Need Help!!!!!!!!!!!!!!!!!

[Dragon]

I think I have the swen worm as I am constantly getting returned emails and
stuff like that. I have tried the fix tool from Symantec and changed the
name of it and all that what it tells me but when I run the tool its says it
cannot find the worm but I know I have it. what am I doing wrong as I am
still getting loads of emails with a suspected virus. Help would be
appreciated and I have already tried what Symantec have told me

Dave

 

[Wesley VogelX]

Dragon;
Read the 1000+ posts about this. You do not have the virus, someone
else does, who has your address.
Wes

 

[Mike Bynum]

I think I have the swen worm as I am constantly getting returned emails and
stuff like that. I have tried the fix tool from Symantec and changed the
name of it and all that what it tells me but when I run the tool its says it
cannot find the worm but I know I have it. what am I doing wrong as I am
still getting loads of emails with a suspected virus. Help would be
appreciated and I have already tried what Symantec have told me

Dave

Dave,

It's not you that has the worm, but someone with your email address in their
address book. Check your Sent Mail folder and you will find that you are
not sending out any email, therefore there isn't anything to be returned.
This is just one form this worm takes. You can set email rules to try to
block it, and/or check with your ISP and see if they can block it at their
server, and/or change your email address, or just keep deleting it until the
whole thing goes away which, judging by the number I'm still getting, is
going to take awhile.

Good luck,

Mike

 

[Chek]

Dave,
If you have up-to-date anti virus software and it says you're ok, then
you're ok.
If you don't, try the online scan here:
http://housecall.trendmicro.com/
The swen and related W32 virus signatures are well recognised now.
Try the 'AVG 6 free edition' anti-virus if you need it now, from:
www.grisoft.com
and update it immediately (I think 11 September is the current release date,
but you get free updates too).
Also make sure you have your windows updates fully current with all the
latest security patches.
Receiving the emails is ok, as long as you don't open them.
Set up a mail rule in Outlook Express (see under 'rules in OE help for
guidance) to delete them from the server - the title is usually the same for
a while, (till its changed to get round that method). But just update your
header rule when it does. These guys are no slouches.
The viruses are generating and spoofing email addresses, so you are not
necessarily the source.
Hope this helps,
Chek

 

[Dragon]

thanks guys just one quick question though how do I find out who has it so I
can contact them to tell them to take me out of their address book

cheers Dave

 

[Crusty \(-: Old B@stard :-\)]

You can't. They have to be smart enough to find it on their machine. All you
can do is e-mail everyone you think of and ask them to do a virus scan.

 

[Chek]

Mike,
That's not strictly true -some of these viruses have their own SMTP engine
and bypass your mail client.
Chek

 

[D.Currie]

It's not necessarily someone you know, either. Could be some mass-mailer
that has the bug, or some business that has your email address...or just
about anyone.

 

[kd7sk]

In self defense for the current epidemic of computer WORMS or viruses I have
set
up the following list of incoming mail filters to 'DELETE FROM SERVER' any
mail
which contains any of these words in the 'FROM' line. So far it is working
great except that I have to add a new one or two just about every day,
otherwise
I spend a bunch of time waiting for my antivirus to check the incoming mail
then
have to delete half of it any way because of the worms. One day recently
there
were well over 100 that were trapped by Norton Antivirus and quarantined on
my
system.

Here is my list as of this morning:

admin
administrator
emailprogram
internet delivery
mail delivery
mail service
message service
message storage
MS
network system
network email
security center
storage service
storage system
technical assistance
technical bulletin
webroutine

The above are all set to DELETE FROM SERVER so I never see them.

Another one is MICROSOFT which I do get some legitimate mail from
occasionally
so I have that one set to DELETE which puts it into my deleted message
folder
where I can check it for content before it is actually deleted. My
antivirus
strips off the attachment and puts it into quarantine before it goes into
the
deleted folder.

