pif"
This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:
(e-mail address removed)
This message has been rejected because it has
a potentially executable attachment "wicked_scr.scr"
This form of attachment has been used by
recent viruses or other malware.
If you meant to send this file then please
package it up as a zip file and resend it.
------ This is a copy of the message, including all the headers. ------
Return-path: <[email protected]>
Received: from [168.234.167.186] (helo=MTLRECEPCION)
by server865.gisol.com with esmtp (Exim 4.20)
id 19vIGv-0007li-Iz
for (e-mail address removed); Fri, 05 Sep 2003 08:13:16 -0700
From: <[email protected]>
To: <[email protected]>
Subject: Re: Details
Date: Fri, 5 Sep 2003 9:13:09 --0600
X-MailScanner: Found to be clean
Importance: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MSMail-Priority: Normal
X-Priority: 3 (Normal)
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="_NextPart_000_001AE36C"
Message-Id: <[email protected]>
This is a multipart message in MIME format
--_NextPart_000_001AE36C
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Please see the attached file for details.
--_NextPart_000_001AE36C
Content-Type: application/octet-stream;
name="wicked_scr.scr"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="wicked_scr.scr"
This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:
(e-mail address removed)
This message has been rejected because it has
a potentially executable attachment "thank_you.pif"
This form of attachment has been used by
recent viruses or other malware.
If you meant to send this file then please
package it up as a zip file and resend it.
------ This is a copy of the message, including all the headers. ------
Return-path: <[email protected]>
Received: from [168.234.167.186] (helo=MTLRECEPCION)
by server865.gisol.com with esmtp (Exim 4.20)
id 19vJBs-0004F5-Kf
for (e-mail address removed); Fri, 05 Sep 2003 09:12:05 -0700
From: <[email protected]>
To: <[email protected]>
Subject: Your details
Date: Fri, 5 Sep 2003 10:12:04 --0600
X-MailScanner: Found to be clean
Importance: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MSMail-Priority: Normal
X-Priority: 3 (Normal)
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="_NextPart_000_0050C7B0"
Message-Id: <[email protected]>
This is a multipart message in MIME format
--_NextPart_000_0050C7B0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Please see the attached file for details.
--_NextPart_000_0050C7B0
Content-Type: application/octet-stream;
name="thank_you.pif"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="thank_you.pif"
V I R U S (A L E R T A)
Foi encontrado VIRUS no e-mail que voce enviou para
"(e-mail address removed)".
O seu envio foi cancelado!
Favor fazer uma verificacao geral no seu equipamento.
AMaViS - A Mail Virus Scanner, licenced GPL
Para sua referencia, seque os cabecalhos do seu e-mail:
------------------------- BEGIN HEADERS -----------------------------
Return-Path: <[email protected]>
Received: from MTLRECEPCION (remote167-186.gua.net [168.234.167.186])
by cpdadm06.grupolider.com.br () with ESMTP id h85JLak20213
for <[email protected]>; Fri, 5 Sep 2003 16:21:36 -0300
Message-Id: <[email protected]>
From: <[email protected]>
To: <[email protected]>
Subject: Your details
Date: Fri, 5 Sep 2003 13:09:48 --0600
X-MailScanner: Found to be clean
Importance: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MSMail-Priority: Normal
X-Priority: 3 (Normal)
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="_NextPart_000_00F384F1"
X-AntiVirus: scanned for viruses by AMaViS 0.2.1 (http://amavis.org/)
appear to have been checked for viruses then sent to me, I am sure I have no
viruses and am wondering if my e mail address could have been hijacked some
how, yesterday I did not receive three confirmation e mails that normally
arrive without fail, today they were fine.
I have tonight run Mc Afee avert stinger 1.8.4 all was ok, also Mc Afee
virus scan V4.5.1 was fine, there were no mails in my sent items in outlook
that I did not recognise, my Zone alarm is set to its highest settings and
tests run on sygate online confirms that all ports etc are secure, also I do
not use the address book facility.
I have listed some of the returned mails below and would be grateful of any
advice.
John
The original message was received at Fri, 5 Sep 2003 09:49:44 -0500 (CDT)
from remote167-186.gua.net [168.234.167.186]
----- The following addresses had permanent fatal errors -----
<[email protected]>
(reason: data format error)
----- Transcript of session follows -----
ANTIVIRUS SYSTEM FOUND VIRUSES
From: <[email protected]>
To: <[email protected]>
Subject: Re: That movie
dfh85Enhn89939/wicked_scr.scr infected: I-Worm.Sobig.f
This Message Contain Viruses. You Will have to Clean your PC
with an Updated Antivirus Software Before Sending any Mail.
554 5.6.0 Viruses were detected
501 5.6.0 Data format error
V I R U S (A L E R T A)
Foi encontrado VIRUS no e-mail que voce enviou para
"(e-mail address removed)".
O seu envio foi cancelado!
Favor fazer uma verificacao geral no seu equipamento.
