herme3 Posted September 29, 2005 Share Posted September 29, 2005 I have been receiving strange e-mails recently. The messages say: The original message was received at Thu, 29 Sep 2005 08:18:11 -0400 (EDT)from u1061246.ul.warwick.net [216.6.143.227] *** ATTENTION *** Your e-mail is being returned to you because there was a problem with its delivery. The address which was undeliverable is listed in the section labeled: "----- The following addresses had permanent fatal errors -----". The reason your mail is being returned to you is listed in the section labeled: "----- Transcript of Session Follows -----". The line beginning with "<<<" describes the specific reason your e-mail could not be delivered. The next line contains a second error message which is a general translation for other e-mail servers. Please direct further questions regarding this message to your e-mail administrator. --AOL Postmaster ----- The following addresses had permanent fatal errors ----- <onewyld68@aol.com> ----- Transcript of session follows ----- ... while talking to air-yb02.mail.aol.com.: >>> DATA <<< 554 TRANSACTION FAILED - Unrepairable Virus Detected. Your mail has not been sent. 554 <onewyld68@aol.com>... Service unavailable -------------------------------------------------------------------------------- Received: from aol.com (u1061246.ul.warwick.net [216.6.143.227]) by rly-yb03.mx.aol.com (v107.13) with ESMTP id MAILRELAYINYB36-18c433bdb7e76; Thu, 29 Sep 2005 08:18:07 -0400 From: nintendofunstuff@hotmail.com To: onewyld68@aol.com Subject: Re: Your product Date: Thu, 29 Sep 2005 06:49:17 -0400 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_NextPart_000_0005_00006B6F.00004D16" X-Priority: 3 X-MSMail-Priority: Normal X-AOL-IP: 216.6.143.227 X-AOL-SCOLL-SCORE: 0:2:374465557:10737418 X-AOL-SCOLL-URL_COUNT: 0 Message-ID: <200509290818.18c433bdb7e76@rly-yb03.mx.aol.com> For the past few days, I've been getting several of these messages each day. It started happening after a worm called Winexec.exe downloaded itself into my system. However, I completely deleted it with Microsoft AntiSpyware. I also ran a check with Symantec AntiVirus Corporate Edition. I can't find any traces of the worm in my computer. Even if the worm was still in my computer, it shouldn't be able to send e-mail to other people. I use ZoneAlarm Pro, which should block any outgoing e-mail that is from a worm. Therefore, I don't think these messages are coming from the worm. Does anyone have any idea what is happening? Link to comment Share on other sites More sharing options...
Klaynos Posted September 29, 2005 Share Posted September 29, 2005 If you have a look at the headers you should be able to see from where the email originated. It is possible that another computer infected with some virus is transmitting emails using your email adress as the sender or as the reply-to address and therefore they are being bounced back to yourself. Link to comment Share on other sites More sharing options...
Phi for All Posted September 29, 2005 Share Posted September 29, 2005 Are they all from AOL? Link to comment Share on other sites More sharing options...
herme3 Posted September 29, 2005 Author Share Posted September 29, 2005 Yes, they are all from AOL. It looks like the message originated from warwick.net. Why is the computer infected with the virus using my e-mail address? How do I stop it? Link to comment Share on other sites More sharing options...
Klaynos Posted September 29, 2005 Share Posted September 29, 2005 Why? who knows. How can you stop it: Contact the owner of the computer or their ISP. Do you have a resolved IP address from the headers or just a domain which can be faked? Link to comment Share on other sites More sharing options...
RICHARDBATTY Posted September 29, 2005 Share Posted September 29, 2005 Click Email - block unwanted Email - check use custom sender list - click the link at the side and put the senders info in the resulting window. Link to comment Share on other sites More sharing options...
5614 Posted October 2, 2005 Share Posted October 2, 2005 The reason the emails are from AOL is because (I assume) you are using AOL as your email service. This message is telling you that you are trying to send a message and it cannot reach the intended reciepient, often because the email addy doesn't exist or whatever. It's a known thing. The fact that you are receiving many of these and its not only after sending an email to a specific person makes it sound supicious. So this winexe.exe is a "mass mailing worm" quote from http://securityresponse.symantec.com/avcenter/venc/data/w32.ainesey.a@mm.html this is why the email problem has occured. You realise that either everyone on your contact list will have recieved infected emails from you or every single one is being stopped by AOL, hence the many error messages you are getting. I don't really care if symantec says it aint there anymore, if you are still getting a problem then there is still a cause for it! You'll need a good virus scanner (I like the avast boot time scan personally). If you can then a format might just be simpler than the hassle of finding/deleting viruses, then making sure they don't come back. For example I know my uncle had a virus that could avoid scans by hiding in the recycle bin. winXP Restore points are a common place for viruses to archive themselves, YT2095 once had one in the printer buffer, it can be a hassle basically! Format should remove everything. (I say should because I know someone who formated without formating the OS partition and the virus hid in the OS partition and thus survived the format... nasty bugger!) http://virusscan.jotti.org/ is a good site if you a specific problematic file. http://www.downloads.subratam.org/KillBox.zip is quite useful, you can kill & delete a process. NB: I misread the 1st post so I've just had to retype all of this, may be different if you loaded the page in the 1st 5secs after I typed the original message, sorry for my mistake, all sorted now! (thought you didn't realise you had a worm!) Link to comment Share on other sites More sharing options...
herme3 Posted October 5, 2005 Author Share Posted October 5, 2005 No, I do not use AOL, or have an AOL e-mail address. I use Hotmail as my main e-mail address, and Yahoo as my company's e-mail address. However, all of these returned messages are from AOL. At first, I was only receiving them in my Hotmail e-mail address. However, I logged into my Yahoo e-mail account for the first time in weeks, and now I am receiving the returned AOL e-mails in that account too. I removed all traces of the virus that entered my computer. In fact, the virus never even had a chance to install before my security system disabled it. The e-mails that are being sent to AOL users do not seem to be sent from my computer. None of the returned e-mails were sent to the people in my address book. In fact, I never even heard of any of the e-mail addresses that the original e-mails were sent to. Does anybody have any other suggestions? Please let me know. Thanks. Link to comment Share on other sites More sharing options...
Klaynos Posted October 5, 2005 Share Posted October 5, 2005 Contact the ISP of the original email. Link to comment Share on other sites More sharing options...
Dave Posted October 5, 2005 Share Posted October 5, 2005 It's a common ploy. I've seen these "returned e-mails" that look authentic, so you open the attachment because you can't remember sending it and... Just ignore them. They'll go away after a while. Link to comment Share on other sites More sharing options...
herme3 Posted October 5, 2005 Author Share Posted October 5, 2005 It's a common ploy. I've seen these "returned e-mails" that look authentic' date=' so you open the attachment because you can't remember sending it and... Just ignore them. They'll go away after a while.[/quote'] Ok, thank you. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now