possible worm--help

[txs]

I need a bit of help--I keep getting undeliverable mail returned from my
mailserver. However, it is mail that I never sent. It looks to be German
writing about the bombing of Dresden. I think that this is probably a worm.
I ran the symantic tool for W32.Sober.O@mm, but the removal program found
nothing. Does anyone have any idea what this might be and how to remove it?
Thanks.

 

[Jaki]

You should purchase a new computer.

 

[Carey Frisch [MVP]]

Nothing you can do other than to delete the email message and move on.
Somehow your email address has been added to someone else's address
book. Make sure you have a good antivirus program installed with
up-to-date virus definitions!

What to do with spam
http://www.microsoft.com/athome/security/email/options.mspx

Help keep spam out of your inbox
http://www.microsoft.com/athome/security/email/fightspam.mspx

--
Carey Frisch
Microsoft MVP
Windows XP - Shell/User
Microsoft Newsgroups

Get Windows XP Service Pack 2 with Advanced Security Technologies:
http://www.microsoft.com/athome/security/protect/windowsxp/choose.mspx

-------------------------------------------------------------------------------------------

:

| I need a bit of help--I keep getting undeliverable mail returned from my
| mailserver. However, it is mail that I never sent. It looks to be German
| writing about the bombing of Dresden. I think that this is probably a worm.
| I ran the symantic tool for W32.Sober.O@mm, but the removal program found
| nothing. Does anyone have any idea what this might be and how to remove it?
| Thanks.

 

[Wayne Morgan]

To follow up on Carey's comments:

Some of the new viruses/worms pick 2 email addresses from the infected
computers address book. They use one address as the To address and use the
other to spoof the From address. So, you may not be the one sending out the
emails, they may be getting sent by someone else using your email address as
the sender. However, make sure your antivirus is up to date so that you can
be sure that you're not the one sending out the emails.

 

[Daniel Roth]

Most likely, your computer is clean.

Most worms searches the computer for mail-addresses, selects one to recieve
it, and another address to look like the person who sent the mail.
You can see the actual sender in the header of the mail, have a look at the
lines beginning with "Received:".
Each server the mail passes through, adds one line. The person who sent the
message should be the last "Received:" line in the header.

 

[David H. Lipman]

From: <[email protected]>

| I need a bit of help--I keep getting undeliverable mail returned from my
| mailserver. However, it is mail that I never sent. It looks to be German
| writing about the bombing of Dresden. I think that this is probably a worm.
| I ran the symantic tool for W32.Sober.O@mm, but the removal program found
| nothing. Does anyone have any idea what this might be and how to remove it?
| Thanks.

All those News Groups and you did not post to the *best* and most apropos News Groups !
There are anti virus News Groups specifically for this type of discussion.

microsoft.public.scripting.virus.discussion
microsoft.public.security.virus
alt.comp.virus
alt.comp.anti-virus

 

[Carey Frisch [MVP]]

Nothing you can do other than to delete the email message and move on.
Somehow your email address has been added to someone else's address
book. Make sure you have a good antivirus program installed with
up-to-date virus definitions!

What to do with spam
http://www.microsoft.com/athome/security/email/options.mspx

Help keep spam out of your inbox
http://www.microsoft.com/athome/security/email/fightspam.mspx

--
Carey Frisch
Microsoft MVP
Windows XP - Shell/User
Microsoft Newsgroups

Get Windows XP Service Pack 2 with Advanced Security Technologies:
http://www.microsoft.com/athome/security/protect/windowsxp/choose.mspx

-------------------------------------------------------------------------------------------

:

| I need a bit of help--I keep getting undeliverable mail returned from my
| mailserver. However, it is mail that I never sent. It looks to be German
| writing about the bombing of Dresden. I think that this is probably a worm.
| I ran the symantic tool for W32.Sober.O@mm, but the removal program found
| nothing. Does anyone have any idea what this might be and how to remove it?
| Thanks.

 

[Unruh]

I need a bit of help--I keep getting undeliverable mail returned from my
mailserver. However, it is mail that I never sent. It looks to be German
writing about the bombing of Dresden. I think that this is probably a worm.
I ran the symantic tool for W32.Sober.O@mm, but the removal program found
nothing. Does anyone have any idea what this might be and how to remove it?
Thanks.

What you need to do is look at the full header of the mail message, in
particular the last "Received:" line. That will tell you where the message
originated from. It is almost certainly NOT your machine. Someone else is
spoofing your return address. Then the mailer in the To: location finds it
is to non-existant accounts and returns it to the From: address(you) rather
than the machine it originally came from.

