Help identifying virus

  • Thread starter Thread starter HeyBub
  • Start date Start date
H

HeyBub

I get an email. Almost instantly another email "arrives" with the same
subject but containing the following text:

--- begin quote
Hello

How are you doing recently?

I would like to introduce you a very good company which i knew. Their

website is www.ebakm.com They can offer

you all kinds of electronical products which you need,like Laptops ,GPS ,TV
LCD,Cell Phones,PS3,MP3/4,Watch etc........

Please take some time to have a check ,there must be something you 'd like
to purchase .

Hope you have a good mood in shopping from their company !

Best Regards!!!

--- end quote



I suspect it's a virus existing locally because the headers make no sense
and SpamCop agrees that the header is incomplete/missing.



Resident Avast has never complained and online scanning by both McCaffee and
another found nothing.



It's a mystery.



Thanks for your help.
 
From: "HeyBub" <[email protected]>

| I get an email. Almost instantly another email "arrives" with the same
| subject but containing the following text:

| --- begin quote
| Hello

| How are you doing recently?

| I would like to introduce you a very good company which i knew. Their

| website is www.ebakm.com They can offer

| you all kinds of electronical products which you need,like Laptops ,GPS ,TV
| LCD,Cell Phones,PS3,MP3/4,Watch etc........

| Please take some time to have a check ,there must be something you 'd like
| to purchase .

| Hope you have a good mood in shopping from their company !

| Best Regards!!!

| --- end quote



| I suspect it's a virus existing locally because the headers make no sense
| and SpamCop agrees that the header is incomplete/missing.
| Resident Avast has never complained and online scanning by both McCaffee and
| another found nothing.

| It's a mystery.
| Thanks for your help.


It's spam.

Either post the headers (obfuscating personal information) or just delete it and forget
about it.
 
"HeyBub" <[email protected]> said this in news item

I occasionally receive similar stuff. Doesn't have to be a virus - could be
ordinary spam. Create a filter in your mail client that permanently deletes
anything with the string "ebakm" in the message. You might also want to
check your account settings at your ISP. Most have adjustable spam filters.
 
David said:
It's spam.

Either post the headers (obfuscating personal information) or just
delete it and forget about it.
Click to expand...

Of course it's spam, but not really inasmuch as it wasn't sent as an email.
To restate the circumstances of its appearence:

I get an email from a known source, then, almost instantly, another email
"arrives" with exactly the same subject line as the righteous email but
containing the aformentioned text as the body.

The headers (probably) won't help. Here is a complete header, for what it's
worth:

--- begin "header"
Date: Mon, 8 Feb 2010 07:46:57 -0800
From: "(xxxxxx)" <(my name)>
To: (e-mail address removed)
Message-ID: <[email protected]>
Subject: Hello Re: Thank you for your ProFlowers order: xxxxxxxx
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Precedence: bulk
X-Autoreply: yes
--- end header

I get one of these on about half the legit emails. So far I haven't
established a pattern.
 
PA said:
Create a Message Rule that will automatically move such messages to
Deleted Items folder and mark it as Read. Then delete the message(s)
without opening them (of course).

Message Rules Tips
http://www.insideoe.com/tips/rules.htm

Why doesn't my rule work?
http://www.insideoe.com/faqs/why.htm#rules
Click to expand...

Thanks for the advice. I can already get rid of them. My question is not
what to do with these oddball messages when they "arrive," but what causes
them in the first place.
 
It is definitely a spam as David Lippy has authoritatively stated. I
shall add that these spammers always send out probes to see if the
account exists. The messages are generally blank or with nothing in it.

The best thing is to open it (no as pig-bear says not to open it) with a
view to finding out their tricks, which changes almost daily. What you
mustn't do, however, is to reply to them or even to complain to their
ISP because some ISPs are so stupid that they send the entire message of
complaints (including your headers and email address) to the spammer and
this ensures they know you exist and you get more spams.

hth
 
HeyBub said:
I get an email. Almost instantly another email "arrives" with the
same subject but containing the following text:

--- begin quote
Hello

How are you doing recently?

I would like to introduce you a very good company which i knew.
Their website is www.ebakm.com They can offer
you all kinds of electronical products which you need,like Laptops
,GPS ,TV LCD,Cell Phones,PS3,MP3/4,Watch etc........

Please take some time to have a check ,there must be something
you'd like to purchase .

