Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Mailer-daemon .....

(New)
(!)

Wkatydid's Avatar
Wkatydid Wkatydid is offline
Member with 129 posts.
THREAD STARTER
 
Join Date: Aug 2003
Location: Va. Beach, VA
08-Feb-2004, 10:42 PM #1
Mailer-daemon .....
Kind of curious about this occurrence, and was wondering if anyone knew what was going on.....

I pretty much have not had a computer for a few weeks now. Finally got everything going on my new one, and got online today. As I was going through my new mail to delete the "junk", there were 3 MAILER-DAEMON messages about undeliverable mail. Now, these were to email addresses I don't know, and I wasn't even able to get online in the three days that these messages came to my mailbox....

Could this have been the new "worm" that came out?? And should I be on the lookout for anything when I actually start opening the email that ostensibly came from people I "know"?
Byteman's Avatar
Byteman   (Bill) Byteman is offline Byteman is authorized to help remove malware. Byteman has a Profile Picture
Moderator & Malware Removal Specialist with 17,381 posts.
 
Join Date: Jan 2002
Location: NY
08-Feb-2004, 11:21 PM #2
Hi, The only way just opening, or previewing emails can infect you, is using something like Outlook Express....that has an active preview mode- executable viruses can run from this preview mode in at least Outlook Express, not sure about any other email programs....If you do use OE, the setting for Preview can be turned off- please let us know if you do use OE as your email program at all, and definitely if the mails you had returned were in OE.
It does sound like the MyDoom type of returned mail with a .zip or other attachment....of course, do not open those or any attachments you are not 100% sure were actually sent by someone for you to open.....best idea is to write back or have the sender mention the attachment, what it is, etc in the email so you KNOW that it was attached by them and is safe.
Many MyDoom removers posted, here are some:

http://www.a1vbcode.com/app.asp?ID=2542

The one below here is for MyDoom type B....
http://www.bitdefender.com/html/viru..._id=1&v_id=186


and if you go to this site, it has many lists with links to speciifc worms etc removal tools.....you can find several of the MyDoom removers there (there are more than one variant of it)

http://www3.telus.net/mikebike/Virus_Removers.htm#1
You could just as easily have a Mimail type, which is very similar to MyDoom.
You may not have anything at all, just pays to check. Good luck.
Probably you should post a HijackThis log for review....
the directions and download for it are here:

http://mjc1.com/mirror/hjt/
__________________
Mung (computer term), the act of making several incremental changes to an item that combine to destroy it
Donate directly to help the site TSG Library
TSG's Welcome Guide- Tips, Rules, How to use TSG and more!
Wkatydid's Avatar
Wkatydid Wkatydid is offline
Member with 129 posts.
THREAD STARTER
 
Join Date: Aug 2003
Location: Va. Beach, VA
08-Feb-2004, 11:37 PM #3
Thanks for responding, Byteman. No, I don't use OE. I don't think that I have either of those worms, and had no computer, and no means to get online on the days in question. I did post a HJT log in another thread... But that was because of the problems I'd been having with the NEW computer I just bought yesterday. And I'd gotten the W32.Welchia.Worm, which NAV caught, and the W32.Blaster.Worm, which AdAware caught.

Just thinking that a worm was using my email address (while *I* couldn't... mind you) to send itself out to people (who I don't even know!! Who knows... maybe to people I DO know, too). Just wondering if someone could give me heads up on what might be (have been) going on....
sleekluxury's Avatar
Senior Member with 3,752 posts.
 
Join Date: Oct 2003
Location: San Diego
08-Feb-2004, 11:45 PM #4
It could be many things...
someone could be using your email account...happened to me

Spammer has hijacked your system to send out spam so it can not be traced back to the original spammer

You could get a worm that sends out malicious emails

You could have sent those emails a few days back yourself and just got them back today.

You could try Trojan Guarder Gold, its only a 30-day trial and it finds and deletes any running viruses/trojans
http://www.your-soft.com/Trojan_Guarder_Gld.exe

What email program are you using to check your email? Or is this web based, if its web based then it should have nothing to do with your computer.
Flrman1's Avatar
Flrman1   (Mark) Flrman1 is offline Flrman1 has a Profile Picture
Member with 46,322 posts.
 
