possible worm--help



txs@bsd.net
07-09-2005, 10:11 PM
I need a bit of help--I keep getting undeliverable mail returned from my
mailserver. However, it is mail that I never sent. It looks to be German
writing about the bombing of Dresden. I think that this is probably a worm.
I ran the symantic tool for W32.Sober.O@mm, but the removal program found
nothing. Does anyone have any idea what this might be and how to remove it?
Thanks.

Unruh
07-09-2005, 10:11 PM
txs@bsd.net writes:

>I need a bit of help--I keep getting undeliverable mail returned from my
>mailserver. However, it is mail that I never sent. It looks to be German
>writing about the bombing of Dresden. I think that this is probably a worm.
> I ran the symantic tool for W32.Sober.O@mm, but the removal program found
>nothing. Does anyone have any idea what this might be and how to remove it?
>Thanks.

What you need to do is look at the full header of the mail message, in
particular the last "Received:" line. That will tell you where the message
originated from. It is almost certainly NOT your machine. Someone else is
spoofing your return address. Then the mailer in the To: location finds it
is to non-existant accounts and returns it to the From: address(you) rather
than the machine it originally came from.

Ie, it is almost certainly NOT anything from your machine and does not
indicate a worm on your machine. (but check that Recieved: line)

Ron Martell
07-09-2005, 10:11 PM
txs@bsd.net wrote:

>I need a bit of help--I keep getting undeliverable mail returned from my
>mailserver. However, it is mail that I never sent. It looks to be German
>writing about the bombing of Dresden. I think that this is probably a worm.
> I ran the symantic tool for W32.Sober.O@mm, but the removal program found
>nothing. Does anyone have any idea what this might be and how to remove it?
>Thanks.

This is an endemic problem that almost everyone is encountering
because of the latest Sober variant.

What is probably happening is that some other computer that has your
email address in their address book has become infected and that
computer is generating the spam emails using your address (and
everyone else in that address book) as the sender.

Just make sure that your machine is clean and protected, and get used
to using the Delete key to dispose of these messages. Beyond that
there is not much that you can do.

Good luck


Ron Martell Duncan B.C. Canada
--
Microsoft MVP
On-Line Help Computer Service
http://onlinehelp.bc.ca

In memory of a dear friend Alex Nichol MVP
http://aumha.org/alex.htm


possible worm--help