TechTalkz.com Technology & Computer Troubleshooting Forums - View Single Post

01-12-2007, 09:34 AM

And I guess that's not strange, eh? YOu're quite a
whiz all right.

Robert Colgan wrote:
> On Nov 28, 10:38 pm, "PA Bear" <PABear...@gmail.com>
> wrote:
>> Unexplained computer behavior may be caused by
>> deceptive
>> softwarehttp://support.microsoft.com/kb/827315
>>
>> You can run a /thorough/ check for hijackware,
>> including posting your
>> hijackthis log to an appropriate forum.
>>
>> Checking for/Help with
>> Hijackwarehttp://aumha.org/a/parasite.htm
>> http://aumha.org/a/quickfix.htm
>>
>>
>> http://aumha.net/viewtopic.php?t=587...prevention.htm
>> http://inetexplorer.mvps.org/tshoot....moving_Malware
>>
>> When all else fails, HijackThis v2.0.2
>> (http://aumha.org/downloads/hijackthis.exe) is the
>> preferred tool to
>> use.
>> It will help you to both identify and remove any
>> hijackware/spyware
>> with
>> assistance from an expert. **Post your log
>> tohttp://forums.spybot.info/forumdisplay.php?f=22,http://castlecops.com/forum67.html,h...forum.php?f=30,
>> or other appropriate forums for expert analysis, not
>> here.**
>>
>> If the procedures look too complex - and there is no
>> shame in
>> admitting this
>> isn't your cup of tea - take the machine to a local,
>> reputable and
>> independent (i.e., not BigBoxStoreUSA) computer
>> repair shop.
>> --
>> ~Robear Dyer (PA Bear)
>> MS MVP-Windows (IE, OE, Security, Shell/User)
>> AumHa VSOP & Adminhttp://aumha.net
>> DTS-L.ORGhttp://66.39.69.143/
>>
>> Robert Colgan wrote:
>>> I'm worried that I've somehow gotten the W32.Mytob
>>> virus. Earlier
>>> this afternoon, I received the below email:
>>
>>>> from xxxxxx...@gmail.com
>>>> to xxxxxx...@gmail.com (me)
>>>> date Nov 28, 2007 9:50 PM
>>>> subject Virus Found in message "Hello"
>>
>>>> Symantec AntiVirus found a virus in an attachment
>>>> from
>>> xxxxxx...@gmail.com.
>>
>>>> Attachment: bbkiu.zip
>>>> Threat: W32.Mytob.AG@mm
>>>> Action taken: Quarantine succeeded
>>>> File status: Infected
>>
>>>> The message contains Unicode characters and has
>>>> been sent as a
>>> binary attachment.
>>
>>>> bbkiu.zip
>>>> 1K Download
>>
>>> It surprised me, and while I do have Symantec
>>> AntiVirus, I'm not
>>> sure
>>> how Symantec got to this email, since it was on
>>> Gmail's webmail
>>> interface (it didn't look like Gmail's built-in
>>> anti-virus either --
>>> it will display something about a virus next to the
>>> attachment, I
>>> believe). Or, even, that it did at all -- I know
>>> many viruses
>>> masquerade as anti-virus messages. So, I didn't
>>> download anything
>>> and went on my merry business, thinking that
>>> whatever it was, as
>>> long as I didn't download anything, I wouldn't get
>>> infected.
>>
>>> But later, I got the below "returned-to-sender"
>>> email. I'm concerned
>>> that the virus somehow got on to one of my
>>> computers and is sending
>>> emails. I'm running virus scans on both my
>>> computers, neither of
>>> which have turned up anything, and I'm about to run
>>> the
>>> W32.Mytob@mm Removal Tool from Symantec.
>>> Is this something I need to be worried about?
>>> P.S. "xx...@mail.hs.columbia.edu" is not anyone I
>>> know or that would
>>> be in my address book
>>
>>> This is the returned-to-sender email I got:
>>>> from Mail Delivery System
>>>> <MAILER-DAE...@alipes.hs.columbia.edu>
>>>> to xxxxxx...@gmail.com, (me)
>>>> date Nov 28, 2007 8:35 PM
>>>> subject Undelivered Mail Returned to Sender
>>>> mailed-by alipes.hs.columbia.edu
>>
>>>> This is the mail system at host
>>>> alipes.hs.columbia.edu.
