TechTalkz.com Technology & Computer Troubleshooting Forums - View Single Post

01-12-2007, 09:34 AM

Robert Colgan wrote:
> On Nov 28, 9:49 pm, "Mike Hall - MVP"
> <mikeh...@mvps.com> wrote:
>> The 'you are sending out infected mail' is as bogus
>> as the 'you have
>> an infected computer' messages.
>>
>> Delete them..
>>
>> --
>> Mike Hall -
>> MVPhttp://msmvps.com/blogs/mikehall/default.aspx
>>
>> "Robert Colgan" <RobertECol...@gmail.com> wrote in
>> message
>>
>> news:6650687b-2e7c-442e-bf96-8166b8601bd6@w34g2000hsg.googlegroups.com...
>> I'm worried that I've somehow gotten the W32.Mytob
>> virus. Earlier
>> this afternoon, I received the below email:
>>
>>> from xxxxxx...@gmail.com
>>> to xxxxxx...@gmail.com (me)
>>> date Nov 28, 2007 9:50 PM
>>> subject Virus Found in message "Hello"
>>>
>>> Symantec AntiVirus found a virus in an attachment
>>> from
>>> xxxxxx...@gmail.com.
>>>
>>> Attachment: bbkiu.zip
>>> Threat: W32.Mytob.AG@mm
>>> Action taken: Quarantine succeeded
>>> File status: Infected
>>>
>>> The message contains Unicode characters and has
>>> been sent as a
>> binary attachment.
>>>
>>> bbkiu.zip
>>> 1K Download
>>
>> It surprised me, and while I do have Symantec
>> AntiVirus, I'm not sure
>> how Symantec got to this email, since it was on
>> Gmail's webmail
>> interface (it didn't look like Gmail's built-in
>> anti-virus either --
>> it will display something about a virus next to the
>> attachment, I
>> believe). Or, even, that it did at all -- I know
>> many viruses
>> masquerade as anti-virus messages. So, I didn't
>> download anything and
>> went on my merry business, thinking that whatever it
>> was, as long as
>> I didn't download anything, I wouldn't get infected.
>>
>> But later, I got the below "returned-to-sender"
>> email. I'm concerned
>> that the virus somehow got on to one of my computers
>> and is sending
>> emails. I'm running virus scans on both my
>> computers, neither of
>> which have turned up anything, and I'm about to run
>> the W32.Mytob@mm
>> Removal Tool from Symantec.
>> Is this something I need to be worried about?
>> P.S. "xx...@mail.hs.columbia.edu" is not anyone I
>> know or that would
>> be in my address book
>>
>> This is the returned-to-sender email I got:
>>> from Mail Delivery System
>>> <MAILER-DAE...@alipes.hs.columbia.edu>
>>> to xxxxxx...@gmail.com, (me)
>>> date Nov 28, 2007 8:35 PM
>>> subject Undelivered Mail Returned to Sender
>>> mailed-by alipes.hs.columbia.edu
>>>
>>> This is the mail system at host
>>> alipes.hs.columbia.edu.
>>>
>>> I'm sorry to have to inform you that your message
>>> could not
>>> be delivered to one or more recipients. It's
>>> attached below.
>>>
>>> For further assistance, please send mail to
>>> <postmaster>|
>>>
>>> If you do so, please include this problem report.
>>> You can
>>> delete your own text from the attached returned
>>> message.
>>>
>>> The mail system
>>>
>>> <xx...@mail.hs.columbia.edu>: mail for
>>> mail.hs.columbia.edu loops
>> back to
>>> myself
>>>
>>> Final-Recipient: rfc822; xx...@mail.hs.columbia.edu
>>> Original-Recipient:
>>> rfc822;xx...@mail.hs.columbia.edu
>>> Action: failed
>>> Status: 5.4.6
>>> Diagnostic-Code: X-Postfix; mail for
>>> mail.hs.columbia.edu loops back
>> to myself
>>>
>>
>>> ---------- Forwarded message ----------
>>> From: xxxxxx...@gmail.com
>>> To: xx...@mail.hs.columbia.edu
>>> Date: Thu, 29 Nov 2007 08:33:56 -0500
>>> Subject: Virus Found in message "HELLO"
>>> Symantec AntiVirus found a virus in an attachment
>>> from
>>> xxxxxx...@gmail.com.
