[Wkatydid]

Kind of curious about this occurrence, and was wondering if anyone knew what was going on.....

I pretty much have not had a computer for a few weeks now. Finally got everything going on my new one, and got online today. As I was going through my new mail to delete the "junk", there were 3 MAILER-DAEMON messages about undeliverable mail. Now, these were to email addresses I don't know, and I wasn't even able to get online in the three days that these messages came to my mailbox....

Could this have been the new "worm" that came out?? And should I be on the lookout for anything when I actually start opening the email that ostensibly came from people I "know"?

[Byteman]

Hi, The only way just opening, or previewing emails can infect you, is using something like Outlook Express....that has an active preview mode- executable viruses can run from this preview mode in at least Outlook Express, not sure about any other email programs....If you do use OE, the setting for Preview can be turned off- please let us know if you do use OE as your email program at all, and definitely if the mails you had returned were in OE.
It does sound like the MyDoom type of returned mail with a .zip or other attachment....of course, do not open those or any attachments you are not 100% sure were actually sent by someone for you to open.....best idea is to write back or have the sender mention the attachment, what it is, etc in the email so you KNOW that it was attached by them and is safe.
Many MyDoom removers posted, here are some:

http://www.a1vbcode.com/app.asp?ID=2542

The one below here is for MyDoom type B....
http://www.bitdefender.com/html/viru..._id=1&v_id=186


and if you go to this site, it has many lists with links to speciifc worms etc removal tools.....you can find several of the MyDoom removers there (there are more than one variant of it)

http://www3.telus.net/mikebike/Virus_Removers.htm#1
You could just as easily have a Mimail type, which is very similar to MyDoom.
You may not have anything at all, just pays to check. Good luck.
Probably you should post a HijackThis log for review....
the directions and download for it are here:

http://mjc1.com/mirror/hjt/

[Wkatydid]

Thanks for responding, Byteman. No, I don't use OE. I don't think that I have either of those worms, and had no computer, and no means to get online on the days in question. I did post a HJT log in another thread... But that was because of the problems I'd been having with the NEW computer I just bought yesterday. And I'd gotten the W32.Welchia.Worm, which NAV caught, and the W32.Blaster.Worm, which AdAware caught.

Just thinking that a worm was using my email address (while *I* couldn't... mind you) to send itself out to people (who I don't even know!! Who knows... maybe to people I DO know, too). Just wondering if someone could give me heads up on what might be (have been) going on....

[sleekluxury]

It could be many things...
someone could be using your email account...happened to me

Spammer has hijacked your system to send out spam so it can not be traced back to the original spammer

You could get a worm that sends out malicious emails

You could have sent those emails a few days back yourself and just got them back today.

You could try Trojan Guarder Gold, its only a 30-day trial and it finds and deletes any running viruses/trojans
http://www.your-soft.com/Trojan_Guarder_Gld.exe

What email program are you using to check your email? Or is this web based, if its web based then it should have nothing to do with your computer.

[Flrman1]

There are many worms out there that will infect a machine and once they have infected that machine it harvests the email addy's from the machines addressbook and sends itself out spoofing the from fields in the emails.

For example let's say I am infected with the MyDoom worm and I have your email addy in my addressbook and I also have byteman's. MyDoom will send an email to Byteman with your email in the From field making it appear that the email came from you. It will attach itself to that email with a bogus message attempting to trick byteman into opening the attachment thus infecting his machine and further propogating it's infection by spoofing the email addy's in byteman's machine and the cycle repeats over and over.

[Flrman1]

He has already posted a Hijack This log in another thread and he is clean

[Byteman]

And....with MyDoom, you and others also get fake returned mails, also with attachments, to trick them into opening the attachments to see what went wrong!! The attachments also have innocent looking file extensions, like .txt .doc and so forth, but the real extension is hidden way over on the right side, so far away you dont even see it.

[Wkatydid]

Well, I'm on Compuserve. And I hadn't sent anything out, as I hadn't been online from approximately 1/16 to 2/7, so returned undeliverable mail on 1/30, 1/31 & 2/1 was totally impossible from my part.

I was "bad", and opened the mail out of curiosity, and the firm knowledge that all my Antivirus, etc were up to date. There were no attachments to open on my end, but supposedly attachments went out on the undeliverable mail:

to: staff@iharrypotter.net a "readme.pif" attachment
to: owensfamily@?? a "message.?? attachment (can't remember)
to: trash@earthlink.com a "text.scr" attachment


That's interesting that someone could "hijack" my email address without my password. How does one find out if that happens?

And if it's a worm, am I to assume that it used my email address off someone else's email, since I couldn't even get on the computer at that time, much less the internet?

I'm understandably a bit gunshy right now, as I had such problems with the old computer crapping out on me, then with this new one. Though it does seem as if I now have the bugs... and the worms (Welchia and Blaster)... worked out of the new one.

Wendy

[Flrman1]

Quote:

Originally posted by Wkatydid:
And if it's a worm, am I to assume that it used my email address off someone else's email, since I couldn't even get on the computer at that time, much less the internet?

Yes, that's exactly what happened. They don't need your password to spoof your email addy.

[Wkatydid]

Well, I guess all in all, I've been pretty lucky so far. Just gotta put up the guard a bit more!!

[Jerseyboy]

Byteman,
How do you turn off the preview setting in OE?

________________
Mike

[Flrman1]

In Outlook Express go to View > Layout and under "Preview Pane" remove the check by "Show Preview Pane" click Apply then OK.