>>
>>>> I'm sorry to have to inform you that your message
>>>> could not
>>>> be delivered to one or more recipients. It's
>>>> attached below.
>>
>>>> For further assistance, please send mail to
>>>> <postmaster>|
>>
>>>> If you do so, please include this problem report.
>>>> You can
>>>> delete your own text from the attached returned
>>>> message.
>>
>>>> The mail system
>>
>>>> <xx...@mail.hs.columbia.edu>: mail for
>>>> mail.hs.columbia.edu loops
>>> back to
>>>> myself
>>
>>>> Final-Recipient: rfc822;
>>>> xx...@mail.hs.columbia.edu
>>>> Original-Recipient:
>>>> rfc822;xx...@mail.hs.columbia.edu
>>>> Action: failed
>>>> Status: 5.4.6
>>>> Diagnostic-Code: X-Postfix; mail for
>>>> mail.hs.columbia.edu loops
>>>> back
>>> to myself
>>
>>>> ---------- Forwarded message ----------
>>>> From: xxxxxx...@gmail.com
>>>> To: xx...@mail.hs.columbia.edu
>>>> Date: Thu, 29 Nov 2007 08:33:56 -0500
>>>> Subject: Virus Found in message "HELLO"
>>>> Symantec AntiVirus found a virus in an attachment
>>>> from
>>> xxxxxx...@gmail.com.
>>
>>>> Attachment: readme.scr
>>>> Threat: W32.Mytob.AG@mm
>>>> Action taken: Quarantine succeeded
>>>> File status: Infected
>>> and then there was this underneath:
>>
>>> ät¶
>>> ó¯îþ0û\oq|mÌñÉþA4Q(tm)û(c)×Yø3/4 EU´ØOEÁ3³ë\
>>>> xþ"?FÌ%(c)-\úcXÉ5.ë;{3/4
>>>> OZS4ÚÕÁ(tm){\X(tm)]Úí|À6§(tm)Ë?ë?Øu.5åkºBOE![·oÞ-^i"´
>>>>> Ze"ê? ÓCÙSLkòS
>>>>> '}§]PÛF8Í×ÞîCS,¨(R)(R)VKµ&ÆÒÅËM³µÍ¬>>{/<Y~Ã-
>>> "FJ|4Ão§*ùÍUeC`¨ôkÐ|´[9B£Zêsás±²->§O±
>>> ~^?ô_Ö~Tõ·.P||2)üR-ef
>>> ÉàÅÈqM&?jeµó\ëÀ·f:%Q<àã&Ó?"Ù
>>> I)ða!Hè...27dù^.5qB?qãÈ£6)z4$10ßÉàÙVÊP§... ÎÆ^^4äÕ
>>> > > '¶ón>Ê?>1^" m
>>> 1/2¯ºÏ...¬>>(tm)¤mJÀÒí(tm)Ü°)f×J...´kà¤Õ,ZZgZ*åHÖ¡¯Ù ¢p"ÓRùÛÔÖü
>>> 2glL¿¥¨;
>>> 6ûvU"_C-c-TU-vÒÆ¬|ËKEw¯§%,3mìªsaãÁòÜËËeÌ-Y¸?êg
