cancel
Showing results for 
Search instead for 
Did you mean: 

I'd like some advice please

N/A

I'd like some advice please

I've had an e-mail attack with the same sender spamming my mailbox with 14 e-mails all contaning an attachment, the total message being 47-51kb in length.

Sender names include r.wheatley@reliant.com (yes made me chuckle).

2 examples:

Return-Path: <rwheatley@reliant.com>
Delivered-To: ***********************************************
Received: (qmail 88001 invoked from network); 25 Feb 2004 21:44:03 -0000
Received: from unknown (HELO ptb-mxcore01.plus.net) (212.159.14.215)
by ptb-mailstore02.plus.net with SMTP; 25 Feb 2004 21:44:03 -0000
Received: from pih-mxlast01.plus.net ([212.159.6.17])
by ptb-mxcore01.plus.net with esmtp (Exim 4.30; FreeBSD)
id 1Aw6p1-000C67-52
for **********************************************; Wed, 25 Feb 2004 21:44:03 +0000
Received: from adsl-65-71-143-129.dsl.crchtx.swbell.net ([65.71.143.129] helo=reliant.com)
by pih-mxlast01.plus.net with esmtp (Exim 4.30)
id 1Aw6ow-0002eq-F4
for *************************************; Wed, 25 Feb 2004 21:43:58 +0000

From: rwheatley@reliant.com
To: **************************************************
Subject: Your IP was logged
Date: Wed, 25 Feb 2004 15:43:53 -0600
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_0013_DA68FBC3.6E26B41B"
X-Priority: 3
X-MSMail-Priority: Normal
Received-SPF: pih-mxlast01.plus.net: domain of rwheatley@reliant.com does not designate permitted sender hosts



Return-Path: <alex@neo.rr.com>
Delivered-To: ****************************************************************
Received: (qmail 19812 invoked from network); 26 Feb 2004 15:15:32 -0000
Received: from unknown (HELO ptb-mxcore02.plus.net) (212.159.14.216)
by ptb-mailstore04.plus.net with SMTP; 26 Feb 2004 15:15:32 -0000
Received: from adsl-65-71-143-129.dsl.crchtx.swbell.net ([65.71.143.129] helo=neo.rr.com)
by ptb-mxcore02.plus.net with esmtp (Exim) id 1AwNEZ-0003Oi-B3
for *********************************; Thu, 26 Feb 2004 15:15:31 +0000

From: alex@neo.rr.com
To: **********************************
Subject: Your credit card
Date: Thu, 26 Feb 2004 09:15:39 -0600
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_0003_EE23430F.A1FA02AF"
X-Priority: 3
X-MSMail-Priority: Normal

I'm running w98 SE + OE 6. All the mails contain file attachments called:

Approved.zip [38.4kb]
mail2.pif [38.4kb]
creditcard.zip [34.7kb]
stuff.zip [34.7kb]
resume.zip [35.0kb]
part2.zip [34.9kb]
readme.zip [35.0kb]
textfile.zip [34.7kb]
wjsa.zip [34.9kb]
mail.zip [34.8kb]
zgn.zip [34.7kb]
website.zip [35.0kb]

I just heard that my OE has started to spam people from my address book. Advice appreciated on disinfection please Smiley

[
7 REPLIES
Community Veteran
Posts: 6,983
Thanks: 8
Registered: 10-04-2007

I'd like some advice please

Has your anti-virus software come up with a name for the virus?
If it has then visit http://www.symantec.com ( Norton) and look up the details. You should then find advice on removing the virus and very likely a removal tool that you can download to clear your system of it.
N/A

I'd like some advice please

Nope, nothing so far Sad I'm running AVG free edition.
Community Veteran
Posts: 6,983
Thanks: 8
Registered: 10-04-2007

I'd like some advice please

Worth also letting house call from Trend Micros call have a sniff on line as well.
Cant recall the url from memory but a search for house call will show it.

Oh I've also removed the dulicate post that had appeared in this forum, probably you clicked on the post button twice?
N/A

I'd like some advice please

Yer, thx john.

Turns out this worm is I-worm/Mydoom.F. I had to re-install the virus software to get it to update, virus definitions were only 10 days old - I guess I was just unlucky. Looks like I'll be having some fun with this one grrrrrrr.
Community Veteran
Posts: 14,469
Registered: 30-07-2007

I'd like some advice please

MyDoom.F is the most recent variant of the original Mydoom and only started appearing on Wed this week so it's no surprise your virus scanner did not pick it up. It takes time for variants to be added to virus defs and some vendors only do weekly updates of their defs files.
N/A

I'd like some advice please

Well, I managed to clean up the mess that this worm caused, and checked my ports. Whoever writes these things deserves a good poke in the eyes with a sharp stick Evil
bobgidden
Grafter
Posts: 107
Registered: 30-07-2007

I'd like some advice please

I'm using AVG6 free as well, and have been very happy with it.

BTW, there have been six updates from them in the last
"10 days", covering 17 new nasties or mutants, so it isn't their
fault for being slow on the uptake. Especially with their new
incremental updates, it isn't much trouble to update little
and often.
Just for the record, there were SIXTEEN updates, covering 45 new nasties
in January - not bad for a freebie!

Regards,

BobG