TechTalkz.com Technology & Computer Troubleshooting Forums - View Single Post

29-11-2007, 09:29 AM

On Nov 28, 9:49 pm, "Mike Hall - MVP" <mikeh...@mvps.com> wrote:
> The 'you are sending out infected mail' is as bogus as the 'you have an
> infected computer' messages.
>
> Delete them..
>
> --
> Mike Hall - MVPhttp://msmvps.com/blogs/mikehall/default.aspx
>
> "Robert Colgan" <RobertECol...@gmail.com> wrote in message
>
> news:6650687b-2e7c-442e-bf96-8166b8601bd6@w34g2000hsg.googlegroups.com...
> I'm worried that I've somehow gotten the W32.Mytob virus. Earlier this
> afternoon, I received the below email:
>
> | from xxxxxx...@gmail.com
> | to xxxxxx...@gmail.com (me)
> | date Nov 28, 2007 9:50 PM
> | subject Virus Found in message "Hello"
> |
> | Symantec AntiVirus found a virus in an attachment from
> xxxxxx...@gmail.com.
> |
> | Attachment: bbkiu.zip
> | Threat: W32.Mytob.AG@mm
> | Action taken: Quarantine succeeded
> | File status: Infected
> |
> | The message contains Unicode characters and has been sent as a
> binary attachment.
> |
> | bbkiu.zip
> | 1K Download
>
> It surprised me, and while I do have Symantec AntiVirus, I'm not sure
> how Symantec got to this email, since it was on Gmail's webmail
> interface (it didn't look like Gmail's built-in anti-virus either --
> it will display something about a virus next to the attachment, I
> believe). Or, even, that it did at all -- I know many viruses
> masquerade as anti-virus messages. So, I didn't download anything and
> went on my merry business, thinking that whatever it was, as long as I
> didn't download anything, I wouldn't get infected.
>
> But later, I got the below "returned-to-sender" email. I'm concerned
> that the virus somehow got on to one of my computers and is sending
> emails. I'm running virus scans on both my computers, neither of which
> have turned up anything, and I'm about to run the W32.Mytob@mm Removal
> Tool from Symantec.
> Is this something I need to be worried about?
> P.S. "xx...@mail.hs.columbia.edu" is not anyone I know or that would
> be in my address book
>
> This is the returned-to-sender email I got:
> | from Mail Delivery System <MAILER-DAE...@alipes.hs.columbia.edu>
> | to xxxxxx...@gmail.com, (me)
> | date Nov 28, 2007 8:35 PM
> | subject Undelivered Mail Returned to Sender
> | mailed-by alipes.hs.columbia.edu
> |
> | This is the mail system at host alipes.hs.columbia.edu.
> |
> | I'm sorry to have to inform you that your message could not
> | be delivered to one or more recipients. It's attached below.
> |
> | For further assistance, please send mail to <postmaster>|
> |
> | If you do so, please include this problem report. You can
> | delete your own text from the attached returned message.
> |
> | The mail system
> |
> | <xx...@mail.hs.columbia.edu>: mail for mail.hs.columbia.edu loops
> back to
> | myself
> |
> | Final-Recipient: rfc822; xx...@mail.hs.columbia.edu
> | Original-Recipient: rfc822;xx...@mail.hs.columbia.edu
> | Action: failed
> | Status: 5.4.6
> | Diagnostic-Code: X-Postfix; mail for mail.hs.columbia.edu loops back
> to myself
> |
>
> | ---------- Forwarded message ----------
> | From: xxxxxx...@gmail.com
> | To: xx...@mail.hs.columbia.edu
> | Date: Thu, 29 Nov 2007 08:33:56 -0500
> | Subject: Virus Found in message "HELLO"
> | Symantec AntiVirus found a virus in an attachment from
> xxxxxx...@gmail.com.
