Shanghied

[Michael]

It seems that someone has been using my hotmail email address to send out
spam. I've been getting returned mail user unkown mesages in my mail box.
Only I never sent these emails to begin with. I've checked my account
online to see if anything was in my sent items folder, nothing there that I
did not recognize. So I changed my password still no change. I'm still
getting the returned mail. I can't be sure if it is a virus, none of the
returned mail has been sent to any of my contacts and Norton Anti-Virus has
not detected anything on my computer(I updated before running the scan).
Does anybody have any experience with this, it's new to me. I am including
text from one of the returned messages;

Received: from correo1.com ([218.72.156.131]) by rly-xm02.mx.aol.com
(v98.5) with ESMTP id MAILRELAYINXM24-5f4404d54012cc; Tue, 09 Mar 2004
00:20:03 -0500
Received: from hotmail.com (mx1.hotmail.com [64.4.50.99])
by correo1.com (Postfix) with ESMTP id 90BE15B8C4
for <[email protected]>; Mon, 08 Mar 2004 22:22:58 -0800
Reply-To: (e-mail address removed)
From: "Democracy D. Loathed" <[email protected]>
To: Dcorruptor <[email protected]>
Subject: RE:girlnextdoor sent you one newmessage sabot
Date: Mon, 08 Mar 2004 22:22:58 -0800
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.3416
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1082
X-Kaspersky-Antivirus: passed
X-AOL-IP: 218.72.156.131
X-AOL-SCOLL-SCORE: 0:XXX:XX
X-AOL-SCOLL-URL_COUNT: 0

Thanks Much
Michael

 

[Guest]

I'm no techie, but I have had something similar happen over the last few days (on a smaller scale). I did get a few clues:

One of the "spammed" individuals' system administrator sent me a message saying I had sent a message to <person and company I did not know/had never heard of> and it contained a virus.
"The virus was reported to be:
Worm.SomeFool.D

About the same time, I got the instructions below. These came from a staff member at a major university which had appearantly been the victim of the worm breach. My Norton anti-virus did not stop the virus nor did Yahoo's anti-virus screens, which I believe to be pretty high quality. I hope the instructions below will help. Good luck! (Note: the instructions below don't address the question of mysterious returns masquerading as coming from you but I gather that is not too uncommon with a wrm/virus.)

"Unfortunately a virus has been passed to me through an address book virus which also infected my address book. Since you are in my address book, you will probably find it in your computer too. The virus (called jdbg.exe) is not detected by Norton or McAfee Anti-Virus systems. It sits quitely for 14 days before damaging the system. It is sent automatically by 'messenger' and by address book, whether or not you sent email to your contacts. Basically that means you will pass it along unknowingly, as I did. I was sent this email and am now passing it on to you as to how to check for the virus and how to get rid of it. Please do this. It's very simple to do and took me less than a minute to complete.

1. Go to Start, then click your 'Find' or 'Search' option.
2. In the folder option, type the name "jdbgmgr.exe"
3. Be sure to search your C Drive and all the sub folders and any other dr i! ves you may have.
4. Click 'Find Now' or 'Search'.
5. The virus has a teddy bear icon with the name "jdbgmgr.exe". Don't open it.
6. Go to "Edit" (on the menu bar) and choose "Select All" to highlight the file WITHOUT opening it.
7. Now go to "File' (on the menu bar) and select "Delete". That will send the virus to the recycle bin. Be sure to delete from your recycle bin as well.
If you find the virus you MUST contact all the people in your address book so that they may eradicate the virus from their own address books.
To do this:
1. Open a new email message
2. Click the icon "Address Book" next to "To"
3. Highlight every name and add to "BCC"
4. Copy this message and paste to email.
This will affect everyone in your address book so send it now.
Sorry for the inconvenience!"

 

[Roady [MVP]]

Welcome to the world of virusses and spam. Especially virusses are easily
capable of spoofing addresses. On the infected machine it searches for
e-mail addresses to use in the From and To field. Then when it sends a
message and it is undeliverable the address in the From field gets the error
message in return.

Spam is another thing; when you post your valid e-mail address on a public
website where lots of addresses are posted (like this newsgroup) you've got
a big chance that "spambots" will come by that site as well and collect your
e-mail address to spam to. A good advise is to post with a false address, a
second address mainly used for newsgroups or munge your address (take a look
at mine for an example)

Regards,
--
Roady [MVP]
www.sparnaaij.net
Microsoft Office and Microsoft Office related News
Also Outlook FAQ, How To's, Downloads and more...