Ie, it is almost certainly NOT anything from your machine and does not
indicate a worm on your machine. (but check that Recieved: line)

 

[Unruh]

Another self appointed Net Cop. Just as welcome as vigilantes anywhere.

From: <[email protected]>

 

[John Barnett MVP]

It is a spoof email using your email address as the sender. I get quite a
few of the same 'returned mail' messages myself. All i do is press the
delete button and get rid of them. On no account open any attachments that
were sent with the original email.
You could open the message header and locate the originator email address,
but you will probably find that this address too is from another innocent
party who have no idea that their email address is being used to distribute
this rubbish.

 

[\x@y\]

I need a bit of help--I keep getting undeliverable mail returned from my
mailserver. However, it is mail that I never sent. It looks to be German
writing about the bombing of Dresden. I think that this is probably a worm.
I ran the symantic tool for W32.Sober.O@mm, but the removal program found
nothing. Does anyone have any idea what this might be and how to remove it?
Thanks.

Look here for an Alternative, I did not have to use any of
the removal Software on the following Websites, and cannot
advice You by experience, use Caution.

http://tinyurl.com/czpyg

Good Luck, x@y.

 

[Ron Martell]

I need a bit of help--I keep getting undeliverable mail returned from my
mailserver. However, it is mail that I never sent. It looks to be German
writing about the bombing of Dresden. I think that this is probably a worm.
I ran the symantic tool for W32.Sober.O@mm, but the removal program found
nothing. Does anyone have any idea what this might be and how to remove it?
Thanks.

This is an endemic problem that almost everyone is encountering
because of the latest Sober variant.

What is probably happening is that some other computer that has your
email address in their address book has become infected and that
computer is generating the spam emails using your address (and
everyone else in that address book) as the sender.

Just make sure that your machine is clean and protected, and get used
to using the Delete key to dispose of these messages. Beyond that
there is not much that you can do.

Good luck


Ron Martell Duncan B.C. Canada
--
Microsoft MVP
On-Line Help Computer Service
http://onlinehelp.bc.ca

In memory of a dear friend Alex Nichol MVP
http://aumha.org/alex.htm

 

[David H. Lipman]

From: "Unruh" <[email protected]>

|
| Another self appointed Net Cop. Just as welcome as vigilantes anywhere.
|

Don't be an A$$hole !

You cross-posted to many News Groups asking about an Internet worm, a virus. However you
posted IE and OE News Groups, and other News Groups that are not specific to the topic of
discussion.

Since your question was on a virus, you should post to virus related News Groups.

Now if you want to continue being a d!ckhead, go ahead be a d!ckhead !
No one is stopping you from making a complete a$$ of yourself.

 

[David H. Lipman]

From: "David H. Lipman" <[email protected]>

I'm sorry, I take that back, you didn't post this.

You just want to be a D!ck !

 

[Unruh]

From: "Unruh" <[email protected]>

|
| Another self appointed Net Cop. Just as welcome as vigilantes anywhere.
|

You cross-posted to many News Groups asking about an Internet worm, a virus. However you

And he also cannot read the history of a discussion either. (Just a hint--
I was not the OP)

 

[Trevor L.]

I commiserate, as the same had been happening to me. My antiSpam program
moves them to a separate folder, but it is still annoying to have to remove
them just about every day.

This has increased since I have been active in the MS newsgroups, so I guess
it is the price we have to pay

--
Cheers,
Trevor L.
Website: http://tandcl.homemail.com.au

I need a bit of help--I keep getting undeliverable mail returned from
my mailserver. However, it is mail that I never sent. It looks to
be German writing about the bombing of Dresden. I think that this is
probably a worm. I ran the symantic tool for W32.Sober.O@mm, but the
removal program found nothing. Does anyone have any idea what this
might be and how to remove it? Thanks.

I choose Polesoft Lockspam to fight spam, and you?
http://www.polesoft.com/refer.html

 

[David H. Lipman]

From: "Trevor L." <[email protected]>

| I commiserate, as the same had been happening to me. My antiSpam program
| moves them to a separate folder, but it is still annoying to have to remove
| them just about every day.
|
| This has increased since I have been active in the MS newsgroups, so I guess
| it is the price we have to pay
|
| --
| Cheers,
| Trevor L.
| Website: http://tandcl.homemail.com.au

That's because you post using an un-munged email address. If you post to usenet using an
un-munged email address you invite Internet worms such as the Swen which harvets email
addresses from Usenet.

 

[txs]

Dave, thanks for your responses, but take a chill pill. I posted to the
virus groups after you alerted me their existence. Otherwise, I posted to
the groups that I thought had the best shot at having people that could
provide an answer.