AMaViS - A Mail Virus Scanner, licenced GPL
Para sua referencia, seque os cabecalhos do seu e-mail:
------------------------- BEGIN HEADERS -----------------------------
Return-Path: <[email protected]>
Received: from MTLRECEPCION (remote167-186.gua.net [168.234.167.186])
by cpdadm06.grupolider.com.br () with ESMTP id h85JGgk14746
for <[email protected]>; Fri, 5 Sep 2003 16:16:43 -0300
Message-Id: <[email protected]>
From: <[email protected]>
To: <[email protected]>
Subject: Re: Wicked screensaver
Date: Fri, 5 Sep 2003 13:04:56 --0600
X-MailScanner: Found to be clean
Importance: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MSMail-Priority: Normal
X-Priority: 3 (Normal)
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="_NextPart_000_00EF0B6F"
X-AntiVirus: scanned for viruses by AMaViS 0.2.1 (http://amavis.org/)
This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:
(e-mail address removed)
This message has been rejected because it has
a potentially executable attachment "your_details.pif"
This form of attachment has been used by
recent viruses or other malware.
If you meant to send this file then please
package it up as a zip file and resend it.
------ This is a copy of the message, including all the headers. ------
Return-path: <[email protected]>
Received: from [168.234.167.186] (helo=MTLRECEPCION)
by server865.gisol.com with esmtp (Exim 4.20)
id 19vLcl-0007Pj-Ty
for (e-mail address removed); Fri, 05 Sep 2003 11:48:01 -0700
From: <[email protected]>
To: <[email protected]>
Subject: Re: Approved
Date: Fri, 5 Sep 2003 12:47:56 --0600
X-MailScanner: Found to be clean
Importance: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MSMail-Priority: Normal
X-Priority: 3 (Normal)
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="_NextPart_000_00DF8763"
Message-Id: <[email protected]>
This is a multipart message in MIME format
--_NextPart_000_00DF8763
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Please see the attached file for details.
--_NextPart_000_00DF8763
Content-Type: application/octet-stream;
name="your_details.pif"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="your_details.pif"
This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:
(e-mail address removed)
This message has been rejected because it has
a potentially executable attachment "wicked_scr.scr"
This form of attachment has been used by
recent viruses or other malware.
If you meant to send this file then please
package it up as a zip file and resend it.
------ This is a copy of the message, including all the headers. ------
Return-path: <[email protected]>
Received: from [168.234.167.186] (helo=MTLRECEPCION)
by server865.gisol.com with esmtp (Exim 4.20)
id 19vIGv-0007li-Iz
for (e-mail address removed); Fri, 05 Sep 2003 08:13:16 -0700
From: <[email protected]>
To: <[email protected]>
Subject: Re: Details
Date: Fri, 5 Sep 2003 9:13:09 --0600
X-MailScanner: Found to be clean
Importance: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MSMail-Priority: Normal
X-Priority: 3 (Normal)
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="_NextPart_000_001AE36C"
Message-Id: <[email protected]>
This is a multipart message in MIME format
--_NextPart_000_001AE36C
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Please see the attached file for details.
--_NextPart_000_001AE36C
Content-Type: application/octet-stream;
name="wicked_scr.scr"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="wicked_scr.scr"
This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:
(e-mail address removed)
This message has been rejected because it has
a potentially executable attachment "thank_you.pif"
This form of attachment has been used by
recent viruses or other malware.
If you meant to send this file then please
package it up as a zip file and resend it.
------ This is a copy of the message, including all the headers. ------
Return-path: <[email protected]>
Received: from [168.234.167.186] (helo=MTLRECEPCION)
by server865.gisol.com with esmtp (Exim 4.20)
id 19vJBs-0004F5-Kf
for (e-mail address removed); Fri, 05 Sep 2003 09:12:05 -0700
From: <[email protected]>
To: <[email protected]>
Subject: Your details
Date: Fri, 5 Sep 2003 10:12:04 --0600
X-MailScanner: Found to be clean
Importance: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MSMail-Priority: Normal
X-Priority: 3 (Normal)
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="_NextPart_000_0050C7B0"
Message-Id: <[email protected]>
This is a multipart message in MIME format
--_NextPart_000_0050C7B0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Please see the attached file for details.
--_NextPart_000_0050C7B0
Content-Type: application/octet-stream;
name="thank_you.pif"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="thank_you.pif"
V I R U S (A L E R T A)
Foi encontrado VIRUS no e-mail que voce enviou para
"(e-mail address removed)".
O seu envio foi cancelado!
Favor fazer uma verificacao geral no seu equipamento.
AMaViS - A Mail Virus Scanner, licenced GPL
Para sua referencia, seque os cabecalhos do seu e-mail:
------------------------- BEGIN HEADERS -----------------------------
Return-Path: <[email protected]>
Received: from MTLRECEPCION (remote167-186.gua.net [168.234.167.186])
by cpdadm06.grupolider.com.br () with ESMTP id h85JLak20213
for <[email protected]>; Fri, 5 Sep 2003 16:21:36 -0300
Message-Id: <[email protected]>
From: <[email protected]>
To: <[email protected]>
Subject: Your details
Date: Fri, 5 Sep 2003 13:09:48 --0600
X-MailScanner: Found to be clean
Importance: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MSMail-Priority: Normal
X-Priority: 3 (Normal)
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="_NextPart_000_00F384F1"
X-AntiVirus: scanned for viruses by AMaViS 0.2.1 (http://amavis.org/)