1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Mailer-daemon .....

Discussion in 'Virus & Other Malware Removal' started by Wkatydid, Feb 8, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. Wkatydid

    Wkatydid Thread Starter

    Joined:
    Aug 13, 2003
    Messages:
    129
    Kind of curious about this occurrence, and was wondering if anyone knew what was going on.....

    I pretty much have not had a computer for a few weeks now. Finally got everything going on my new one, and got online today. As I was going through my new mail to delete the "junk", there were 3 MAILER-DAEMON messages about undeliverable mail. Now, these were to email addresses I don't know, and I wasn't even able to get online in the three days that these messages came to my mailbox....

    Could this have been the new "worm" that came out?? And should I be on the lookout for anything when I actually start opening the email that ostensibly came from people I "know"?
     
  2. Byteman

    Byteman Moderator Malware Specialist

    Joined:
    Jan 24, 2002
    Messages:
    17,725
    Hi, The only way just opening, or previewing emails can infect you, is using something like Outlook Express....that has an active preview mode- executable viruses can run from this preview mode in at least Outlook Express, not sure about any other email programs....If you do use OE, the setting for Preview can be turned off- please let us know if you do use OE as your email program at all, and definitely if the mails you had returned were in OE.
    It does sound like the MyDoom type of returned mail with a .zip or other attachment....of course, do not open those or any attachments you are not 100% sure were actually sent by someone for you to open.....best idea is to write back or have the sender mention the attachment, what it is, etc in the email so you KNOW that it was attached by them and is safe.
    Many MyDoom removers posted, here are some:

    http://www.a1vbcode.com/app.asp?ID=2542

    The one below here is for MyDoom type B....
    http://www.bitdefender.com/html/virusinfo.php?menu_id=1&v_id=186


    and if you go to this site, it has many lists with links to speciifc worms etc removal tools.....you can find several of the MyDoom removers there (there are more than one variant of it)

    http://www3.telus.net/mikebike/Virus_Removers.htm#1
    You could just as easily have a Mimail type, which is very similar to MyDoom.
    You may not have anything at all, just pays to check. Good luck.
    Probably you should post a HijackThis log for review....
    the directions and download for it are here:

    http://mjc1.com/mirror/hjt/
     
  3. Wkatydid

    Wkatydid Thread Starter

    Joined:
    Aug 13, 2003
    Messages:
    129
    Thanks for responding, Byteman. No, I don't use OE. I don't think that I have either of those worms, and had no computer, and no means to get online on the days in question. I did post a HJT log in another thread... But that was because of the problems I'd been having with the NEW computer I just bought yesterday. And I'd gotten the W32.Welchia.Worm, which NAV caught, and the W32.Blaster.Worm, which AdAware caught.

    Just thinking that a worm was using my email address (while *I* couldn't... mind you) to send itself out to people (who I don't even know!! Who knows... maybe to people I DO know, too). Just wondering if someone could give me heads up on what might be (have been) going on....
     
  4. sleekluxury

    sleekluxury

    Joined:
    Oct 5, 2003
    Messages:
    3,752
    It could be many things...
    someone could be using your email account...happened to me

    Spammer has hijacked your system to send out spam so it can not be traced back to the original spammer

    You could get a worm that sends out malicious emails

    You could have sent those emails a few days back yourself and just got them back today.

    You could try Trojan Guarder Gold, its only a 30-day trial and it finds and deletes any running viruses/trojans
    http://www.your-soft.com/Trojan_Guarder_Gld.exe

    What email program are you using to check your email? Or is this web based, if its web based then it should have nothing to do with your computer.
     
  5. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,322
    There are many worms out there that will infect a machine and once they have infected that machine it harvests the email addy's from the machines addressbook and sends itself out spoofing the from fields in the emails.

    For example let's say I am infected with the MyDoom worm and I have your email addy in my addressbook and I also have byteman's. MyDoom will send an email to Byteman with your email in the From field making it appear that the email came from you. It will attach itself to that email with a bogus message attempting to trick byteman into opening the attachment thus infecting his machine and further propogating it's infection by spoofing the email addy's in byteman's machine and the cycle repeats over and over.
     
  6. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,322
    He has already posted a Hijack This log in another thread and he is clean
     
  7. Byteman

    Byteman Moderator Malware Specialist

    Joined:
    Jan 24, 2002
    Messages:
    17,725
    And....with MyDoom, you and others also get fake returned mails, also with attachments, to trick them into opening the attachments to see what went wrong!! The attachments also have innocent looking file extensions, like .txt .doc and so forth, but the real extension is hidden way over on the right side, so far away you dont even see it.
     
  8. Wkatydid

    Wkatydid Thread Starter

    Joined:
    Aug 13, 2003
    Messages:
    129
    Well, I'm on Compuserve. And I hadn't sent anything out, as I hadn't been online from approximately 1/16 to 2/7, so returned undeliverable mail on 1/30, 1/31 & 2/1 was totally impossible from my part.

    I was "bad", and opened the mail out of curiosity, and the firm knowledge that all my Antivirus, etc were up to date. There were no attachments to open on my end, but supposedly attachments went out on the undeliverable mail:

    to: [email protected] a "readme.pif" attachment
    to: owensfamily@?? a "message.?? attachment (can't remember)
    to: [email protected] a "text.scr" attachment


    That's interesting that someone could "hijack" my email address without my password. How does one find out if that happens?

    And if it's a worm, am I to assume that it used my email address off someone else's email, since I couldn't even get on the computer at that time, much less the internet?

    I'm understandably a bit gunshy right now, as I had such problems with the old computer crapping out on me, then with this new one. Though it does seem as if I now have the bugs... and the worms (Welchia and Blaster)... worked out of the new one.

    Wendy
     
  9. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,322
    Yes, that's exactly what happened. They don't need your password to spoof your email addy.
     
  10. Wkatydid

    Wkatydid Thread Starter

    Joined:
    Aug 13, 2003
    Messages:
    129
    :( Well, I guess all in all, I've been pretty lucky so far. Just gotta put up the guard a bit more!!
     
  11. Jerseyboy

    Jerseyboy

    Joined:
    Feb 2, 2004
    Messages:
    175
    Byteman,
    How do you turn off the preview setting in OE?

    ________________
    Mike
     
  12. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,322
    In Outlook Express go to View > Layout and under "Preview Pane" remove the check by "Show Preview Pane" click Apply then OK.
     
  13. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/202032