Sending Virus

[kkbbzzaa]

I'm reciving mails saying that i am sending mails with virus. I have Norton AV 2002 fully updated and my computer has no virus and every outgoing mails is scaned by the AV. But i'm still reciving this mails.

What could be my problem?

at the bottom is a copy of the mail i recive.

Thanks

Mateo

----------------------

This message was created automatically by mail delivery software (Exim).

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

prmoore123@msn.com
This message has been rejected because it has
an apparently executable attachment Dgc.pif
This is a virus prevention measure.
If you meant to send this file then please
package it up as a zip file and resend it.

------ This is a copy of the message, including all the headers. ------
------ The body of the message is 119155 characters long; only the first
------ 65536 or so are included here.

Return-path: <mateo@skatoramps.com>
Received: from modem-553.beedrill.dialup.pol.co.uk ([217.135.34.41] helo=Jtddenxtb)
by tmailb1.svr.pol.co.uk with smtp (Exim 3.35 #1)
id 17xYx5-0005Vr-00
for prmoore123@msn.com; Fri, 04 Oct 2002 21:21:35 +0100
From: mateo <mateo@skatoramps.com>
To: prmoore123@msn.com
Subject: How are you
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary=Says87oOLh1Z27
Message-Id: <E17xYx5-0005Vr-00.2002-10-04-21-21-35@tmailb1.svr.pol.co.uk>
Date: Fri, 04 Oct 2002 21:21:35 +0100

[bags]

Are you attaching this file?
The message does not say you are
sending a virus...it is saying you are
sending a possible executable file. And
usually that's how virus's get spread.
It also tells you that if you indeed want
to send this file to zip it up and send it that way.

[kkbbzzaa]

the thing is that i'm not sending this mails, i don't even know the people listed in the adresses.

[megmond]

Unfortunately, spammers/virusses have found new tricks and some of them currently use fake from addresses they grab from somewhere. In this case you can receive returned messages that you didn't send in the first place, or like you mention, virus warnings.

I would concentrate on the following two lines:

Received: from modem-553.beedrill.dialup.pol.co.uk ([217.135.34.41] helo=Jtddenxtb)
by tmailb1.svr.pol.co.uk with smtp (Exim 3.35 #1)

If either of the hostnames looks familiar to you, it may be that you ARE the originator of the offending email. Perhaps then your virusscanner is not up to date (does not recognize the virus yet) or misconfigured. Your computer may be sending out emails without you knowing.

If you don't recognize these, then the offender is probably a virus/spammer as described at the top. In this case I don't think there is anything you can do about it (apart from filtering out these messages in some way).

You can also try contacting the ISP that these hosts fall under, to complain. If you provide accurate info, and they are cooperative, you might just get this spammer's account closed (though that is rarely very useful).

Hope this is of any help.

[Connie]

There is another possibility. I'm not sure I can explain it.
Klez and some of the other virus going around fake e-mail
addresses. They can also change the subject line each time
they send out a new e-mail.

If someone who has your e-mail address, has the virus, then the
virus may be using your address as the from address, but it is
actually originating from the infected user, not you.

We receive a virus several times each week that is from
support@ourdomain.com to support@ourdomain.com. We occasionally
receive the virus from a rejected e-mail that we did not send,
in other words from the postmaster.

There is nothing you can do about this, other than keeping your
own PC clean.

[jason]

Actually, we aren't even sure that this is a real virus. If you read the message that you got, it says that it contains an executable attachment that may be a virus.

A lot of mail gateways are set up to not allow attachments that have certain things in their filename. For example, the school where I work rejects any .scr, .pif, .vbs, .js, and a bunch of other filetypes because of the potential that these are viruses. In our case, the email still goes through, but the attachment is replaced with "substitute.txt," a file explaining that a "potential virus" was sent and that it had been removed by the server. It then goes on to give the recipients suggestions on how they could request the sender to resend the message.

A pif file is a file that contains info for windows about how to run a DOS program. The system creates them the first time you run a DOS program and then uses them to find info about how to manage memory, etc. Generally you'd ahve no reason to send someone a pif file unless it was designed to exploit something. However, it is possible that you just selected the pif accidentally when attaching something else. If that's not the case, then its probably a bad thing, although, as others have suggested it may not have originated from your computer. As long as you keep your virus scanner up to date and you haven't seen more of these type of messages, its probably not something to worry about.

--Jason

[kkbbzzaa]

Hi,
Thanks all of for for all the help!

I have this last question. If I delete the POP3 accont for the servers and change it to another name, will this help, or people will still recive my mails?

Thanks

Mateo

[megmond]

In general it won't help. If this is a virus causing this then:
a) if the virus is on your machine, it will probably start using your new address, or
b) if the virus is on someone else's machine (with your address in the addressbook for example) it will still use your old address

The only benefit would be that you will not receive the returned messages anymore. (And of course depending on the people that contact you or that you contact, the problem might start all over again anyway).

[lookout]

Might clarify that even if the popmail account is deleted, you may very well continue to receive such emails via your catchall account, depending on the way you have things configured.

Besides keeping your virus software up to date (and active), set up some spam filters via your control panel to take care of the worst offenders. (I mean thru filters, not Spam Assassin). You can configure them up to delete incoming messages from specific sources, addressed to certain accounts, or containing certain headers before they reach your email client.