>>> '7CÒÞ*a1?ó_À *.R§?! DSeòªFns î}ùKV[kç±l`Ý.,MY
>>> x"&9KP.Å"-v|NØ0J0É-eåsa¢¬ åý[7hº-
>>> ¡bëãÃ1/2
>>> WáÜ²T*RÕð1/2þMêDÞäF3²(R)Úpd¬ÉÐ¥$p|"afT>>FhU>ºle<<ÙåI>ô3/43/4
>>> oôñþetáÔ"Ò¥]$l... #zx_
>>> ý(tm)Y²ðÅ2þ?'zÕÓ
>>> Ò Ëq:--üºä""PB[Ú?Äþ l÷ï--8qÎöÂÎg;G:!¨mÌ
>>> °sG{(R)ÃSÊ<<ÀX"~´åuGP\ÓuNH&×XLpm}¨
>>> &*¥áv×'?SîßéÊÓÙ#<->Úï?3&vStéù j
>>> ' ZåOS?]å
>>> O/£Uú6Ü1/4>#èÝÌªæøæxJk:wÒ'¹¹ÛÏ[³&cDß³ñÏä6\>âù&0(c)(c)<<·WdÔÂù\%OEý¢N
>>> Ê`FYÜSÇ×Ó§þòÔI¤äBhìÈ;]wHÌ^Z}´((tm)jñéHLÝÞFPÄ
>>> gß±^Ëu(ÂPAÉÊ¿~ÙÐ
>>> û¯<<!Zìàz3¤b³¯\('ØdIyýñPI?¢sâïlEh?6å~`sEø6^¨ü
>>> ×Äñ<ðú $'à÷m·¬ð-cjÎZèSÔÚ0§O^ÇÍÛzY¹ç{:
>>> Ç¨?ÀÃÖPË<ÖSO3OEÊa¹ã3/4
>>> ÈÝDcK²à: 5NÐ¨¶(ëy(tm)`6Ö|ºµµIn...ð-XFÃ
>>> v>PÍm¯)áÓjàÅÌéxgöÏK...|-
>>>> }<*,>IÛõ~l(tm)?>ÚZrÎõ'FWÀ"¹Úze
>>>> "~dn&`--Êb;...ì¿,ÃéUzâ"*|õ)~
>>> *?b
>>> sW
>>> ?<á-5Ó×Bïs'(tm)x÷ üÅ÷Ã4?³1I?'|¬>û´cÌv>>£Ô-2#3/4 lw?
>>> a
>>> ¢KÌYY 1/2 fY&WÙªJp,"îÃê¯Ò|XÝ³ÝjUýõ(tm)~!´
>>> *--àëÐ"ø¿xª¹&%¨!g
>>> H¬T²k^3/4&s²F"Öô`rº:
>>> eÙ ¤À.Å2Zx?³"Ô¬C8|
>>> ÈY > > ³¬s0ÚÕ¥íÊEæ
>>> << tYþ #sk :ÕòxH~Û'I?§¶\á
>>> ïøåJËZ¢ó9áÐ1/2¸"Rn0 1/4 2L0
>>> 3/4·"ï1/2Ï]÷üZi[7(R)Éû"×ëOE?r56o<u?øür|ÉöãÊú"¶<Á?|S¡:
>>> ,ÒÙ?!ý*ìÇ ¹ÜÛ~ ljð¶¢H¯1/4 W^ý ô...³¯º--'3/4ÅÂ
>>> |c]s1f h
>>> qÈxqÛ3/4ÚyQß¶1/4 SÊÄH³×Ó(tm)òÜÍÕ'ZÎÃ3nø^çc¿r
>>> ±xðF47DL¶*¬"zöâïVe}X'Ñ?köüìfvÞ5YÜ¸ïâTÓbHa
>>> £rt±´²Ã{°\(tm)±ÏjÂ(R)33(tm)'"4±3/4Ó?
>>> $>>w_}wöuGøWÈ¯z>>XGYÁcaûÇÁiÌ&|ÇO_Ø'}SttpOELÄÆPôCDû Y5"î#Dê"°s,?)j²óµ{OEé¿J'(R)"Fl>>ÖÑÖ<>Â|"MæoÔyy(tm) IB¯áíÝ0Õòa9ØÇï'çe>I
>>> 1/2 tüY¿¿O"%gõë¡~>
>>> "ÛÛ
>>> S¶Q[¤áÅg|...1/2óQx Zç)O"ý3
>>> 9ÝÆdQHY\J(c) S
>>> ä"GÌÆÄó- :>-YÝÏfhÆî.°Þ µ
>>> òMÚY\{"a"MtO<<n5¿dÂ^ýÓÜþÇß...¶ÐÃ:~H,ZC"1/4ò/KZpÂ
>>> úä[Þä?)<<(tm)úáfÆ|Î?0Gù# YñbñÚéð$Ò·µU/êð0¯^ð(tm)Ê×ß
>>> õØYÈë-npÅ3~...4^§11#ÚD ZgHÅnC9'ò(c)(c)ÇzE Ç÷
>>> [c&*rWE#)<<··(c))ÔV
>>> ÝãB¹YÞrY fÏ*YfvT?