>>>
>>>
>>> Attachment: readme.scr
>>> Threat: W32.Mytob.AG@mm
>>> Action taken: Quarantine succeeded
>>> File status: Infected
>> and then there was this underneath:
>>
>> ät¶
>> ó¯îþ0û\oq|mÌñÉþA4Q(tm)û(c)×Yø3/4 EU´ØOEÁ3³ë\
>>> xþ"?FÌ%(c)-\úcXÉ5.ë;{3/4
>> OZS4ÚÕÁ(tm){\X(tm)]Úí|À6§(tm)Ë?ë?Øu.5åkºBOE![·oÞ-^i"´
>> Ze"ê? ÓCÙSLkòS
>> '}§]PÛF8Í×ÞîCS,¨(R)(R)VKµ&ÆÒÅËM³µÍ¬>>{/<Y~Ã-
>> "FJ|4Ão§*ùÍUeC`¨ôkÐ|´[9B£Zêsás±²->§O±
>> ~^?ô_Ö~Tõ·.P||2)üR-ef
>> ÉàÅÈqM&?jeµó\ëÀ·f:%Q<àã&Ó?"Ù
>> I)ða!Hè...27dù^.5qB?qãÈ£6)z4$10ßÉàÙVÊP§... ÎÆ^^4äÕ
>> '¶ón>Ê?>1^" m
>> 1/2¯ºÏ...¬>>(tm)¤mJÀÒí(tm)Ü°)f×J...´kà¤Õ,ZZgZ*åHÖ¡¯Ù ¢p"ÓRùÛÔÖü
>> 2glL¿¥¨;
>> 6ûvU"_C-c-TU-vÒÆ¬|ËKEw¯§%,3mìªsaãÁòÜËËeÌ-Y¸?êg
>> '7CÒÞ*a1?ó_À *.R§?! DSeòªFns î}ùKV[kç±l`Ý.,MY
>> x"&9KP.Å"-v|NØ0J0É-eåsa¢¬ åý[7hº-
>> ¡bëãÃ1/2
>> WáÜ²T*RÕð1/2þMêDÞäF3²(R)Úpd¬ÉÐ¥$p|"afT>>FhU>ºle<<ÙåI>ô3/43/4
>> oôñþetáÔ"Ò¥]$l...
>> #zx_
>> ý(tm)Y²ðÅ2þ?'zÕÓ
>> Ò Ëq:--üºä""PB[Ú?Äþ l÷ï--8qÎöÂÎg;G:!¨mÌ
>> °sG{(R)ÃSÊ<<ÀX"~´åuGP\ÓuNH&×XLpm}¨
>> &*¥áv×'?SîßéÊÓÙ#<->Úï?3&vStéù j
>> ' ZåOS?]å
>> O/£Uú6Ü1/4>#èÝÌªæøæxJk:wÒ'¹¹ÛÏ[³&cDß³ñÏä6\>âù&0(c)(c)<<·WdÔÂù\%OEý¢N
>> Ê`FYÜSÇ×Ó§þòÔI¤äBhìÈ;]wHÌ^Z}´((tm)jñéHLÝÞFPÄ
>> gß±^Ëu(ÂPAÉÊ¿~ÙÐ
>> û¯<<!Zìàz3¤b³¯\('ØdIyýñPI?¢sâïlEh?6å~`sEø6^¨ü ×Äñ<ðú
>> $'à÷m·¬ð-cjÎZèSÔÚ0§O^ÇÍÛzY¹ç{:
>> Ç¨?ÀÃÖPË<ÖSO3OEÊa¹ã3/4 ÈÝDcK²à:
>> 5NÐ¨¶(ëy(tm)`6Ö|ºµµIn...ð-XFÃ
>> v>PÍm¯)áÓjàÅÌéxgöÏK...|-
>>> }<*,>IÛõ~l(tm)?>ÚZrÎõ'FWÀ"¹Úze
>>> "~dn&`--Êb;...ì¿,ÃéUzâ"*|õ)~
>> *?b
>> sW
>> ?<á-5Ó×Bïs'(tm)x÷ üÅ÷Ã4?³1I?'|¬>û´cÌv>>£Ô-2#3/4 lw?
