A Microsoft Office (Excel, Word) forum. OfficeFrustration

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Go Back   Home » OfficeFrustration forum » Microsoft Outlook » Outlook Express
Reload this Page Virus?
Site Map Home Register Authors List Search Today's Posts Mark Forums Read  

Virus?


« Previous Thread | Next Thread »

 
 
Thread Tools Display Modes
  #1  
Old December 5th, 2008, 06:34 PM posted to microsoft.public.windows.inetexplorer.ie6_outlookexpress
Nightsky
external usenet poster
  
Posts: 4
Default Virus?
I keep getting mail from a MAILER DAEMON that my message could not be
delivered.
The actual message displayed is in Spanish, and I never wrote or sent
such a message.
What can I do about this?

Here is the entire message and header:

X-Apparently-To: via 68.142.201.112; Fri, 05 Dec 2008
06:59:35 -0800
X-Originating-IP: [200.42.0.146]
Authentication-Results: mta122.sbc.mail.re3.yahoo.com
from=postino12.prima.com.ar; domainkeys=neutral (no sig)
Received: from 207.115.20.192 (EHLO flpi190.prodigy.net)
(207.115.20.192)
by mta122.sbc.mail.re3.yahoo.com with SMTP; Fri, 05 Dec 2008
06:59:33 -0800
X-Header-Overseas: Mail.from.Overseas.source.200.42.0.146
X-Originating-IP: [200.42.0.146]
Received: from postino12.prima.com.ar (postino12.prima.com.ar
[200.42.0.146])
by flpi190.prodigy.net (8.13.8 inb regex/8.13.8) with SMTP id
mB5ExVnM018151
for ; Fri, 5 Dec 2008 06:59:32 -0800
Message-Id:
Received: (qmail 3055 invoked for bounce); 5 Dec 2008 14:59:31 -0000
Date: 5 Dec 2008 14:59:31 -0000
From:
To:
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="1228489171postino12.prima.com.ar1816855"
Subject: failure notice

--1228489171postino12.prima.com.ar1816855

(postino12.prima.com.ar)
Su mensaje no pudo ser entregado - Sua mensagem nao pode ser enviada -
Your message could not be delivered.

:
Esta casilla ha expirado por falta de uso.

--- Mensaje original adjunto.

--1228489171postino12.prima.com.ar1816855
Content-Type: message/rfc822

Return-Path:
Received: (qmail 3032 invoked from network); 5 Dec 2008 14:59:31 -0000
Received: from unknown (HELO 200.42.0.146) (24.232.42.44)
by postino12.prima.com.ar with SMTP; 5 Dec 2008 14:59:31 -0000
Received: from (HELO fl2o) [124.238.237.155] by 200.42.0.146 id
v5snGt9dS628; Fri, 05 Dec 2008 10:54:32 -0400
Message-ID: j5t1-z9d81601ashd4ab@gsrn71xclg1x7
From: ""
Reply-To: ""
To:
Subject: Compramos su casa, departamento, local, etc.
Date: Fri, 05 Dec 2008 10:54:32 -0400
X-Mailer: eGroups Message Poster
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="D1EA_FD_._.0D_E7"
X-Priority: 3


--D1EA_FD_._.0D_E7
Content-Type: text/plain;
Content-Transfer-Encoding: quoted-printable

Compro su propiedad, pago en efectivo

Aproveche antes de que la crisis global se profundice para vender

Compro locales, oficinas, departamentos, casas, etc. solo en capital
feder=
al y gran buenos aires, interior abstenerse. En cualquier estado

Solo propiedades hasta US$100.000

Envienos en mail con el detalle de la propiedad que desea vender a
argenti=
 incluyendo toda la informacion posible

No responda este mail ya que no sera leido

=20

--D1EA_FD_._.0D_E7--


--1228489171postino12.prima.com.ar1816855--

  #2  
Old December 5th, 2008, 06:59 PM posted to microsoft.public.windows.inetexplorer.ie6_outlookexpress
NormanM[_2_]
external usenet poster
  
Posts: 75
Default Virus?
On Fri, 5 Dec 2008 13:34:22 -0500, Nightsky wrote:

I keep getting mail from a MAILER DAEMON that my message could not be
delivered.
The actual message displayed is in Spanish, and I never wrote or sent
such a message.
What can I do about this?