Join Date: Jul 2002
Location: Thomasville, NC
08-Feb-2004, 11:47 PM #5
There are many worms out there that will infect a machine and once they have infected that machine it harvests the email addy's from the machines addressbook and sends itself out spoofing the from fields in the emails.

For example let's say I am infected with the MyDoom worm and I have your email addy in my addressbook and I also have byteman's. MyDoom will send an email to Byteman with your email in the From field making it appear that the email came from you. It will attach itself to that email with a bogus message attempting to trick byteman into opening the attachment thus infecting his machine and further propogating it's infection by spoofing the email addy's in byteman's machine and the cycle repeats over and over.
__________________
If I have helped solve your problem, please Click Here and make a donation to help keep this great site running. 100% goes directly to this site.
Flrman1's Avatar
Flrman1   (Mark) Flrman1 is offline Flrman1 has a Profile Picture
Member with 46,322 posts.
 
Join Date: Jul 2002
Location: Thomasville, NC
08-Feb-2004, 11:52 PM #6
He has already posted a Hijack This log in another thread and he is clean
Byteman's Avatar
Byteman   (Bill) Byteman is offline Byteman is authorized to help remove malware. Byteman has a Profile Picture
Moderator & Malware Removal Specialist with 17,381 posts.
 
Join Date: Jan 2002
Location: NY
08-Feb-2004, 11:52 PM #7
And....with MyDoom, you and others also get fake returned mails, also with attachments, to trick them into opening the attachments to see what went wrong!! The attachments also have innocent looking file extensions, like .txt .doc and so forth, but the real extension is hidden way over on the right side, so far away you dont even see it.
Wkatydid's Avatar
Wkatydid Wkatydid is offline
Member with 129 posts.
THREAD STARTER
 
Join Date: Aug 2003
Location: Va. Beach, VA
09-Feb-2004, 07:30 AM #8
Well, I'm on Compuserve. And I hadn't sent anything out, as I hadn't been online from approximately 1/16 to 2/7, so returned undeliverable mail on 1/30, 1/31 & 2/1 was totally impossible from my part.

I was "bad", and opened the mail out of curiosity, and the firm knowledge that all my Antivirus, etc were up to date. There were no attachments to open on my end, but supposedly attachments went out on the undeliverable mail:

to: staff@iharrypotter.net a "readme.pif" attachment
to: owensfamily@?? a "message.?? attachment (can't remember)
to: trash@earthlink.com a "text.scr" attachment


That's interesting that someone could "hijack" my email address without my password. How does one find out if that happens?

And if it's a worm, am I to assume that it used my email address off someone else's email, since I couldn't even get on the computer at that time, much less the internet?

I'm understandably a bit gunshy right now, as I had such problems with the old computer crapping out on me, then with this new one. Though it does seem as if I now have the bugs... and the worms (Welchia and Blaster)... worked out of the new one.

Wendy
Flrman1's Avatar
Flrman1   (Mark) Flrman1 is offline Flrman1 has a Profile Picture
Member with 46,322 posts.
 
Join Date: Jul 2002
Location: Thomasville, NC
09-Feb-2004, 10:29 AM #9
Quote:
Originally posted by Wkatydid:
And if it's a worm, am I to assume that it used my email address off someone else's email, since I couldn't even get on the computer at that time, much less the internet?
Yes, that's exactly what happened. They don't need your password to spoof your email addy.
Wkatydid's Avatar
Wkatydid Wkatydid is offline
Member with 129 posts.
THREAD STARTER
 
Join Date: Aug 2003
Location: Va. Beach, VA
09-Feb-2004, 06:46 PM #10
Well, I guess all in all, I've been pretty lucky so far. Just gotta put up the guard a bit more!!
Jerseyboy's Avatar
Jerseyboy Jerseyboy is offline
Member with 175 posts.
 
Join Date: Feb 2004
Location: sunny florida
09-Feb-2004, 07:02 PM #11
Byteman,
How do you turn off the preview setting in OE?

________________
Mike
Flrman1's Avatar
Flrman1   (Mark) Flrman1 is offline Flrman1 has a Profile Picture
Member with 46,322 posts.
 
Join Date: Jul 2002
Location: Thomasville, NC
09-Feb-2004, 08:52 PM #12
In Outlook Express go to View > Layout and under "Preview Pane" remove the check by "Show Preview Pane" click Apply then OK.
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