> |
> |
> | Attachment: readme.scr
> | Threat: W32.Mytob.AG@mm
> | Action taken: Quarantine succeeded
> | File status: Infected
> and then there was this underneath:
>
> ät¶
> ó¯îþ0û\oq|mÌñÉþA4Q(tm)û(c)×Yø3/4 EU´ØOEÁ3³ë\
> |xþ"?FÌ%(c)-\úcXÉ5.ë;{3/4
> OZS4ÚÕÁ(tm){\X(tm)]Úí|À6§(tm)Ë?ë?Øu.5åkºBOE![·oÞ-^i"´
> Ze"ê? ÓCÙSLkòS '}§]PÛF8Í×ÞîCS,¨(R)(R)VKµ&ÆÒÅËM³µÍ¬>>{/<Y~Ã-
> "FJ|4Ão§*ùÍUeC`¨ôkÐ|´[9B£Zêsás±²->§O± ~^?ô_Ö~Tõ·.P||2)üR-ef
> ÉàÅÈqM&?jeµó\ëÀ·f:%Q<àã&Ó?"Ù I)ða!Hè...27dù^.5qB?qãÈ£6)z4$10ßÉàÙVÊP§...
> ÎÆ^^4äÕ '¶ón>Ê?>1^" m
> 1/2¯ºÏ...¬>>(tm)¤mJÀÒí(tm)Ü°)f×J...´kà¤Õ,ZZgZ*åHÖ¡¯Ù ¢p"ÓRùÛÔÖü 2glL¿¥¨;
> 6ûvU"_C-c-TU-vÒÆ¬|ËKEw¯§%,3mìªsaãÁòÜËËeÌ-Y¸?êg '7CÒÞ*a1?ó_À *.R§?!
> DSeòªFns î}ùKV[kç±l`Ý.,MY x"&9KP.Å"-v|NØ0J0É-eåsa¢¬ åý[7hº-
> ¡bëãÃ1/2 WáÜ²T*RÕð1/2þMêDÞäF3²(R)Úpd¬ÉÐ¥$p|"afT>>FhU>ºle<<ÙåI>ô3/43/4
> oôñþetáÔ"Ò¥]$l...
> #zx_
> ý(tm)Y²ðÅ2þ?'zÕÓ
> Ò Ëq:--üºä""PB[Ú?Äþ l÷ï--8qÎöÂÎg;G:!¨mÌ °sG{(R)ÃSÊ<<ÀX"~´åuGP\ÓuNH&×XLpm}¨
> &*¥áv×'?SîßéÊÓÙ#<->Úï?3&vStéù j
> ' ZåOS?]å
> O/£Uú6Ü1/4>#èÝÌªæøæxJk:wÒ'¹¹ÛÏ[³&cDß³ñÏä6\>âù&0(c)(c)<<·WdÔÂù\%OEý¢N
> Ê`FYÜSÇ×Ó§þòÔI¤äBhìÈ;]wHÌ^Z}´((tm)jñéHLÝÞFPÄ
> gß±^Ëu(ÂPAÉÊ¿~ÙÐ û¯<<!Zìàz3¤b³¯\('ØdIyýñPI?¢sâïlEh?6å~`sEø6^¨ü ×Äñ<ðú
> $'à÷m·¬ð-cjÎZèSÔÚ0§O^ÇÍÛzY¹ç{: Ç¨?ÀÃÖPË<ÖSO3OEÊa¹ã3/4 ÈÝDcK²à:
> 5NÐ¨¶(ëy(tm)`6Ö|ºµµIn...ð-XFÃ v>PÍm¯)áÓjàÅÌéxgöÏK...|-
> |}<*,>IÛõ~l(tm)?>ÚZrÎõ'FWÀ"¹Úze
> >"~dn&`--Êb;...ì¿,ÃéUzâ"*|õ)~
> *?b
> sW
> ?<á-5Ó×Bïs'(tm)x÷ üÅ÷Ã4?³1I?'|¬>û´cÌv>>£Ô-2#3/4 lw? a
> ¢KÌYY 1/2 fY&WÙªJp,"îÃê¯Ò|XÝ³ÝjUýõ(tm)~!´ *--àëÐ"ø¿xª¹&%¨!g
> H¬T²k^3/4&s²F"Öô`rº:
> eÙ ¤À.Å2Zx?³"Ô¬C8|
> ÈY ³¬s0ÚÕ¥íÊEæ
> << tYþ #sk :ÕòxH~Û'I?§¶\á
> ïøåJËZ¢ó9áÐ1/2¸"Rn0 1/4 2L0
> 3/4·"ï1/2Ï]÷üZi[7(R)Éû"×ëOE?r56o<u?øür|ÉöãÊú"¶<Á?|S¡:
> ,ÒÙ?!ý*ìÇ ¹ÜÛ~ ljð¶¢H¯1/4 W^ý ô...³¯º--'3/4ÅÂ |c]s1f h
> qÈxqÛ3/4ÚyQß¶1/4 SÊÄH³×Ó(tm)òÜÍÕ'ZÎÃ3nø^çc¿r
> ±xðF47DL¶*¬"zöâïVe}X'Ñ?köüìfvÞ5YÜ¸ïâTÓbHa
> £rt±´²Ã{°\(tm)±ÏjÂ(R)33(tm)'"4±3/4Ó?