You can run a full suite of products designed to detect malware; but, if the
results are negative, you are probably the victim of forgery. Spammers like
to use actual email addresses they are not authorized to use to fake a
sender, as a way of fooling spam filters. They usually rotate the forged
email address, and this will pass. Other than filtering the "MAILER-DAEMON"
messages, and riding out the storm, you could either kill that account, or
just not do anything at all.

I've had a Yahoo! Mail account forged, and had spammers forge non-existent
users to my domain. It is just the nature of their nefarious business.

--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum
  #3  
Old December 5th, 2008, 07:02 PM posted to microsoft.public.windows.inetexplorer.ie6_outlookexpress
Michael Santovec
external usenet poster
  
Posts: 2,356
Default Virus?
Those can be one of 4 things:
1) Some spammer is sending the original messages and using your e-mail
address as the sender.
2) Someone else has a PC infected with a virus and the virus is sending
itself as the original message and using your e-mail address as the
sender.
3) The message is the virus itself, pretending to be a returned mail.
4) Your PC is infected with a virus and it has been sending itself. And
this is really a returned mail that your PC sent.

In cases 1, 2, and 3 above, the messages are not coming from your PC and
are not going through your e-mail account. There's nothing you can do
to prevent anyone from sending an e-mail with your e-mail address as the
From header, just as you can't prevent anyone from sending a postal mail
and putting your name and address as the return address. At this point
all you can do is filter out the messages. Your ISP may offer some
filtering at the mail server.

To make sure that case 4 above is not the cause, you should check your
PC with an updated anti-virus program.

From a quick look at the headers you supplied, it's most likely # 1.

--

Mike - http://pages.prodigy.net/michael_santovec/techhelp.htm



"Nightsky" wrote in message
...
I keep getting mail from a MAILER DAEMON that my message could not be
delivered.
The actual message displayed is in Spanish, and I never wrote or sent
such a message.
What can I do about this?

Here is the entire message and header:

X-Apparently-To: via 68.142.201.112; Fri, 05 Dec
2008 06:59:35 -0800
X-Originating-IP: [200.42.0.146]
Authentication-Results: mta122.sbc.mail.re3.yahoo.com
from=postino12.prima.com.ar; domainkeys=neutral (no sig)
Received: from 207.115.20.192 (EHLO flpi190.prodigy.net)
(207.115.20.192)
by mta122.sbc.mail.re3.yahoo.com with SMTP; Fri, 05 Dec 2008
06:59:33 -0800
X-Header-Overseas: Mail.from.Overseas.source.200.42.0.146
X-Originating-IP: [200.42.0.146]
Received: from postino12.prima.com.ar (postino12.prima.com.ar
[200.42.0.146])
by flpi190.prodigy.net (8.13.8 inb regex/8.13.8) with SMTP id
mB5ExVnM018151
for ; Fri, 5 Dec 2008 06:59:32 -0800
Message-Id:
Received: (qmail 3055 invoked for bounce); 5 Dec 2008 14:59:31 -0000
Date: 5 Dec 2008 14:59:31 -0000
From:
To:
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="1228489171postino12.prima.com.ar1816855"
Subject: failure notice

--1228489171postino12.prima.com.ar1816855

(postino12.prima.com.ar)
Su mensaje no pudo ser entregado - Sua mensagem nao pode ser enviada -
Your message could not be delivered.

:
Esta casilla ha expirado por falta de uso.

--- Mensaje original adjunto.

--1228489171postino12.prima.com.ar1816855
Content-Type: message/rfc822

Return-Path:
Received: (qmail 3032 invoked from network); 5 Dec 2008 14:59:31 -0000
Received: from unknown (HELO 200.42.0.146) (24.232.42.44)
by postino12.prima.com.ar with SMTP; 5 Dec 2008 14:59:31 -0000
Received: from (HELO fl2o) [124.238.237.155] by 200.42.0.146 id
v5snGt9dS628; Fri, 05 Dec 2008 10:54:32 -0400
Message-ID: j5t1-z9d81601ashd4ab@gsrn71xclg1x7
From: ""
Reply-To: ""
To:
Subject: Compramos su casa, departamento, local, etc.
Date: Fri, 05 Dec 2008 10:54:32 -0400
X-Mailer: eGroups Message Poster
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="D1EA_FD_._.0D_E7"
X-Priority: 3


--D1EA_FD_._.0D_E7
Content-Type: text/plain;
Content-Transfer-Encoding: quoted-printable