>
> This isn't my computer acting strangely -- so far, at
> least, the only
> reason I have for suspecting a virus is 2 Gmail
> messages.

01-12-2007, 09:34 AM	#9
Poprivet` Guest Posts: n/a	Re: Possible virus? And I guess that's not strange, eh? YOu're quite a whiz all right. Robert Colgan wrote: > On Nov 28, 10:38 pm, "PA Bear" <PABear...@gmail.com> > wrote: >> Unexplained computer behavior may be caused by >> deceptive >> softwarehttp://support.microsoft.com/kb/827315 >> >> You can run a /thorough/ check for hijackware, >> including posting your >> hijackthis log to an appropriate forum. >> >> Checking for/Help with >> Hijackwarehttp://aumha.org/a/parasite.htm >> http://aumha.org/a/quickfix.htm >> >> >> http://aumha.net/viewtopic.php?t=587...prevention.htm >> http://inetexplorer.mvps.org/tshoot....moving_Malware >> >> When all else fails, HijackThis v2.0.2 >> (http://aumha.org/downloads/hijackthis.exe) is the >> preferred tool to >> use. >> It will help you to both identify and remove any >> hijackware/spyware >> with >> assistance from an expert. Post your log >> tohttp://forums.spybot.info/forumdisplay.php?f=22,http://castlecops.com/forum67.html,h...forum.php?f=30, >> or other appropriate forums for expert analysis, not >> here. >> >> If the procedures look too complex - and there is no >> shame in >> admitting this >> isn't your cup of tea - take the machine to a local, >> reputable and >> independent (i.e., not BigBoxStoreUSA) computer >> repair shop. >> -- >> ~Robear Dyer (PA Bear) >> MS MVP-Windows (IE, OE, Security, Shell/User) >> AumHa VSOP & Adminhttp://aumha.net >> DTS-L.ORGhttp://66.39.69.143/ >> >> Robert Colgan wrote: >>> I'm worried that I've somehow gotten the W32.Mytob >>> virus. Earlier >>> this afternoon, I received the below email: >> >>>> from xxxxxx...@gmail.com >>>> to xxxxxx...@gmail.com (me) >>>> date Nov 28, 2007 9:50 PM >>>> subject Virus Found in message "Hello" >> >>>> Symantec AntiVirus found a virus in an attachment >>>> from >>> xxxxxx...@gmail.com. >> >>>> Attachment: bbkiu.zip >>>> Threat: W32.Mytob.AG@mm >>>> Action taken: Quarantine succeeded >>>> File status: Infected >> >>>> The message contains Unicode characters and has >>>> been sent as a >>> binary attachment. >> >>>> bbkiu.zip >>>> 1K Download >> >>> It surprised me, and while I do have Symantec >>> AntiVirus, I'm not >>> sure >>> how Symantec got to this email, since it was on >>> Gmail's webmail >>> interface (it didn't look like Gmail's built-in >>> anti-virus either -- >>> it will display something about a virus next to the >>> attachment, I >>> believe). Or, even, that it did at all -- I know >>> many viruses >>> masquerade as anti-virus messages. So, I didn't >>> download anything >>> and went on my merry business, thinking that >>> whatever it was, as >>> long as I didn't download anything, I wouldn't get >>> infected. >> >>> But later, I got the below "returned-to-sender" >>> email. I'm concerned >>> that the virus somehow got on to one of my >>> computers and is sending >>> emails. I'm running virus scans on both my >>> computers, neither of >>> which have turned up anything, and I'm about to run >>> the >>> W32.Mytob@mm Removal Tool from Symantec. >>> Is this something I need to be worried about? >>> P.S. "xx...@mail.hs.columbia.edu" is not anyone I >>> know or that would >>> be in my address book >> >>> This is the returned-to-sender email I got: >>>> from Mail Delivery System >>>> <MAILER-DAE...@alipes.hs.columbia.edu> >>>> to xxxxxx...@gmail.com, (me) >>>> date Nov 28, 2007 8:35 PM >>>> subject Undelivered Mail Returned to Sender >>>> mailed-by alipes.hs.columbia.edu >> >>>> This is the mail system at host >>>> alipes.hs.columbia.edu. >> >>>> I'm sorry to have to inform you that your message >>>> could not >>>> be delivered to one or more recipients. It's >>>> attached below. >> >>>> For further assistance, please send mail to >>>> <postmaster>\| >> >>>> If you do so, please include this problem report. >>>> You can >>>> delete your own text from the attached returned >>>> message. >> >>>> The mail system >> >>>> <xx...@mail.hs.columbia.edu>: mail for >>>> mail.hs.columbia.edu loops >>> back to >>>> myself >> >>>> Final-Recipient: rfc822; >>>> xx...@mail.hs.columbia.edu >>>> Original-Recipient: >>>> rfc822;xx...@mail.hs.columbia.edu >>>> Action: failed >>>> Status: 5.4.6 >>>> Diagnostic-Code: X-Postfix; mail for >>>> mail.hs.columbia.edu loops >>>> back >>> to myself >> >>>> ---------- Forwarded message ---------- >>>> From: xxxxxx...@gmail.com >>>> To: xx...@mail.hs.columbia.edu >>>> Date: Thu, 29 Nov 2007 08:33:56 -0500 >>>> Subject: Virus Found in message "HELLO" >>>> Symantec AntiVirus found a virus in an attachment >>>> from >>> xxxxxx...@gmail.com. >> >>>> Attachment: readme.scr >>>> Threat: W32.Mytob.AG@mm >>>> Action taken: Quarantine succeeded >>>> File status: Infected >>> and then there was this underneath: >> >>> ät¶ >>> ó¯îþ0û\oq\|mÌñÉþA4Q(tm)û(c)×Yø3/4 EU´ØOEÁ3³ë\ >>>> xþ"?FÌ%(c)-\úcXÉ5.