i caught my computer sending mails with link to a file on hotfile.com, and i can't figure out how to stop it.
one of the mails looks like this:
failure notice
...
From:
"MAILER-DAEMON@yahoo.com" <MAILER-DAEMON@yahoo.com> [Chat now]
...
Add to Contacts
To: [MY_EMAIL]
Hi. This is the qmail-send program at yahoo.com.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.
[EMAIL]:
Sorry, I couldn't find any host named grandiosul.com. (#5.1.2)
[EMAIL]:
74.54.218.98 does not like recipient.
Remote host said: 550 No Such User Here
Giving up on 74.54.218.98.
[EMAIL]:
Sorry, I couldn't find any host by that name. (#4.1.2)
I'm not going to try again; this message has been in the queue too long.
--- Below this line is a copy of the message.
Return-Path: [MY_EMAIL]
Received: (qmail 25108 invoked by uid 60001); 21 Jan 2011 20:00:32 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1295640032; bh=X6hh0LQ0nRBnmkzGpxh6aST2E19Ufhn/IS6v/e0wqiM=; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:To:MIME-Version:Content-Type; b=tjUe+iFTNU8kvo9Yn6iSTBuu2OpBP4xVAjz6WloRfAX9mWUePpSdmE7qZSnoyrYpIc4TqGHh6ZbdSR67wD5Le7lqcRhGDVa/Y74HtqejTvUmF3PkXhGXsRsY8aEiqMp5Kz3eqkQDGhPIu+oktaMYLUGhWESB0eAiblqCB5CC1PA=
DomainKey-Signature:a=rsa-sha1; q=dns; c=nofws;
s=s1024; d=yahoo.com;
h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:To:MIME-Version:Content-Type;
b=LwT5mwfKgHYDPLzFt1YjKnEp5VExBgiTjH7pAjEt9RyzBvWyJwv6BEkL9abzngEE8joxBNIDfQcQXw1QAAH3qfYqYg5NQG+LefN2TetAGxUKj0XXbvYlSxkhytuLhBXgubGrbG8tv/zQQmi3AmcD7EAlwBf7x1Ar5axEihOLVto=;
Message-ID: <718904.24802.qm@web120614.mail.ne1.yahoo.com>
X-YMail-OSG: .WhhUI8VM1n8BxAB3rXYVSONN0rJaRfIoiHeEzK36L2V6St
EFmvQm7H4gw3t_URkBQIQYDcKsBNycwhwkJ3b10WcULaX1UrRb7Rfc3e_eQQ
d2_yn_Ty3YKpwhDyNBFOF.Cj.kAVQg8dB8WkGwCPDgRGMZ9Nk40uvHOMQ_Xd
2T6WIWF30JzeY0tVOv2zz07Or5tCTI6DiXCSx1DnlDNn62Qj1W99GsJrikti
j7MKloSaMrCavAFf_xwzekTlCDG_Xe_Km7VVHTphLb0aR3HTlwvHmrWcz
Received: from [201.27.215.145] by web120614.mail.ne1.yahoo.com via HTTP; Fri, 21 Jan 2011 12:00:32 PST
X-Mailer: YahooMailWebService/0.8.107.285259
Date: Fri, 21 Jan 2011 12:00:32 -0800 (PST)
From: [MY_EMAIL]
To: [EMAILS]
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="0-1038970468-1295640032=:24802"
--0-1038970468-1295640032=:24802
Content-Type: text/plain; charset=us-ascii
http://hotfile.com/dl/98467726/18637f5/bounty.exe.html
--0-1038970468-1295640032=:24802
Content-Type: text/html; charset=us-ascii
<table cellspacing="0" cellpadding="0" border="0"><tr><td valign="top" style="font: inherit;"><div>http://hotfile.com/dl/98467726/18637f5/ ... /table><br>
--0-1038970468-1295640032=:24802--
Mail virus?, could not find any info on the web
-
- n00b
- Posts: 2
- Joined: Sat Jan 22, 2011 6:03 pm
- Cool_Fire
- Not a sandwich
- Posts: 1912
- Joined: Fri May 09, 2003 1:20 pm
- Location: 41 6d 73 74 65 72 64 61 6d
- Contact:
Re: Mail virus?, could not find any info on the web
The best thing to do is to shut down your machine and run antivirus on the disk from either a live medium or from a different machine.
If this is not an option, follow steps below:
1. Close the outbound port it's using to send email. (If your firewall supports this.) This will stop it from sending mail instantly, thus preventing you for being on every spam list on the planet.
2. Download some antivirus (clamwin is pretty decent and free) / anti spam software (something like ad-aware is usually pretty good)
3. Reboot your computer into safe mode (google how to do this if you don't know how) and run the antivirus / anti spam software.
If this is not an option, follow steps below:
1. Close the outbound port it's using to send email. (If your firewall supports this.) This will stop it from sending mail instantly, thus preventing you for being on every spam list on the planet.
2. Download some antivirus (clamwin is pretty decent and free) / anti spam software (something like ad-aware is usually pretty good)
3. Reboot your computer into safe mode (google how to do this if you don't know how) and run the antivirus / anti spam software.
If we're breaking the rules, then how come you can't catch us? You can't find us? I know why. Cause, it's ... MAGIC!
Hackerthreads chat, where the party is going 24/7.
Hackerthreads chat, where the party is going 24/7.
-
- n00b
- Posts: 2
- Joined: Sat Jan 22, 2011 6:03 pm
Re: Mail virus?, could not find any info on the web
i have nod32 v4 antivirus and did not detected anything....
plus, i don't think the email's where being sent from my PC (those headers do not contain my IP + my ISP blocks the STMP port)
PS: i reinstalled my OS and now it's over, but i still want to know what happened, where the virus/trojan came from
plus, i don't think the email's where being sent from my PC (those headers do not contain my IP + my ISP blocks the STMP port)
PS: i reinstalled my OS and now it's over, but i still want to know what happened, where the virus/trojan came from
- Cool_Fire
- Not a sandwich
- Posts: 1912
- Joined: Fri May 09, 2003 1:20 pm
- Location: 41 6d 73 74 65 72 64 61 6d
- Contact:
Re: Mail virus?, could not find any info on the web
Well, if you've formatted the disk and reinstalled the OS, it's going to be pretty hard to trace where it came from really.
And as for your ISP blocking the mail port, I'm guessing that's only going to be inbound, since otherwise you'd not be able to send email.
And as for your ISP blocking the mail port, I'm guessing that's only going to be inbound, since otherwise you'd not be able to send email.
If we're breaking the rules, then how come you can't catch us? You can't find us? I know why. Cause, it's ... MAGIC!
Hackerthreads chat, where the party is going 24/7.
Hackerthreads chat, where the party is going 24/7.
-
- n00b
- Posts: 2
- Joined: Fri Feb 18, 2011 2:16 am
Re: Mail virus?, could not find any info on the web
You should update your antivirus to see if the mail virus could be detected. If it doesn’t then you should try some other antivirus. Try deleting emails that you don’t know, some ads emails.
Website and Webdesign in indianapolis seo and indiana seo Internet