Mail virus?, could not find any info on the web

Get the latest on wired & wireless, talk network setups, get help with connectivity problems, web hosts, etc.
Post Reply
ashantyk
n00b
Posts: 2
Joined: Sat Jan 22, 2011 6:03 pm

Mail virus?, could not find any info on the web

Post by ashantyk » Sat Jan 22, 2011 6:15 pm

i caught my computer sending mails with link to a file on hotfile.com, and i can't figure out how to stop it.

one of the mails looks like this:

failure notice
...
From:
"MAILER-DAEMON@yahoo.com" <MAILER-DAEMON@yahoo.com> [Chat now]
...
Add to Contacts
To: [MY_EMAIL]
Hi. This is the qmail-send program at yahoo.com.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.

[EMAIL]:
Sorry, I couldn't find any host named grandiosul.com. (#5.1.2)

[EMAIL]:
74.54.218.98 does not like recipient.
Remote host said: 550 No Such User Here
Giving up on 74.54.218.98.

[EMAIL]:
Sorry, I couldn't find any host by that name. (#4.1.2)
I'm not going to try again; this message has been in the queue too long.

--- Below this line is a copy of the message.

Return-Path: [MY_EMAIL]
Received: (qmail 25108 invoked by uid 60001); 21 Jan 2011 20:00:32 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1295640032; bh=X6hh0LQ0nRBnmkzGpxh6aST2E19Ufhn/IS6v/e0wqiM=; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:To:MIME-Version:Content-Type; b=tjUe+iFTNU8kvo9Yn6iSTBuu2OpBP4xVAjz6WloRfAX9mWUePpSdmE7qZSnoyrYpIc4TqGHh6ZbdSR67wD5Le7lqcRhGDVa/Y74HtqejTvUmF3PkXhGXsRsY8aEiqMp5Kz3eqkQDGhPIu+oktaMYLUGhWESB0eAiblqCB5CC1PA=
DomainKey-Signature:a=rsa-sha1; q=dns; c=nofws;
s=s1024; d=yahoo.com;
h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:To:MIME-Version:Content-Type;
b=LwT5mwfKgHYDPLzFt1YjKnEp5VExBgiTjH7pAjEt9RyzBvWyJwv6BEkL9abzngEE8joxBNIDfQcQXw1QAAH3qfYqYg5NQG+LefN2TetAGxUKj0XXbvYlSxkhytuLhBXgubGrbG8tv/zQQmi3AmcD7EAlwBf7x1Ar5axEihOLVto=;
Message-ID: <718904.24802.qm@web120614.mail.ne1.yahoo.com>
X-YMail-OSG: .WhhUI8VM1n8BxAB3rXYVSONN0rJaRfIoiHeEzK36L2V6St
EFmvQm7H4gw3t_URkBQIQYDcKsBNycwhwkJ3b10WcULaX1UrRb7Rfc3e_eQQ
d2_yn_Ty3YKpwhDyNBFOF.Cj.kAVQg8dB8WkGwCPDgRGMZ9Nk40uvHOMQ_Xd
2T6WIWF30JzeY0tVOv2zz07Or5tCTI6DiXCSx1DnlDNn62Qj1W99GsJrikti
j7MKloSaMrCavAFf_xwzekTlCDG_Xe_Km7VVHTphLb0aR3HTlwvHmrWcz
Received: from [201.27.215.145] by web120614.mail.ne1.yahoo.com via HTTP; Fri, 21 Jan 2011 12:00:32 PST
X-Mailer: YahooMailWebService/0.8.107.285259
Date: Fri, 21 Jan 2011 12:00:32 -0800 (PST)
From: [MY_EMAIL]
To: [EMAILS]
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="0-1038970468-1295640032=:24802"

--0-1038970468-1295640032=:24802
Content-Type: text/plain; charset=us-ascii

http://hotfile.com/dl/98467726/18637f5/bounty.exe.html



--0-1038970468-1295640032=:24802
Content-Type: text/html; charset=us-ascii

<table cellspacing="0" cellpadding="0" border="0"><tr><td valign="top" style="font: inherit;"><div>http://hotfile.com/dl/98467726/18637f5/ ... /table><br>


--0-1038970468-1295640032=:24802--

User avatar
Cool_Fire
Not a sandwich
Posts: 1912
Joined: Fri May 09, 2003 1:20 pm
Location: 41 6d 73 74 65 72 64 61 6d
Contact:

Re: Mail virus?, could not find any info on the web

Post by Cool_Fire » Mon Jan 24, 2011 9:44 am

The best thing to do is to shut down your machine and run antivirus on the disk from either a live medium or from a different machine.

If this is not an option, follow steps below:
1. Close the outbound port it's using to send email. (If your firewall supports this.) This will stop it from sending mail instantly, thus preventing you for being on every spam list on the planet.

2. Download some antivirus (clamwin is pretty decent and free) / anti spam software (something like ad-aware is usually pretty good)

3. Reboot your computer into safe mode (google how to do this if you don't know how) and run the antivirus / anti spam software.
If we're breaking the rules, then how come you can't catch us? You can't find us? I know why. Cause, it's ... MAGIC!
Hackerthreads chat, where the party is going 24/7.

ashantyk
n00b
Posts: 2
Joined: Sat Jan 22, 2011 6:03 pm

Re: Mail virus?, could not find any info on the web

Post by ashantyk » Mon Jan 24, 2011 10:35 am

i have nod32 v4 antivirus and did not detected anything....
plus, i don't think the email's where being sent from my PC (those headers do not contain my IP + my ISP blocks the STMP port)

PS: i reinstalled my OS and now it's over, but i still want to know what happened, where the virus/trojan came from

User avatar
Cool_Fire
Not a sandwich
Posts: 1912
Joined: Fri May 09, 2003 1:20 pm
Location: 41 6d 73 74 65 72 64 61 6d
Contact:

Re: Mail virus?, could not find any info on the web

Post by Cool_Fire » Mon Jan 24, 2011 3:44 pm

Well, if you've formatted the disk and reinstalled the OS, it's going to be pretty hard to trace where it came from really.
And as for your ISP blocking the mail port, I'm guessing that's only going to be inbound, since otherwise you'd not be able to send email.
If we're breaking the rules, then how come you can't catch us? You can't find us? I know why. Cause, it's ... MAGIC!
Hackerthreads chat, where the party is going 24/7.

weilacher
n00b
Posts: 2
Joined: Fri Feb 18, 2011 2:16 am

Re: Mail virus?, could not find any info on the web

Post by weilacher » Mon Feb 21, 2011 1:01 am

You should update your antivirus to see if the mail virus could be detected. If it doesn’t then you should try some other antivirus. Try deleting emails that you don’t know, some ads emails.
Website and Webdesign in indianapolis seo and indiana seo Internet

Post Reply