[TheForge] problem (computer)

Bill Alleman [email protected]
Fri Aug 22 13:19:00 2003 

[email protected] wrote:

 > Hey folks I have this problem where for the last couple days I have
 > been getting a whole lot of returned mail that went out to folks from
 > my screen name but to folks I have no idea who they are.Now there is
 > an obvious virous attached to it but a scan of my computer says no
 > virous and it is a new anti virous program and is updated.I can't
 > remember what the virous was called but some of them were bounced back
 > to me because where they were going had an antivirous scan that just
 > sent them back again.Now I have changed all my passwords
 > and things seemed to have slowed but they are still trickling back to
 > me.Any thoughts out there.
 > Don't worry this one came from internet on line and not the home=20
computer


It's virtually guaranteed you had absolutely nothing to do with it,=20
other than having a clueless friend. Many viruses of recent vintage (not=20
just Sobig) forge the From: field with an address the virus finds=20
somewhere on the newly infected computer, in the address book, in Word=20
docs, in html docs in cache, etc.

Almost certainly, someone who has your address somewhere on their pc=20
opened an infected attachment, and the virus chose you to blame. That=20
person also knows all those people in the To: fields, and it's likely=20
you're one of them, as well. It's now slowing because the virus ran out=20
of addresses on that pc. Keep your fingers crossed that someone you both=20
know doesn't open it, and you get picked again...

About the best you can hope is to scan the headers for the originating=20
domain. If you're lucky, you'll say, "Ah-ha! I know who's got an account=20
at that little ISP!" Call them, ask them if they know so-and-so in the=20
To: field, and then tell them to STOP OPENING ATTACHMENTS (or at least=20
verify that the person in the From: field actually sent it -- to them,=20
on purpose -- before they do)!

It's ALWAYS more complicated, but becoming familiar with the myriad file=20
extensions that denote potentially unsafe executables couldn't hurt,=20
either (e.g., txt or jpg files are safe, pif or scr are not, doc is ok=20
if opened in something that doesn't support macros, like Notepad or=20
Wordpad -- and make sure the extension you're looking at is the absolute=20
last one in the filename: no hidden extensions). If one must, save the=20
file to disk (rather than opening it), then scan it with your AV=20
software. Oh, and keep your virus definition files updated and your=20
powder dry...
--=20

   BikerBill=3D-                 =A9=BF=A9=AC
    allemanse.com=3D-