Hope you have a good mood in shopping from their company !
Best Regards!!!
--- end quote

I suspect it's a virus existing locally because the headers make no
sense and SpamCop agrees that the header is incomplete/missing.

Resident Avast has never complained and online scanning by both
McCaffee and another found nothing.

It's a mystery.

Thanks for your help.
Click to expand...

I get an email from a known source, then, almost instantly, another
email "arrives" with exactly the same subject line as the righteous
email but containing the aformentioned text as the body.

The headers (probably) won't help. Here is a complete header, for
what it's worth:

--- begin "header"
Date: Mon, 8 Feb 2010 07:46:57 -0800
From: "(xxxxxx)" <(my name)>
To: (e-mail address removed)
Message-ID: <[email protected]>
Subject: Hello Re: Thank you for your ProFlowers order: xxxxxxxx
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Precedence: bulk
X-Autoreply: yes
--- end header

I get one of these on about half the legit emails. So far I haven't
established a pattern.
Click to expand...
</brought in from another part of the conversation>
Create a Message Rule that will automatically move such messages to
Deleted Items folder and mark it as Read. Then delete the
message(s) without opening them (of course).

Message Rules Tips
http://www.insideoe.com/tips/rules.htm

Why doesn't my rule work?
http://www.insideoe.com/faqs/why.htm#rules
Click to expand...
Thanks for the advice. I can already get rid of them. My question
is not what to do with these oddball messages when they "arrive,"
but what causes them in the first place.
Click to expand...

You have an Internet email address and actively receive email. Welcome to
the wonderful world of email.

What I would do is compare the valid full email header with the obvious spam
message that follows header and see where their pathing differs.

It is entirely plausible your system has a trojan/virus, your email provider
has one, the people sending the email have one or someone is doing an
excellent job sniffing a network somewhere down the line and putting in
words/phrases they can reproduce with a bot and emailing you.

Then again - you might be seeing something (a pattern) where none exists.
That's human nature.
 
HeyBub,

Apparently everyone else replying to you is either too lazy to read your
message, or simply doesn't understand what you're saying, so maybe I can
offer a few pointers.

Have you actually tried installing antivirus (MBAM, AVG) and running a full
scan of your system? What email client are you using? If it's Outlook (not
Express) have you tried checking to see what plugins you have loaded? It
sounds as though it may be some kind of malware that's installed itself as a
plugin and is thus duplicating the incoming emails.

If you are using Outlook, you could try using Outlook Express to receive
emails to see if the same behaviour is duplicated there. When configuring
your account options, tell it to leave a copy of the messages on the server
so that you don't end up with half your emails in one app and the other half
in the other.

If the same thing happens in OE, then the malware is either operating at an
OS level or possibly (but highly unlikely) some sort of hack has occurred on
your ISP.

Hope that helps,
Alex Clark
 
Why do I keep getting adverts in my mailbox every week for stores &
businesses I've never heard of, that are hundreds of miles away from my home
and that I wouldn't patronize anyway?

Junk mail, be it snail mail or email, goes straight to the circular file,
unopened & unread.
 
PA said:
Why do I keep getting adverts in my mailbox every week for stores &
businesses I've never heard of, that are hundreds of miles away from
my home and that I wouldn't patronize anyway?
Click to expand...

You're missing his point...

1. He gets an email from a known source

2. He then gets SPAM with the *same subject* as the first - the one from the
known source.

--

dadiOH
____________________________

dadiOH's dandies v3.06...
....a help file of info about MP3s, recording from
LP/cassette and tips & tricks on this and that.
Get it at http://mysite.verizon.net/xico
 
HeyBub said:
I get an email. Almost instantly another email "arrives" with the same
subject but containing the following text:

--- begin quote
Hello

How are you doing recently?
Click to expand...

<snip>

Is there a pattern vis a vis the first email and the second? For example,
the SPAM always follows legit mail from a specific person or IP...

--

dadiOH
____________________________

dadiOH's dandies v3.06...
....a help file of info about MP3s, recording from
LP/cassette and tips & tricks on this and that.
Get it at http://mysite.verizon.net/xico
 
Alex said:
HeyBub,

Apparently everyone else replying to you is either too lazy to read
your message, or simply doesn't understand what you're saying, so
maybe I can offer a few pointers.