>> a
>> ¢KÌYY 1/2 fY&WÙªJp,"îÃê¯Ò|XÝ³ÝjUýõ(tm)~!´
>> *--àëÐ"ø¿xª¹&%¨!g
>> H¬T²k^3/4&s²F"Öô`rº:
>> eÙ ¤À.Å2Zx?³"Ô¬C8|
>> ÈY ³¬s0ÚÕ¥íÊEæ
>> << tYþ #sk :ÕòxH~Û'I?§¶\á
>> ïøåJËZ¢ó9áÐ1/2¸"Rn0 1/4 2L0
>> 3/4·"ï1/2Ï]÷üZi[7(R)Éû"×ëOE?r56o<u?øür|ÉöãÊú"¶<Á?|S¡:
>> ,ÒÙ?!ý*ìÇ ¹ÜÛ~ ljð¶¢H¯1/4 W^ý ô...³¯º--'3/4ÅÂ |c]s1f
>> h
>> qÈxqÛ3/4ÚyQß¶1/4 SÊÄH³×Ó(tm)òÜÍÕ'ZÎÃ3nø^çc¿r
>> ±xðF47DL¶*¬"zöâïVe}X'Ñ?köüìfvÞ5YÜ¸ïâTÓbHa
>> £rt±´²Ã{°\(tm)±ÏjÂ(R)33(tm)'"4±3/4Ó?
>> $>>w_}wöuGøWÈ¯z>>XGYÁcaûÇÁiÌ&|ÇO_Ø'}SttpOELÄÆPôCDû Y5"î#Dê"°s,?)j²óµ{OEé¿J'(R)"Fl>>ÖÑÖ<>Â|"MæoÔyy(tm) IB¯áíÝ0Õòa9ØÇï'çe>I
>> 1/2 tüY¿¿O"%gõë¡~>
>> "ÛÛ
>> S¶Q[¤áÅg|...1/2óQx Zç)O"ý3
>> 9ÝÆdQHY\J(c) S
>> ä"GÌÆÄó- :>-YÝÏfhÆî.°Þ µ
>> òMÚY\{"a"MtO<<n5¿dÂ^ýÓÜþÇß...¶ÐÃ:~H,ZC"1/4ò/KZpÂ
>> úä[Þä?)<<(tm)úáfÆ|Î?0Gù# YñbñÚéð$Ò·µU/êð0¯^ð(tm)Ê×ß
>> õØYÈë-npÅ3~...4^§11#ÚD ZgHÅnC9'ò(c)(c)ÇzE Ç÷
>> [c&*rWE#)<<··(c))ÔV
>> ÝãB¹YÞrY fÏ*YfvT?
>
> But that's quite a coincidence, then, that I got one
> message (the
> first one was from a person I know, by the way), and
> then a few hours
> later I got a returned-to-sender message implying
> that I'm sending the
> exact same emails as the one I reveived.

But it's believable since you don't even have the savvy
to post, quote or even trim correctly. If your only
intent is to circumvent offered assistance with
improperly quoted posts, go finish your tests and
relax.

01-12-2007, 09:34 AM	#8
Poprivet` Guest Posts: n/a	Re: Possible virus? Robert Colgan wrote: > On Nov 28, 9:49 pm, "Mike Hall - MVP" > <mikeh...@mvps.com> wrote: >> The 'you are sending out infected mail' is as bogus >> as the 'you have >> an infected computer' messages. >> >> Delete them.. >> >> -- >> Mike Hall - >> MVPhttp://msmvps.com/blogs/mikehall/default.aspx >> >> "Robert Colgan" <RobertECol...@gmail.com> wrote in >> message >> >> news:6650687b-2e7c-442e-bf96-8166b8601bd6@w34g2000hsg.googlegroups.com... >> I'm worried that I've somehow gotten the W32.Mytob >> virus. Earlier >> this afternoon, I received the below email: >> >>> from xxxxxx...@gmail.com >>> to xxxxxx...@gmail.com (me) >>> date Nov 28, 2007 9:50 PM >>> subject Virus Found in message "Hello" >>> >>> Symantec AntiVirus found a virus in an attachment >>> from >>> xxxxxx...