ë;{3/4 >>>> OZS4ÚÕÁ(tm){\X(tm)]Úí\|À6§(tm)Ë?ë?Øu.5åkºBOE![·oÞ-^i"´ >>>>> Ze"ê? ÓCÙSLkòS >>>>> '}§]PÛF8Í×ÞîCS,¨(R)(R)VKµ&ÆÒÅËM³µÍ¬>>{/<Y~Ã- >>> "FJ\|4Ão§ùÍUeC`¨ôkÐ\|´[9B£Zêsás±²->§O± >>> ~^?ô_Ö~Tõ·.P\|\|2)üR-ef >>> ÉàÅÈqM&?jeµó\ëÀ·f:%Q<àã&Ó?"Ù >>> I)ða!Hè...27dù^.5qB?qãÈ£6)z4$10ßÉàÙVÊP§... ÎÆ^^4äÕ >>> > > '¶ón>Ê?>1^" m >>> 1/2¯ºÏ...¬>>(tm)¤mJÀÒí(tm)Ü°)f×J...´kà¤Õ,ZZgZåHÖ¡¯Ù ¢p"ÓRùÛÔÖü >>> 2glL¿¥¨; >>> 6ûvU"_C-c-TU-vÒÆ¬\|ËKEw¯§%,3mìªsaãÁòÜËËeÌ-Y¸?êg >>> '7CÒÞa1?ó_À .R§?! DSeòªFns î}ùKV[kç±l`Ý.,MY >>> x"&9KP.Å"-v\|NØ0J0É-eåsa¢¬ åý[7hº- >>> ¡bëãÃ1/2 >>> WáÜ²TRÕð1/2þMêDÞäF3²(R)Úpd¬ÉÐ¥$p\|"afT>>FhU>ºle<<ÙåI>ô3/43/4 >>> oôñþetáÔ"Ò¥]$l... #zx_ >>> ý(tm)Y²ðÅ2þ?'zÕÓ >>> Ò Ëq:--üºä""PB[Ú?Äþ l÷ï--8qÎöÂÎg;G:!¨mÌ >>> °sG{(R)ÃSÊ<<ÀX"~´åuGP\ÓuNH&×XLpm}¨ >>> &¥áv×'?SîßéÊÓÙ#<->Úï?3&vStéù j >>> ' ZåOS?]å >>> O/£Uú6Ü1/4>#èÝÌªæøæxJk:wÒ'¹¹ÛÏ[³&cDß³ñÏä6\>âù&0(c)(c)<<·WdÔÂù\%OEý¢N >>> Ê`FYÜSÇ×Ó§þòÔI¤äBhìÈ;]wHÌ^Z}´((tm)jñéHLÝÞFPÄ >>> gß±^Ëu(ÂPAÉÊ¿~ÙÐ >>> û¯<<!Zìàz3¤b³¯\('ØdIyýñPI?¢sâïlEh?6å~`sEø6^¨ü >>> ×Äñ<ðú $'à÷m·¬ð-cjÎZèSÔÚ0§O^ÇÍÛzY¹ç{: >>> Ç¨?ÀÃÖPË<ÖSO3OEÊa¹ã3/4 >>> ÈÝDcK²à: 5NÐ¨¶(ëy(tm)`6Ö\|ºµµIn...ð-XFÃ >>> v>PÍm¯)áÓjàÅÌéxgöÏK...\|- >>>> }<,>IÛõ~l(tm)?>ÚZrÎõ'FWÀ"¹Úze >>>> "~dn&`--Êb;...ì¿,ÃéUzâ"\|õ)~ >>> ?b >>> sW >>> ?<á-5Ó×Bïs'(tm)x÷ üÅ÷Ã4?³1I?'\|¬>û´cÌv>>£Ô-2#3/4 lw? >>> a >>> ¢KÌYY 1/2 fY&WÙªJp,"îÃê¯Ò\|XÝ³ÝjUýõ(tm)~!´ >>> --àëÐ"ø¿xª¹&%¨!g >>> H¬T²k^3/4&s²F"Öô`rº: >>> eÙ ¤À.Å2Zx?³"Ô¬C8\| >>> ÈY > > ³¬s0ÚÕ¥íÊEæ >>> << tYþ #sk :ÕòxH~Û'I?§¶\á >>> ïøåJËZ¢ó9áÐ1/2¸"Rn0 1/4 2L0 >>> 3/4·"ï1/2Ï]÷üZi[7(R)Éû"×ëOE?r56o<u?øür\|ÉöãÊú"¶<Á?\|S¡: >>> ,ÒÙ?!ýìÇ ¹ÜÛ~ ljð¶¢H¯1/4 W^ý ô...³¯º--'3/4ÅÂ >>> \|c]s1f h >>> qÈxqÛ3/4ÚyQß¶1/4 SÊÄH³×Ó(tm)òÜÍÕ'ZÎÃ3nø^çc¿r >>> ±xðF47DL¶¬"zöâïVe}X'Ñ?köüìfvÞ5YÜ¸ïâTÓbHa >>> £rt±´²Ã{°\(tm)±ÏjÂ(R)33(tm)'"4±3/4Ó? >>> $>>w_}wöuGøWÈ¯z>>XGYÁcaûÇÁiÌ&\|ÇO_Ø'}SttpOELÄÆPôCDû Y5"î#Dê"°s,?)j²óµ{OEé¿J'(R)"Fl>>ÖÑÖ<>Â\|"MæoÔyy(tm) IB¯áíÝ0Õòa9ØÇï'çe>I >>> 1/2 tüY¿¿O"%gõë¡~> >>> "ÛÛ >>> S¶Q[¤áÅg\|...1/2óQx Zç)O"ý3 >>> 9ÝÆdQHY\J(c) S >>> ä"GÌÆÄó- :>-YÝÏfhÆî.°Þ µ >>> òMÚY\{"a"MtO<<n5¿dÂ^ýÓÜþÇß...¶ÐÃ:~H,ZC"1/4ò/KZpÂ >>> úä[Þä?)<<(tm)úáfÆ\|Î?0Gù# YñbñÚéð$Ò·µU/êð0¯^ð(tm)Ê×ß >>> õØYÈë-npÅ3~...4^§11#ÚD ZgHÅnC9'ò(c)(c)ÇzE Ç÷ >>> [c&rWE#)<<··(c))ÔV >>> ÝãB¹YÞrY fÏYfvT? > > This isn't my computer acting strangely -- so far, at > least, the only > reason I have for suspecting a virus is 2 Gmail > messages.