> $>>w_}wöuGøWÈ¯z>>XGYÁcaûÇÁiÌ&|ÇO_Ø'}SttpOELÄÆPôCDû Y5"î#Dê"°s,?)j²óµ{OEé¿J'(R)"Fl>>ÖÑÖ<>Â|"MæoÔyy(tm) IB¯áíÝ0Õòa9ØÇï'çe>I
> 1/2 tüY¿¿O"%gõë¡~>
> "ÛÛ
> S¶Q[¤áÅg|...1/2óQx Zç)O"ý3
> 9ÝÆdQHY\J(c) S
> ä"GÌÆÄó- :>-YÝÏfhÆî.°Þ µ
> òMÚY\{"a"MtO<<n5¿dÂ^ýÓÜþÇß...¶ÐÃ:~H,ZC"1/4ò/KZpÂ
> úä[Þä?)<<(tm)úáfÆ|Î?0Gù# YñbñÚéð$Ò·µU/êð0¯^ð(tm)Ê×ß õØYÈë-npÅ3~...4^§11#ÚD
> ZgHÅnC9'ò(c)(c)ÇzE Ç÷ [c&*rWE#)<<··(c))ÔV ÝãB¹YÞrYfÏ*YfvT?

But that's quite a coincidence, then, that I got one message (the
first one was from a person I know, by the way), and then a few hours
later I got a returned-to-sender message implying that I'm sending the
exact same emails as the one I reveived.

29-11-2007, 09:29 AM	#4
Robert Colgan Guest Posts: n/a	Re: Possible virus? On Nov 28, 9:49 pm, "Mike Hall - MVP" <mikeh...@mvps.com> wrote: > The 'you are sending out infected mail' is as bogus as the 'you have an > infected computer' messages. > > Delete them.. > > -- > Mike Hall - MVPhttp://msmvps.com/blogs/mikehall/default.aspx > > "Robert Colgan" <RobertECol...@gmail.com> wrote in message > > news:6650687b-2e7c-442e-bf96-8166b8601bd6@w34g2000hsg.googlegroups.com... > I'm worried that I've somehow gotten the W32.Mytob virus. Earlier this > afternoon, I received the below email: > > \| from xxxxxx...@gmail.com > \| to xxxxxx...@gmail.com (me) > \| date Nov 28, 2007 9:50 PM > \| subject Virus Found in message "Hello" > \| > \| Symantec AntiVirus found a virus in an attachment from > xxxxxx...@gmail.com. > \| > \| Attachment: bbkiu.zip > \| Threat: W32.Mytob.AG@mm > \| Action taken: Quarantine succeeded > \| File status: Infected > \| > \| The message contains Unicode characters and has been sent as a > binary attachment. > \| > \| bbkiu.zip > \| 1K Download > > It surprised me, and while I do have Symantec AntiVirus, I'm not sure > how Symantec got to this email, since it was on Gmail's webmail > interface (it didn't look like Gmail's built-in anti-virus either -- > it will display something about a virus next to the attachment, I > believe). Or, even, that it did at all -- I know many viruses > masquerade as anti-virus messages. So, I didn't download anything and > went on my merry business, thinking that