Have you actually tried installing antivirus (MBAM, AVG) and running
a full scan of your system? What email client are you using? If
it's Outlook (not Express) have you tried checking to see what
plugins you have loaded? It sounds as though it may be some kind of
malware that's installed itself as a plugin and is thus duplicating
the incoming emails.
If you are using Outlook, you could try using Outlook Express to
receive emails to see if the same behaviour is duplicated there. When
configuring your account options, tell it to leave a copy of the
messages on the server so that you don't end up with half your emails
in one app and the other half in the other.

If the same thing happens in OE, then the malware is either operating
at an OS level or possibly (but highly unlikely) some sort of hack
has occurred on your ISP.

Hope that helps,
Alex Clark
Click to expand...

Thanks. The system has been scanned by three different AV tools.

I'm using Outlook (not express). I've checked the add-ins and see nothing
remotely suspicious.

I'll try the Outlook Express trick. Thanks.
 
dadiOH said:
<snip>

Is there a pattern vis a vis the first email and the second? For
example, the SPAM always follows legit mail from a specific person or
IP...
Click to expand...

No. The message always follows a legit email, but the original sender seems
to be irrelevant. I'm reluctant to call it "spam" because I'm pretty sure it
was not actually SENT by a spammer. I think it's being generated internally
to my computer and stuffed in my in-box.
 
It's not from a known source, it's from what looks to be a known source.
This is called spoofing.
 
PA said:
It's not from a known source, it's from what looks to be a known
source. This is called spoofing.
Click to expand...

OP says...
"I get an email from a known source, then, almost instantly, another email
"arrives" with exactly the same subject line as the righteous email but
containing the aformentioned text as the body."

I took him at his word :)

dadiOH
____________
 
HeyBub said:
No. The message always follows a legit email, but the original sender seems
to be irrelevant. I'm reluctant to call it "spam" because I'm pretty sure it
was not actually SENT by a spammer. I think it's being generated internally
to my computer and stuffed in my in-box.
Click to expand...

It might be a bit tedious, but to confirm whether these spurious
messages are being generated locally or not, check the headers in your
inbox on your ISP's server without actually downloading anything. That
way you can see if messages with duplicate subjects are in fact arriving
at your ISP.

Some ISPs have a web interface to their POP3 mail. Or you might be able
to telnet into your inbox. Or use one of the various email removers that
work in a similar fashion (e.g., http://www.email-remover.com/index.htm)
 
HeyBub said:
No. The message always follows a legit email, but the original sender seems
to be irrelevant. I'm reluctant to call it "spam" because I'm pretty sure it
was not actually SENT by a spammer. I think it's being generated internally
to my computer and stuffed in my in-box.
Click to expand...

Well in that case you can do only one thing and that will solve the
riddle once and for all.

1) Clone your HD and store it somewhere safe on an external drive;
2) Re-install the OS from scratch after formatting the HD;
3) Run your mail to see if the symptoms still persists;
4) If everything is OK then it is time to put back your cloned HD, and
this time copy only your main documents before wiping everything again.

The reason for doing this is to save time because if the problem is in
the mail server or at ISP then clearly there is no point in wiping
anything from the HD. However, if the problem is in the drive itself
then it is time to start all over again.

I believe, I am the only one to claim that Anti-virus, Anti-Malware
programs are NOT full proof to all evils on this land nor are they a
silver bullet solution to all computer problems.

hth
 
20100209 said:
I believe, I am the only one to claim that Anti-virus, Anti-Malware
programs are NOT full proof to all evils on this land nor are they a
silver bullet solution to all computer problems.
Click to expand...

Only because no one ever made the claim that you didn't make that I have
seen anyway. ;-)
 
Look at all the idiots in this newsgroup who post spoofing others. Do you
take their posts to be the real thing?
PA said:
It's not from a known source, it's from what looks to be a known
source. This is called spoofing.
Click to expand...

OP says...
"I get an email from a known source, then, almost instantly, another email
"arrives" with exactly the same subject line as the righteous email but
containing the aformentioned text as the body."

I took him at his word :)

dadiOH
____________
dadiOH said:
PA Bear [MS MVP] wrote:
Why do I keep getting adverts in my mailbox every week for stores &
businesses I've never heard of, that are hundreds of miles away from
my home and that I wouldn't patronize anyway?

You're missing his point...

1. He gets an email from a known source

2. He then gets SPAM with the *same subject* as the first - the one
from the
known source.
Click to expand...
Click to expand...
Click to expand...
 
Back
Top