Compro su propiedad, pago en efectivo

Aproveche antes de que la crisis global se profundice para vender

Compro locales, oficinas, departamentos, casas, etc. solo en capital
feder=
al y gran buenos aires, interior abstenerse. En cualquier estado

Solo propiedades hasta US$100.000

Envienos en mail con el detalle de la propiedad que desea vender a
argenti=
 incluyendo toda la informacion posible

No responda este mail ya que no sera leido

=20

--D1EA_FD_._.0D_E7--


--1228489171postino12.prima.com.ar1816855--


  #4  
Old December 5th, 2008, 08:55 PM posted to microsoft.public.windows.inetexplorer.ie6_outlookexpress
PA Bear [MS MVP]
external usenet poster
  
Posts: 2,690
Default Virus?
Delete any such messages, unopened and unread.

Nightsky wrote:
I keep getting mail from a MAILER DAEMON that my message could not be
delivered.
The actual message displayed is in Spanish, and I never wrote or sent
such a message.
What can I do about this?

Here is the entire message and header:

X-Apparently-To: via 68.142.201.112; Fri, 05 Dec 2008
06:59:35 -0800
X-Originating-IP: [200.42.0.146]
Authentication-Results: mta122.sbc.mail.re3.yahoo.com
from=postino12.prima.com.ar; domainkeys=neutral (no sig)
Received: from 207.115.20.192 (EHLO flpi190.prodigy.net)
(207.115.20.192)
by mta122.sbc.mail.re3.yahoo.com with SMTP; Fri, 05 Dec 2008
06:59:33 -0800
X-Header-Overseas: Mail.from.Overseas.source.200.42.0.146
X-Originating-IP: [200.42.0.146]
Received: from postino12.prima.com.ar (postino12.prima.com.ar
[200.42.0.146])
by flpi190.prodigy.net (8.13.8 inb regex/8.13.8) with SMTP id
mB5ExVnM018151
for ; Fri, 5 Dec 2008 06:59:32 -0800
Message-Id:
Received: (qmail 3055 invoked for bounce); 5 Dec 2008 14:59:31 -0000
Date: 5 Dec 2008 14:59:31 -0000
From:
To:
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="1228489171postino12.prima.com.ar1816855"
Subject: failure notice

--1228489171postino12.prima.com.ar1816855

(postino12.prima.com.ar)
Su mensaje no pudo ser entregado - Sua mensagem nao pode ser enviada -
Your message could not be delivered.

:
Esta casilla ha expirado por falta de uso.

--- Mensaje original adjunto.

--1228489171postino12.prima.com.ar1816855
Content-Type: message/rfc822

Return-Path:
Received: (qmail 3032 invoked from network); 5 Dec 2008 14:59:31 -0000
Received: from unknown (HELO 200.42.0.146) (24.232.42.44)
by postino12.prima.com.ar with SMTP; 5 Dec 2008 14:59:31 -0000
Received: from (HELO fl2o) [124.238.237.155] by 200.42.0.146 id
v5snGt9dS628; Fri, 05 Dec 2008 10:54:32 -0400
Message-ID: j5t1-z9d81601ashd4ab@gsrn71xclg1x7
From: ""
Reply-To: ""
To:
Subject: Compramos su casa, departamento, local, etc.
Date: Fri, 05 Dec 2008 10:54:32 -0400
X-Mailer: eGroups Message Poster
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="D1EA_FD_._.0D_E7"
X-Priority: 3


--D1EA_FD_._.0D_E7
Content-Type: text/plain;
Content-Transfer-Encoding: quoted-printable

Compro su propiedad, pago en efectivo

Aproveche antes de que la crisis global se profundice para vender

Compro locales, oficinas, departamentos, casas, etc. solo en capital
feder=
al y gran buenos aires, interior abstenerse. En cualquier estado

Solo propiedades hasta US$100.000

Envienos en mail con el detalle de la propiedad que desea vender a
argenti=
 incluyendo toda la informacion posible

No responda este mail ya que no sera leido

=20

--D1EA_FD_._.0D_E7--


--1228489171postino12.prima.com.ar1816855--
 



« Previous Thread | Next Thread »

Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Forum Jump


All times are GMT +1. The time now is 06:34 PM.

Feed Icon - Contact Us - OfficeFrustration excel & word help home - FAQ - Links - Privacy Statement - Top

Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright ©2004-2024 OfficeFrustration.
The comments are property of their posters.