@gmail.com. >>> >>> Attachment: bbkiu.zip >>> Threat: W32.Mytob.AG@mm >>> Action taken: Quarantine succeeded >>> File status: Infected >>> >>> The message contains Unicode characters and has >>> been sent as a >> binary attachment. >>> >>> bbkiu.zip >>> 1K Download >> >> It surprised me, and while I do have Symantec >> AntiVirus, I'm not sure >> how Symantec got to this email, since it was on >> Gmail's webmail >> interface (it didn't look like Gmail's built-in >> anti-virus either -- >> it will display something about a virus next to the >> attachment, I >> believe). Or, even, that it did at all -- I know >> many viruses >> masquerade as anti-virus messages. So, I didn't >> download anything and >> went on my merry business, thinking that whatever it >> was, as long as >> I didn't download anything, I wouldn't get infected. >> >> But later, I got the below "returned-to-sender" >> email. I'm concerned >> that the virus somehow got on to one of my computers >> and is sending >> emails. I'm running virus scans on both my >> computers, neither of >> which have turned up anything, and I'm about to run >> the W32.Mytob@mm >> Removal Tool from Symantec. >> Is this something I need to be worried about? >> P.S. "xx...@mail.hs.columbia.edu" is not anyone I >> know or that would >> be in my address book >> >> This is the returned-to-sender email I got: >>> from Mail Delivery System >>> <MAILER-DAE...@alipes.hs.columbia.edu> >>> to xxxxxx...@gmail.com, (me) >>> date Nov 28, 2007 8:35 PM >>> subject Undelivered Mail Returned to Sender >>> mailed-by alipes.hs.columbia.edu >>> >>> This is the mail system at host >>> alipes.hs.columbia.edu. >>> >>> I'm sorry to have to inform you that your message >>> could not >>> be delivered to one or more recipients. It's >>> attached below. >>> >>> For further assistance, please send mail to >>> <postmaster>\| >>> >>> If you do so, please include this problem report. >>> You can >>> delete your own text from the attached returned >>> message. >>> >>> The mail system >>> >>> <xx...@mail.hs.columbia.edu>: mail for >>> mail.hs.columbia.edu loops >> back to >>> myself >>> >>> Final-Recipient: rfc822; xx...@mail.hs.columbia.edu >>> Original-Recipient: >>> rfc822;xx...@mail.hs.columbia.edu >>> Action: failed >>> Status: 5.4.6 >>> Diagnostic-Code: X-Postfix; mail for >>> mail.hs.columbia.edu loops back >> to myself >>> >> >>> ---------- Forwarded message ---------- >>> From: xxxxxx...@gmail.com >>> To: xx...@mail.hs.columbia.edu >>> Date: Thu, 29 Nov 2007 08:33:56 -0500 >>> Subject: Virus Found in message "HELLO" >>> Symantec AntiVirus found a virus in an attachment >>> from >>> xxxxxx...@gmail.com. >>> >>> >>> Attachment: readme.scr >>> Threat: W32.Mytob.AG@mm >>> Action taken: Quarantine succeeded >>> File status: Infected >> and then there was this underneath: >> >> ät¶ >> ó¯îþ0û\oq\|mÌñÉþA4Q(tm)û(c)×Yø3/4 EU´ØOEÁ3³ë\ >>> xþ"?FÌ%(c)-\úcXÉ5.