whatever it was, as long as I > didn't download anything, I wouldn't get infected. > > But later, I got the below "returned-to-sender" email. I'm concerned > that the virus somehow got on to one of my computers and is sending > emails. I'm running virus scans on both my computers, neither of which > have turned up anything, and I'm about to run the W32.Mytob@mm Removal > Tool from Symantec. > Is this something I need to be worried about? > P.S. "xx...@mail.hs.columbia.edu" is not anyone I know or that would > be in my address book > > This is the returned-to-sender email I got: > \| from Mail Delivery System <MAILER-DAE...@alipes.hs.columbia.edu> > \| to xxxxxx...@gmail.com, (me) > \| date Nov 28, 2007 8:35 PM > \| subject Undelivered Mail Returned to Sender > \| mailed-by alipes.hs.columbia.edu > \| > \| This is the mail system at host alipes.hs.columbia.edu. > \| > \| I'm sorry to have to inform you that your message could not > \| be delivered to one or more recipients. It's attached below. > \| > \| For further assistance, please send mail to <postmaster>\| > \| > \| If you do so, please include this problem report. You can > \| delete your own text from the attached returned message. > \| > \| The mail system > \| > \| <xx...@mail.hs.columbia.edu>: mail for mail.hs.columbia.edu loops > back to > \| myself > \| > \| Final-Recipient: rfc822; xx...@mail.hs.columbia.edu > \| Original-Recipient: rfc822;xx...@mail.hs.columbia.edu > \| Action: failed > \| Status: 5.4.6 > \| Diagnostic-Code: X-Postfix; mail for mail.hs.columbia.edu loops back > to myself > \| > > \| ---------- Forwarded message ---------- > \| From: xxxxxx...@gmail.com > \| To: xx...@mail.hs.columbia.edu > \| Date: Thu, 29 Nov 2007 08:33:56 -0500 > \| Subject: Virus Found in message "HELLO" > \| Symantec AntiVirus found a virus in an attachment from > xxxxxx...@gmail.com. > \| > \| > \| Attachment: readme.scr > \| Threat: W32.Mytob.AG@mm > \| Action taken: Quarantine succeeded > \| File status: Infected > and then there was this underneath: > > ät¶ > ó¯îþ0û\oq\|mÌñÉþA4Q(tm)û(c)×Yø3/4 EU´ØOEÁ3³ë\ > \|xþ"?FÌ%(c)-\úcXÉ5.ë;{3/4 > OZS4ÚÕÁ(tm){\X(tm)]Úí\|À6§(tm)Ë?ë?