Jump to content

Recommended Posts

Posted

I have been receiving strange e-mails recently. The messages say:

 

The original message was received at Thu, 29 Sep 2005 08:18:11 -0400 (EDT)

from u1061246.ul.warwick.net [216.6.143.227]

 

 

*** ATTENTION ***

 

Your e-mail is being returned to you because there was a problem with its

delivery. The address which was undeliverable is listed in the section

labeled: "----- The following addresses had permanent fatal errors -----".

 

The reason your mail is being returned to you is listed in the section

labeled: "----- Transcript of Session Follows -----".

 

The line beginning with "<<<" describes the specific reason your e-mail could

not be delivered. The next line contains a second error message which is a

general translation for other e-mail servers.

 

Please direct further questions regarding this message to your e-mail

administrator.

 

--AOL Postmaster

 

 

 

----- The following addresses had permanent fatal errors -----

<onewyld68@aol.com>

 

----- Transcript of session follows -----

... while talking to air-yb02.mail.aol.com.:

>>> DATA

<<< 554 TRANSACTION FAILED - Unrepairable Virus Detected. Your mail has not been sent.

554 <onewyld68@aol.com>... Service unavailable

 

 

 

--------------------------------------------------------------------------------

 

 

Received: from aol.com (u1061246.ul.warwick.net [216.6.143.227]) by rly-yb03.mx.aol.com (v107.13) with ESMTP id MAILRELAYINYB36-18c433bdb7e76; Thu, 29 Sep 2005 08:18:07 -0400

From: nintendofunstuff@hotmail.com

To: onewyld68@aol.com

Subject: Re: Your product

Date: Thu, 29 Sep 2005 06:49:17 -0400

MIME-Version: 1.0

Content-Type: multipart/mixed;

boundary="----=_NextPart_000_0005_00006B6F.00004D16"

X-Priority: 3

X-MSMail-Priority: Normal

X-AOL-IP: 216.6.143.227

X-AOL-SCOLL-SCORE: 0:2:374465557:10737418

X-AOL-SCOLL-URL_COUNT: 0

Message-ID: <200509290818.18c433bdb7e76@rly-yb03.mx.aol.com>

 

For the past few days, I've been getting several of these messages each day. It started happening after a worm called Winexec.exe downloaded itself into my system. However, I completely deleted it with Microsoft AntiSpyware. I also ran a check with Symantec AntiVirus Corporate Edition. I can't find any traces of the worm in my computer.

 

Even if the worm was still in my computer, it shouldn't be able to send e-mail to other people. I use ZoneAlarm Pro, which should block any outgoing e-mail that is from a worm. Therefore, I don't think these messages are coming from the worm. Does anyone have any idea what is happening?

Posted

If you have a look at the headers you should be able to see from where the email originated. It is possible that another computer infected with some virus is transmitting emails using your email adress as the sender or as the reply-to address and therefore they are being bounced back to yourself.

Posted

Yes, they are all from AOL.

 

It looks like the message originated from warwick.net. Why is the computer infected with the virus using my e-mail address? How do I stop it?

Posted

Why? who knows.

 

How can you stop it: Contact the owner of the computer or their ISP.

 

Do you have a resolved IP address from the headers or just a domain which can be faked?

Posted

The reason the emails are from AOL is because (I assume) you are using AOL as your email service. This message is telling you that you are trying to send a message and it cannot reach the intended reciepient, often because the email addy doesn't exist or whatever. It's a known thing. The fact that you are receiving many of these and its not only after sending an email to a specific person makes it sound supicious.

 

So this winexe.exe is a "mass mailing worm" quote from http://securityresponse.symantec.com/avcenter/venc/data/w32.ainesey.a@mm.html this is why the email problem has occured. You realise that either everyone on your contact list will have recieved infected emails from you or every single one is being stopped by AOL, hence the many error messages you are getting.

 

I don't really care if symantec says it aint there anymore, if you are still getting a problem then there is still a cause for it!

 

You'll need a good virus scanner (I like the avast boot time scan personally).

 

If you can then a format might just be simpler than the hassle of finding/deleting viruses, then making sure they don't come back. For example I know my uncle had a virus that could avoid scans by hiding in the recycle bin. winXP Restore points are a common place for viruses to archive themselves, YT2095 once had one in the printer buffer, it can be a hassle basically! Format should remove everything. (I say should because I know someone who formated without formating the OS partition and the virus hid in the OS partition and thus survived the format... nasty bugger!)

 

http://virusscan.jotti.org/

is a good site if you a specific problematic file.

 

http://www.downloads.subratam.org/KillBox.zip

is quite useful, you can kill & delete a process.

 

NB: I misread the 1st post so I've just had to retype all of this, may be different if you loaded the page in the 1st 5secs after I typed the original message, sorry for my mistake, all sorted now! (thought you didn't realise you had a worm!)

Posted

No, I do not use AOL, or have an AOL e-mail address. I use Hotmail as my main e-mail address, and Yahoo as my company's e-mail address. However, all of these returned messages are from AOL. At first, I was only receiving them in my Hotmail e-mail address. However, I logged into my Yahoo e-mail account for the first time in weeks, and now I am receiving the returned AOL e-mails in that account too.

 

I removed all traces of the virus that entered my computer. In fact, the virus never even had a chance to install before my security system disabled it. The e-mails that are being sent to AOL users do not seem to be sent from my computer. None of the returned e-mails were sent to the people in my address book. In fact, I never even heard of any of the e-mail addresses that the original e-mails were sent to.

 

Does anybody have any other suggestions? Please let me know. Thanks.

Posted

It's a common ploy. I've seen these "returned e-mails" that look authentic, so you open the attachment because you can't remember sending it and...

 

Just ignore them. They'll go away after a while.

Posted
It's a common ploy. I've seen these "returned e-mails" that look authentic' date=' so you open the attachment because you can't remember sending it and...

 

Just ignore them. They'll go away after a while.[/quote']

 

Ok, thank you.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.