Simpler Navigation for Servers and Operating Systems - Please Update Your Bookmarks
Completed: a much simpler Servers and Operating Systems section of the Community. We combined many of the older boards, so you won't have to click through so many levels to get at the information you need. Check the consolidated boards here as many sub-forums are now single boards.
If you have bookmarked forums or discussion boards in Servers and Operating Systems, we suggest you check and update them as needed.
Operating System - Microsoft
cancel
Showing results for 
Search instead for 
Did you mean: 

Possible Email Trojan???

SOLVED
Go to solution
Barry Hunter
Frequent Advisor

Possible Email Trojan???

Folks,

This evening I got the following 'bounce' email back to me. It looks like I tried to send it but I did not.

It's either completely spoofed to look like I sent it or there is something on my machine sending mail out on the sly.

Anti-Trojan 5.5 came back clean.

Any suggestions on the above?

Many Thanks

Barry
_____________________
This message was created automatically by mail delivery software (Exim).

A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed:

ink_mark@neptunz.***
retry time not reached for any host after a long failure period

------ This is a copy of the message, including all the headers. ------

Return-path: <***My email address***>
Received: from [**.128.18.159] (helo=tbird)
by rhenium.btinternet.com with esmtp (Exim 3.22 #25)
id 1AnmNB-00016x-00
for ink_mark@neptunz.***; Mon, 02 Feb 2004 22:16:53 +0000
From: "Barry" <***my email***>
To:
Date: Mon, 2 Feb 2004 22:16:42 -0000
Message-ID: <001601c3e9da$403763a0$0c00000a@krustymonkey>
MIME-Version: 1.0
Content-Type: application/ms-tnef;
name="winmail.dat"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="winmail.dat"
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.2616
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Importance: Normal
X-MS-TNEF-Correlator: C5618F82E2E2541B24168ECEA7CE46A44362900
Subject: Not read: Don't pay so much for Ink Cartridges
_____________________
9 REPLIES
Norman_21
Honored Contributor

Re: Possible Email Trojan???

If you are sure about the email address that it's a valid email address then it's possible that you have the Mydoom.A or Mydoom.B Worm. Read here and patch your Outlook:
http://www.microsoft.com/security/antivirus/mydoom.asp

good luck
"Attitudes are contagious, is yours worth catching"/ My first point was given by SEP on January 31, 2003
Roger Faucher
Honored Contributor

Re: Possible Email Trojan???

Hey XMAN:

Where have you been. I've missed you.

Roger
Make a great day!

Roger
Norman_21
Honored Contributor

Re: Possible Email Trojan???


Glad to see you at the very top!! Thanks alot you are a nice person. I've been hanging out my friend.
later........
"Attitudes are contagious, is yours worth catching"/ My first point was given by SEP on January 31, 2003
Barry Hunter
Frequent Advisor

Re: Possible Email Trojan???


XMAN,

I ran a check for both variants of MyDoom from the link you sent me. Came back clear both times.

Any other possiblities you can think of?

Many Thanks,

Barry
Alexander Chuzhoy
Honored Contributor
Solution

Re: Possible Email Trojan???

60% of my users complained about this.

Someone who has your e-mail addrress in contacts got infected with this virus.It sends e-mails to many addresses with your e-mail address as source. That's why you recieve the undelivery messages.
Barry Hunter
Frequent Advisor

Re: Possible Email Trojan???


Alexander,

What worries me is that the Received from header has both my IP address AND my machine ident.

>Received: from [**.128.18.159] (helo=tbird)


Doesn't this suggest that the mail DID originate on my machine?

Is there a better Trojan search tool than Anti-Trojan 5.5?

Thanks again

Barry
Alexander Chuzhoy
Honored Contributor

Re: Possible Email Trojan???

Hi.
Go to this link to read more about the virus:
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MYDOOM.A


As for removal tool-I'd recomend to download from www.trendmicro.com their removal.

Search in that site for a file name sysclean.com and download it to your machine.Then try to run it-it'll complain about some file missing (don't remember it's name-I'm at home at the moment) search for it and download it to the same directory that the sysclean is and run sysclean again. It's pretty good.
Barry Hunter
Frequent Advisor

Re: Possible Email Trojan???


Alexander,

Thanks for the link.

Sysclean dl'd and run. System checked out clean.

Not me then!

Thanks again

Barry
Norman_21
Honored Contributor

Re: Possible Email Trojan???

Barry

It goes both way my friend.
Sorry I missed your questions!
"Attitudes are contagious, is yours worth catching"/ My first point was given by SEP on January 31, 2003