ë;{3/4 >> OZS4ÚÕÁ(tm){\X(tm)]Úí\|À6§(tm)Ë?ë?Øu.5åkºBOE![·oÞ-^i"´ >> Ze"ê? ÓCÙSLkòS >> '}§]PÛF8Í×ÞîCS,¨(R)(R)VKµ&ÆÒÅËM³µÍ¬>>{/<Y~Ã- >> "FJ\|4Ão§ùÍUeC`¨ôkÐ\|´[9B£Zêsás±²->§O± >> ~^?ô_Ö~Tõ·.P\|\|2)üR-ef >> ÉàÅÈqM&?jeµó\ëÀ·f:%Q<àã&Ó?"Ù >> I)ða!Hè...27dù^.5qB?qãÈ£6)z4$10ßÉàÙVÊP§... ÎÆ^^4äÕ >> '¶ón>Ê?>1^" m >> 1/2¯ºÏ...¬>>(tm)¤mJÀÒí(tm)Ü°)f×J...´kà¤Õ,ZZgZåHÖ¡¯Ù ¢p"ÓRùÛÔÖü >> 2glL¿¥¨; >> 6ûvU"_C-c-TU-vÒÆ¬\|ËKEw¯§%,3mìªsaãÁòÜËËeÌ-Y¸?êg >> '7CÒÞa1?ó_À .R§?! DSeòªFns î}ùKV[kç±l`Ý.,MY >> x"&9KP.Å"-v\|NØ0J0É-eåsa¢¬ åý[7hº- >> ¡bëãÃ1/2 >> WáÜ²TRÕð1/2þMêDÞäF3²(R)Úpd¬ÉÐ¥$p\|"afT>>FhU>ºle<<ÙåI>ô3/43/4 >> oôñþetáÔ"Ò¥]$l... >> #zx_ >> ý(tm)Y²ðÅ2þ?'zÕÓ >> Ò Ëq:--üºä""PB[Ú?Äþ l÷ï--8qÎöÂÎg;G:!¨mÌ >> °sG{(R)ÃSÊ<<ÀX"~´åuGP\ÓuNH&×XLpm}¨ >> &¥áv×'?SîßéÊÓÙ#<->Úï?3&vStéù j >> ' ZåOS?]å >> O/£Uú6Ü1/4>#èÝÌªæøæxJk:wÒ'¹¹ÛÏ[³&cDß³ñÏä6\>âù&0(c)(c)<<·WdÔÂù\%OEý¢N >> Ê`FYÜSÇ×Ó§þòÔI¤äBhìÈ;]wHÌ^Z}´((tm)jñéHLÝÞFPÄ >> gß±^Ëu(ÂPAÉÊ¿~ÙÐ >> û¯<<!Zìàz3¤b³¯\('ØdIyýñPI?¢sâïlEh?6å~`sEø6^¨ü ×Äñ<ðú >> $'à÷m·¬ð-cjÎZèSÔÚ0§O^ÇÍÛzY¹ç{: >> Ç¨?ÀÃÖPË<ÖSO3OEÊa¹ã3/4 ÈÝDcK²à: >> 5NÐ¨¶(ëy(tm)`6Ö\|ºµµIn...ð-XFÃ >> v>PÍm¯)áÓjàÅÌéxgöÏK...\|- >>> }<,>IÛõ~l(tm)?>ÚZrÎõ'FWÀ"¹Úze >>> "~dn&`--Êb;...ì¿,ÃéUzâ"\|õ)~ >> ?b >> sW >> ?<á-5Ó×Bïs'(tm)x÷ üÅ÷Ã4?³1I?'\|¬>û´cÌv>>£Ô-2#3/4 lw? >> a >> ¢KÌYY 1/2 fY&WÙªJp,"îÃê¯Ò\|XÝ³ÝjUýõ(tm)~!´ >> --àëÐ"ø¿xª¹&%¨!g >> H¬T²k^3/4&s²F"Öô`rº: >> eÙ ¤À.Å2Zx?³"Ô¬C8\| >> ÈY ³¬s0ÚÕ¥íÊEæ >> << tYþ #sk :ÕòxH~Û'I?§¶\á >> ïøåJËZ¢ó9áÐ1/2¸"Rn0 1/4 2L0 >> 3/4·"ï1/2Ï]÷üZi[7(R)Éû"×ëOE?r56o<u?øür\|ÉöãÊú"¶<Á?\|S¡: >> ,ÒÙ?!ýìÇ ¹ÜÛ~ ljð¶¢H¯1/4 W^ý ô...³¯º--'3/4ÅÂ \|c]s1f >> h >> qÈxqÛ3/4ÚyQß¶1/4 SÊÄH³×Ó(tm)òÜÍÕ'ZÎÃ3nø^çc¿r >> ±xðF47DL¶¬"zöâïVe}X'Ñ?köüìfvÞ5YÜ¸ïâTÓbHa >> £rt±´²Ã{°\(tm)±ÏjÂ(R)33(tm)'"4±3/4Ó? >> $>>w_}wöuGøWÈ¯z>>XGYÁcaûÇÁiÌ&\|ÇO_Ø'}SttpOELÄÆPôCDû Y5"î#Dê"°s,?)j²óµ{OEé¿J'(R)"Fl>>ÖÑÖ<>Â\|"MæoÔyy(tm) IB¯áíÝ0Õòa9ØÇï'çe>I >> 1/2 tüY¿¿O"%gõë¡~> >> "ÛÛ >> S¶Q[¤áÅg\|...1/2óQx Zç)O"ý3 >> 9ÝÆdQHY\J(c) S >> ä"GÌÆÄó- :>-YÝÏfhÆî.°Þ µ >> òMÚY\{"a"MtO<<n5¿dÂ^ýÓÜþÇß...¶ÐÃ:~H,ZC"1/4ò/KZpÂ >> úä[Þä?)<<(tm)úáfÆ\|Î?0Gù# YñbñÚéð$Ò·µU/êð0¯^ð(tm)Ê×ß >> õØYÈë-npÅ3~...4^§11#ÚD ZgHÅnC9'ò(c)(c)ÇzE Ç÷ >> [c&rWE#)<<··(c))ÔV >> ÝãB¹YÞrY fÏYfvT? > > But that's quite a coincidence, then, that I got one > message (the > first one was from a person I know, by the way), and > then a few hours > later I got a returned-to-sender message implying > that I'm sending the > exact same emails as the one I reveived. But it's believable since you don't even have the savvy to post, quote or even trim correctly. If your only intent is to circumvent offered assistance with improperly quoted posts, go finish your tests and relax.