Tips of the month:
-Create your own fully customized Toolbar
-Creating a Classic View in Outlook 2003
Subscribe to the newsletter to receive news and tips & tricks in your
mailbox!
www.sparnaaij.net

(I changed my reply address; remove all CAPS and _underscores_ from the
address when mailing)

It seems that someone has been using my hotmail email address to send out
spam. I've been getting returned mail user unkown mesages in my mail box.
Only I never sent these emails to begin with. I've checked my account
online to see if anything was in my sent items folder, nothing there that
I
did not recognize. So I changed my password still no change. I'm still
getting the returned mail. I can't be sure if it is a virus, none of the
returned mail has been sent to any of my contacts and Norton Anti-Virus
has
not detected anything on my computer(I updated before running the scan).
Does anybody have any experience with this, it's new to me. I am
including
text from one of the returned messages;

Received: from correo1.com ([218.72.156.131]) by rly-xm02.mx.aol.com
(v98.5) with ESMTP id MAILRELAYINXM24-5f4404d54012cc; Tue, 09 Mar 2004
00:20:03 -0500
Received: from hotmail.com (mx1.hotmail.com [64.4.50.99])
by correo1.com (Postfix) with ESMTP id 90BE15B8C4
for <[email protected]>; Mon, 08 Mar 2004 22:22:58 -0800
Reply-To: (e-mail address removed)
From: "Democracy D. Loathed" <[email protected]>
To: Dcorruptor <[email protected]>
Subject: RE:girlnextdoor sent you one newmessage sabot
Date: Mon, 08 Mar 2004 22:22:58 -0800
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.3416
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1082
X-Kaspersky-Antivirus: passed
X-AOL-IP: 218.72.156.131
X-AOL-SCOLL-SCORE: 0:XXX:XX
X-AOL-SCOLL-URL_COUNT: 0

Thanks Much
Michael

 

[Me]

-----Original Message-----
About the same time, I got the instructions below. These

came from a staff member at a major university which had
appearantly been the victim of the worm breach. My Norton
anti-virus did not stop the virus nor did Yahoo's anti-
virus screens, which I believe to be pretty high quality.
I hope the instructions below will help. Good luck!
(Note: the instructions below don't address the question
of mysterious returns masquerading as coming from you but
I gather that is not too uncommon with a wrm/virus.)

"Unfortunately a virus has been passed to me through an

address book virus which also infected my address book.
Since you are in my address book, you will probably find
it in your computer too. The virus (called jdbg.exe) is
not detected by Norton or McAfee Anti-Virus systems. It
sits quitely for 14 days before damaging the system. It
is sent automatically by 'messenger' and by address book,
whether or not you sent email to your contacts. Basically
that means you will pass it along unknowingly, as I did.
I was sent this email and am now passing it on to you as
to how to check for the virus and how to get rid of it.
Please do this. It's very simple to do and took me less
than a minute to complete.

1. Go to Start, then click your 'Find' or 'Search' option.
2. In the folder option, type the name "jdbgmgr.exe"
3. Be sure to search your C Drive and all the sub folders

and any other dr i! ves you may have.

4. Click 'Find Now' or 'Search'.
5. The virus has a teddy bear icon with the

name "jdbgmgr.exe". Don't open it.

6. Go to "Edit" (on the menu bar) and choose "Select All"

to highlight the file WITHOUT opening it.

7. Now go to "File' (on the menu bar) and

select "Delete". That will send the virus to the recycle
bin. Be sure to delete from your recycle bin as well.

If you find the virus you MUST contact all the people in

your address book so that they may eradicate the virus
from their own address books.

To do this:
1. Open a new email message
2. Click the icon "Address Book" next to "To"
3. Highlight every name and add to "BCC"
4. Copy this message and paste to email.
This will affect everyone in your address book so send it now.
Sorry for the inconvenience!"
.

That's yet another spoof. the file jdbgmgr.exe is a valid
Windows file.

 

[Scott L Grimes]

Actually, the message you're describing below is a false alarm - that
file is a harmless file on your system, certainly not a virus. Here's
a link to more details:

http://securityresponse.symantec.com/avcenter/venc/data/jdbgmgr.exe.file.hoax.html

Roady hit the nail on the head for the original poster, tho - I just
wanted to clarify that the jdbgmgr.exe file IS NOT a virus.
Scott L. Grimes

I'm no techie, but I have had something similar happen over the last few days (on a smaller scale). I did get a few clues:

One of the "spammed" individuals' system administrator sent me a message saying I had sent a message to <person and company I did not know/had never heard of> and it contained a virus.
"The virus was reported to be:
Worm.SomeFool.D"

About the same time, I got the instructions below. These came from

a staff member at a major university which had appearantly been the
victim of the worm breach. My Norton anti-virus did not stop the
virus nor did Yahoo's anti-virus screens, which I believe to be pretty
high quality. I hope the instructions below will help. Good luck!
(Note: the instructions below don't address the question of
mysterious returns masquerading as coming from you but I gather that
is not too uncommon with a wrm/virus.)

"Unfortunately a virus has been passed to me through an address book

virus which also infected my address book. Since you are in my
address book, you will probably find it in your computer too. The
virus (called jdbg.exe) is not detected by Norton or McAfee Anti-Virus
systems. It sits quitely for 14 days before damaging the system. It
is sent automatically by 'messenger' and by address book, whether or
not you sent email to your contacts. Basically that means you will
pass it along unknowingly, as I did. I was sent this email and am now
passing it on to you as to how to check for the virus and how to get
rid of it. Please do this. It's very simple to do and took me less
than a minute to complete.

 

[Brian Tillman]

It seems that someone has been using my hotmail email address to send
out spam.

Yep. It's happened to many of us. Someone you know has your Hotmail
address in their address book. That person's PC then gets infected by a
worm that uses their address book and spoofs the sender address, so the
messages appear to come from you. Those messages get sent to addresses that
don't exist and the receiving mail router bounces the non-delivery notice
back to the sender address: yours.