 

[Wesley VogelX]

I gave up on adding any more modifications to Mail Rules. Modifying
Mail Rules seemed to be taking more time then deleting the few that are
getting through. My flood has slowed down to a trickle.
One thing I have been doing is going to my ISP site and emptying
whatever exists there. I don't want them charging any more rent for storage
space. ;-)
Wes

 

[Chairmanmeow]

Quit using your real address in newsgroups!

Need a self distructing address? http://jetable.org/

Try Mailwasher (30 day free trial) you can preview your mail and
delete the crap before it ever gets yo your computer....
(http://www.firetrust.com/)

Meow

 

[Tim Slattery]

I think I have the swen worm as I am constantly getting returned emails and
stuff like that. I have tried the fix tool from Symantec and changed the
name of it and all that what it tells me but when I run the tool its says it
cannot find the worm but I know I have it. what am I doing wrong as I am
still getting loads of emails with a suspected virus. Help would be
appreciated and I have already tried what Symantec have told me

You don't have it. It forges return addresses on the emails that it
sends, and many receivers send email back to that forged return
address, trying to inform the sender of the infection. All you can do
is delete them. We are ALL deleting them. All day long. Every day.

 

[Mike Bynum]

Mike,
That's not strictly true -some of these viruses have their own SMTP engine
and bypass your mail client.
Chek

Chek,

Thanks for the information. That is something I did not know.

Mike

 

[Chek]

Mike,
Apparantly it's part of a process called winssk32.exe the virus runs
- lets hope nobody find sthat runnning on their system.
Information via the incomparable Luis Villazon in the UK's PC Format mag -
really I'm not that clever!
Chek

 

[Frank]

|
| >I think I have the swen worm as I am constantly getting returned
emails and
| >stuff like that. I have tried the fix tool from Symantec and changed
the
| >name of it and all that what it tells me but when I run the tool its
says it
| >cannot find the worm but I know I have it. what am I doing wrong as
I am
| >still getting loads of emails with a suspected virus. Help would be
| >appreciated and I have already tried what Symantec have told me
|
| You don't have it. It forges return addresses on the emails that it
| sends, and many receivers send email back to that forged return
| address, trying to inform the sender of the infection. All you can do
| is delete them. We are ALL deleting them. All day long. Every day.

_ALL_ is a lot of people. I don't get them. I started practicing
safe surfing years ago, not with FUDWARE when the trouble starts.

 

[Keith Miller]

If you're using OE, it's easier to set up a filter for those messages you want. Most of these
mailings do not have your actual address in the 'to' or 'cc' line. When you set up a rule and add
names, the options button allows to you change the condition from IF NAME to IF NOT NAME. Some
newletters use bcc or group names so you have to add those if you want them. I am currently just
not downloading messages and then checking my mail thru the web before deleting them...once I'm sure
I've got all my groups/newsletters included, I'll change it to 'delete from server'

My rule looks something (addresses altered like this:

Apply this rule after the message arrives
Where the To or CC line does not contain
'(e-mail address removed)' or '(e-mail address removed)'
or '(e-mail address removed)' or '(e-mail address removed)'
or '(e-mail address removed)'
Do not Download it from the server

Keith

 

[D.Currie]

| You don't have it. It forges return addresses on the emails that it
| sends, and many receivers send email back to that forged return
| address, trying to inform the sender of the infection. All you can do
| is delete them. We are ALL deleting them. All day long. Every day.

_ALL_ is a lot of people. I don't get them. I started practicing
safe surfing years ago, not with FUDWARE when the trouble starts.

Actually, I'm only getting them on ONE email address, and that one was set
up specifically to be used in "unsafe" situations, and it does attract a lot
of spam. The rest of my addys are virus-free. And all of the virus mail is
ending up in the bulk mail folder, so it's really not a big deal. I just
flush the bulk mail when I think of it, and that's that. No muss, no fuss.