Øu.5åkºBOE![·oÞ-^i"´ > Ze"ê? ÓCÙSLkòS '}§]PÛF8Í×ÞîCS,¨(R)(R)VKµ&ÆÒÅËM³µÍ¬>>{/<Y~Ã- > "FJ\|4Ão§ùÍUeC`¨ôkÐ\|´[9B£Zêsás±²->§O± ~^?ô_Ö~Tõ·.P\|\|2)üR-ef > ÉàÅÈqM&?jeµó\ëÀ·f:%Q<àã&Ó?"Ù I)ða!Hè...27dù^.5qB?qãÈ£6)z4$10ßÉàÙVÊP§... > ÎÆ^^4äÕ '¶ón>Ê?>1^" m > 1/2¯ºÏ...¬>>(tm)¤mJÀÒí(tm)Ü°)f×J...´kà¤Õ,ZZgZåHÖ¡¯Ù ¢p"ÓRùÛÔÖü 2glL¿¥¨; > 6ûvU"_C-c-TU-vÒÆ¬\|ËKEw¯§%,3mìªsaãÁòÜËËeÌ-Y¸?êg '7CÒÞa1?ó_À .R§?! > DSeòªFns î}ùKV[kç±l`Ý.,MY x"&9KP.Å"-v\|NØ0J0É-eåsa¢¬ åý[7hº- > ¡bëãÃ1/2 WáÜ²TRÕð1/2þMêDÞäF3²(R)Úpd¬ÉÐ¥$p\|"afT>>FhU>ºle<<ÙåI>ô3/43/4 > oôñþetáÔ"Ò¥]$l... > #zx_ > ý(tm)Y²ðÅ2þ?'zÕÓ > Ò Ëq:--üºä""PB[Ú?Äþ l÷ï--8qÎöÂÎg;G:!¨mÌ °sG{(R)ÃSÊ<<ÀX"~´åuGP\ÓuNH&×XLpm}¨ > &¥áv×'?SîßéÊÓÙ#<->Úï?3&vStéù j > ' ZåOS?]å > O/£Uú6Ü1/4>#èÝÌªæøæxJk:wÒ'¹¹ÛÏ[³&cDß³ñÏä6\>âù&0(c)(c)<<·WdÔÂù\%OEý¢N > Ê`FYÜSÇ×Ó§þòÔI¤äBhìÈ;]wHÌ^Z}´((tm)jñéHLÝÞFPÄ > gß±^Ëu(ÂPAÉÊ¿~ÙÐ û¯<<!Zìàz3¤b³¯\('ØdIyýñPI?¢sâïlEh?6å~`sEø6^¨ü ×Äñ<ðú > $'à÷m·¬ð-cjÎZèSÔÚ0§O^ÇÍÛzY¹ç{: Ç¨?ÀÃÖPË<ÖSO3OEÊa¹ã3/4 ÈÝDcK²à: > 5NÐ¨¶(ëy(tm)`6Ö\|ºµµIn...ð-XFÃ v>PÍm¯)áÓjàÅÌéxgöÏK...\|- > \|}<,>IÛõ~l(tm)?>ÚZrÎõ'FWÀ"¹Úze > >"~dn&`--Êb;...ì¿,ÃéUzâ"\|õ)~ > ?b > sW > ?<á-5Ó×Bïs'(tm)x÷ üÅ÷Ã4?³1I?'\|¬>û´cÌv>>£Ô-2#3/4 lw? a > ¢KÌYY 1/2 fY&WÙªJp,"îÃê¯Ò\|XÝ³ÝjUýõ(tm)~!´ --àëÐ"ø¿xª¹&%¨!g > H¬T²k^3/4&s²F"Öô`rº: > eÙ ¤À.Å2Zx?³"Ô¬C8\| > ÈY ³¬s0ÚÕ¥íÊEæ > << tYþ #sk :ÕòxH~Û'I?§¶\á > ïøåJËZ¢ó9áÐ1/2¸"Rn0 1/4 2L0 > 3/4·"ï1/2Ï]÷üZi[7(R)Éû"×ëOE?r56o<u?øür\|ÉöãÊú"¶<Á?\|S¡: > ,ÒÙ?!ýìÇ ¹ÜÛ~ ljð¶¢H¯1/4 W^ý ô...³¯º--'3/4ÅÂ \|c]s1f h > qÈxqÛ3/4ÚyQß¶1/4 SÊÄH³×Ó(tm)òÜÍÕ'ZÎÃ3nø^çc¿r > ±xðF47DL¶¬"zöâïVe}X'Ñ?köüìfvÞ5YÜ¸ïâTÓbHa > £rt±´²Ã{°\(tm)±ÏjÂ(R)33(tm)'"4±3/4Ó? > $>>w_}wöuGøWÈ¯z>>XGYÁcaûÇÁiÌ&\|ÇO_Ø'}SttpOELÄÆPôCDû Y5"î#Dê"°s,?)j²óµ{OEé¿J'(R)"Fl>>ÖÑÖ<>Â\|"MæoÔyy(tm) IB¯áíÝ0Õòa9ØÇï'çe>I > 1/2 tüY¿¿O"%gõë¡~> > "ÛÛ > S¶Q[¤áÅg\|...1/2óQx Zç)O"ý3 > 9ÝÆdQHY\J(c) S > ä"GÌÆÄó- :>-YÝÏfhÆî.°Þ µ > òMÚY\{"a"MtO<<n5¿dÂ^ýÓÜþÇß...¶ÐÃ:~H,ZC"1/4ò/KZpÂ > úä[Þä?)<<(tm)úáfÆ\|Î?0Gù# YñbñÚéð$Ò·µU/êð0¯^ð(tm)Ê×ß õØYÈë-npÅ3~...4^§11#ÚD > ZgHÅnC9'ò(c)(c)ÇzE Ç÷ [c&rWE#)<<··(c))ÔV ÝãB¹YÞrYfÏYfvT? But that's quite a coincidence, then, that I got one message (the first one was from a person I know, by the way), and then a few hours later I got a returned-to-sender message implying that I'm sending the exact same emails as the one I reveived.