is this a virus (Community)

Thread

Board Archives

	Bots
	Community
	General Discussion
	Sdk
	Wishlist
	Author Search

Site Features

	Citizens List
	Badges & Achievements
	Events Directory
	News and Articles
	Worlds List
	About Alphaworld
	Search Object Paths

Activeworlds Support

	Download Activeworlds
	Quickstart Tutorial

Historic Archives

	Truespace Archives
	Newsgroup Archives

is this a virus (Community)

is this a virus // Community

ciena

Apr 12, 2004, 1:17am

i dont have aol and didnt send any emails and this is what was in my email
The original message was received at Sun, 11 Apr 2004 16:02:40 -0400 (EDT)
from 44ba0093.pvlle.ca.charter.com [68.189.64.93]

*** ATTENTION ***

Your e-mail is being returned to you because there was a problem with its
delivery. The address which was undeliverable is listed in the section
labeled: "----- The following addresses had permanent fatal errors -----".

The reason your mail is being returned to you is listed in the section
labeled: "----- Transcript of Session Follows -----".

The line beginning with "<<<" describes the specific reason your e-mail
could
not be delivered. The next line contains a second error message which is a
general translation for other e-mail servers.

Please direct further questions regarding this message to your e-mail
administrator.

--AOL Postmaster

----- The following addresses had permanent fatal errors -----
<shepherbs at aol.com>

----- Transcript of session follows -----
.... while talking to air-xh02.mail.aol.com.:
<<< 550 MAILBOX NOT FOUND
550 <shepherbs at aol.com>... User unknown

----------------------------------------------------------------------------
----

Received: from aol.com (44ba0093.pvlle.ca.charter.com [68.189.64.93]) by
rly-xh03.mx.aol.com (v98.5) with ESMTP id MAILRELAYINXH39-49b4079a45c269;
Sun, 11 Apr 2004 16:02:37 -0500
From: nikona at comcast.net
To: shepherbs at aol.com
Subject: Re: Your music
Date: Sun, 11 Apr 2004 13:02:38 -0700
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_0011_0000415F.0000617D"
X-Priority: 3
X-MSMail-Priority: Normal
X-AOL-IP: 68.189.64.93
X-AOL-SCOLL-SCORE: 0:XXX:XX
X-AOL-SCOLL-URL_COUNT: 0
Message-ID: <200404111602.49b4079a45c269 at rly-xh03.mx.aol.com>

zeofatex

Apr 12, 2004, 1:48am

Don't open any attachments, it could also mean that YOU are infected with a
virus. (Most scan for any e-mail addresses in cache or anywhere on your
computer -- even if you never e-mailed them it could be in a temporary
file.) I suggest you do a virus scan with a free scanner or update your
software and scan your PC.

[View Quote]

ciena

Apr 12, 2004, 2:28am

thanx zeo. i scanned my puter and it was clean. i do update scanner
everyday. "zeofatex" <greg at warpedsoap.com> wrote in
message news:407a039b$1 at server1.Activeworlds.com...
> Don't open any attachments, it could also mean that YOU are infected with
a
> virus. (Most scan for any e-mail addresses in cache or anywhere on your
> computer -- even if you never e-mailed them it could be in a temporary
> file.) I suggest you do a virus scan with a free scanner or update your
> software and scan your PC.
>
>
[View Quote]

ananas

Apr 12, 2004, 5:21am

Very likely that this virus (in Pittsburgh?) just uses
your email.

So this mail was either an attempt of the virus to infect
your PC or it was a bad or badly configured virus protection
on a mail server.

Some virus scanners used by ISPs send infected mail back to
the address they find in the "Received from" entry and fall
into the tricks of the virus.

Some even help spreading the virus by _not_ removing the
virus attachment. They send the virus "back" to the person
that never sent it. Those AV companies are very good at their
business :-/

[View Quote]

ciena

Apr 12, 2004, 9:42am

ty Ananas :)
[View Quote]

andras

Apr 12, 2004, 2:11pm

[View Quote] > Very likely that this virus (in Pittsburgh?) just uses
> your email.
>
> So this mail was either an attempt of the virus to infect
> your PC or it was a bad or badly configured virus protection
> on a mail server.
>
> Some virus scanners used by ISPs send infected mail back to
> the address they find in the "Received from" entry and fall
> into the tricks of the virus.
>
> Some even help spreading the virus by _not_ removing the
> virus attachment. They send the virus "back" to the person
> that never sent it. Those AV companies are very good at their
> business :-/
>

Actually this is a new variant of the Netsky virus which maskarades itself as a mailer daemon and claims the mail is "returned".
It has nothing to do with our Pittsburgh fellow (IP is from CA).

--
Andras
"It's MY computer" (tm Steve Gibson)

ananas

Apr 12, 2004, 5:21pm

I got some with faked antivirus signature too from
our .pitt address.

I will forward a few headers to security at verizon.net
everyday now, maybe if we spam them they will try to
track the virus "owner"

[View Quote]

paul

Apr 12, 2004, 11:43pm

Probably a virus. I've been getting a ton of these in my yahoo email,
returned email etc etc with an attachment file size of 24k. I just delete
them everyday. I think Andras explained it somewhere in here.

Paul

[View Quote]

Awportals.com · ProLibraries Live · Twitter · LinkedIn