PC Pals Forum
Technical Help & Discussion => Broadband, Networking, PC Security, Internet & ISPs => Topic started by: Barra on November 18, 2003, 12:28
-
I have been receiving emails with various headings including mailer-daemon saying that emails have failed to be delivered to recipients. Emails that I havn't sent. I'm getting 40-50 per day. Anyone else getting these?
I've checked through all updates for viruses in this thread for the past 2 months (thanks Clive and Simon) but have been unable to find any worm or virus that describes this- unless I'm missing the plot!- so I'm clueless as to how I can stop them. Any help appreciated, even from the blondes ;)
Example of content of these emails:-
Hi. This is the qmail-send program at mira.eclipse.net.uk.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.
<xxxxxxx@eclipse.co.uk>:
The users mailfolder is over the allowed quota (size).
--- Below this line is a copy of the message.
Return-Path: <xxxx@xxxxxxxx.co.uk>
Received: (qmail 18104 invoked from network); 18 Nov 2003 11:47:41 -0000
Received: from hyperion.eclipse.net.uk ([212.104.131.206]) (envelope-sender <xxx@xxxxx.co.uk>)
by mira.eclipse.net.uk (qmail-ldap-1.03) with SMTP
for <xxxxxxx@eclipse.co.uk>; 18 Nov 2003 11:47:41 -0000
Received: from h34.zynet2.co.uk (h34.zynet2.co.uk [212.24.80.34])
by hyperion.eclipse.net.uk (8.9.3/8.9.3) with ESMTP id LAA30685
for <xxxxxx@eclipse.co.uk>; Tue, 18 Nov 2003 11:52:13 GMT
Received: from cache.zyris.net (xaracom01.he.gxn.net [195.224.53.28])
by h34.zynet2.co.uk (8.11.6/8.9.3) with ESMTP id hAIBpfG27575
for <xxxxxxxx@cornwall-online.co.uk>; Tue, 18 Nov 2003 11:51:51 GMT
Received: from 62.121.115.86 (86-tor-8.acn.waw.pl [62.121.115.86])
by cache.zyris.net (8.11.6/8.11.6) with SMTP id hAIBpDW18781
for <xxxxxxxx@cornwall-online.co.uk>; Tue, 18 Nov 2003 11:51:22 GMT
To: <xxxxxxx@cornwall-online.co.uk>
From: "natalie" <xxxxxxxx@xxxxxxxxxx.co.uk>
Subject: Re: Re: my collection to trade iqtfzufwrcnjzxtctgklkwovhhumdbjwfnitnadennuzgmbvjeqnmrta
X-Priority: 3
Reply-To: xxxxx@xxxxxxxx.co.uk
Message-ID: <4.QTZxIeX@A8CpZN>
Date: Tue, 18 Nov 2003 19:51:26 +0700
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
X-MSMail-Priority: Normal
Mime-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_006_0031_UBNTVJTN.EDUDRRZF"
------=_NextPart_006_0031_UBNTVJTN.EDUDRRZF
Content-Type: text/plain;
charset="ISO-8859-1"
Content-Transfer-Encoding: 8 bit
------=_NextPart_006_0031_UBNTVJTN.EDUDRRZF
Content-Type: text/html;
charset="ISO-8859-1"
Content-Transfer-Encoding: 8 bit
I have blanked out part of email addresses to protect other users with xxxxxxxxx
/me removed the HTML code just in case someone was tempted to try it ::)
-
Sounds like your e-mail address could be being used remotely by a spammer, Barra. Not sure how to combat that, except by the obvious method of changing your e-mail address. I could also be barking up the wrong tree, so hopefully a proper techie might be able to help further.
-
I regularly get those too Barra, although not anywhere near as many as yourself. If I know that they are not genuine bounces, I have always assumed they must be a form of spam. 40-50 a day certainly seems as if a spammer has spoofed your address doesn't it? To be on the safe side, I would inform your ISP in case they accuse you of being a spammer and throw you off. I know that it's happened to other people in the past although I'm sure they are more aware of how spammers operate these days.
-
I would inform your ISP in case they accuse you of being a spammer and throw you off.
Done! Thanks Clive :)
-
so I'm clueless as to how I can stop them. Any help appreciated, even from the blondes ;)
Charming! :P - I've had lots of these too but same as clive no where near as many as you. The one's I get never seem like they are from any same organisation which is odd. I don't get the point in them myself. Its not like you are going to try and resend it?
-
I'll forward them all to you Chel. Wouldn't want you to feel left out. ;) :D
-
well I was thinking barra, at least it means you do at least get some emails :P ;)
-
Touche :P
-
:pmsl: :-*
-
Those 'bounces' are probably be the result of a virus/worm/trojan on someone else's machine which is busy either replicating, or relaying spam.
If you're pretty certain your machine is both clean and secure, then your address is likely to have been just picked at random from the address book on the infected machine(s). The spurious messages it's busy producing have spoofed your particular address to disguise their origin.
Email servers seldom distinguish between spoofed addresses and geuine ones, so a dodgy message will get bounced back to the spoofed address. Geddit? ;)
-
"Geddit?" By the bucket load. Would people suggest I get rid of this particular email address- which is my favorite personal address by the way- or will these spammers leave it alone after a while and pick on someone else?
-
I believe the traffic will drop to zero once the offending machine is sorted out. I certainly wouldn't get shot of your favourite address on account of this, Barra.
I've had these 'bounce' messages too. It's usually a short-lived phenomenon. Just zap them in Mailwasher and forget about it. Your ISP won't kill your account over such traffic. Hang in there mate. :)
-
I believe the traffic will drop to zero once the offending machine is sorted out. I certainly wouldn't get shot of your favourite address on account of this, Barra.
I've had these 'bounce' messages too. It's usually a short-lived phenomenon. Just zap them in Mailwasher and forget about it. Your ISP won't kill your account over such traffic. Hang in there mate. :)
Clear as mud :blonde:
-
Update:-
Since 9pm last night I have received 43 up until posting this morning @8.24 am. What I have now noticed is they ALL have attachments wheras previosly only a few had. The last 19 of tham were all from poatmaster@blueyonder.
The tide is not yet a trickle, in fact it's getting worse :'( :'(
-
Just wondering - you don't use mailwashers bounce feature do you?
Allegedly this can cause an increase in problems as you can tell a real bounce from a mailwasher generated one (due to the fact you usually won't be checking/bouncing your email at the same time as it's delivered - if delivery time != bounce time then probable mailwasher bounce)
However it does just sound as if your email address has appeared as the return in a junk email - this will pass after a few days.
The attachments you are getting wouldn't be a virus would they? In which case it may be worthwhile downloading one and checking the headers of the message to see the path it took before it was bounced to you. As this may give an indication of who has you in their address book and who also has an email virus on their system.
-
Cheers Dack. If I can work up the courage to download a possible virus I'll check it. I don't use mailwasher as I either couldn't get it to work with incredimail or couldn't be bothered-can't remember now! ;D
-
I use Mailwasher, and I can confirm it does work with Incredimail. You just have to set IM as your e-mail client in MW options.
I also believe that 'bouncing' is not always the best option, and I tend to just delete stuff I don't want to download. I'm having a problem at the moment, getting lots of spam e-mails from different '@yahoo' addresses. I bounced the first few, but then they started to increase, so now I'm just deleting them. I seem to remember someone else had a problem with '@yahoo' addresses, but I can't remember what the solution was. I probably get about 10 a day, which is nothing compared to the scale of Ade's problem, but annoying all the same.
-
Update:-
I've been waiting for one to turnup in my inbox all day but not had appeared. I thought great, they've gone away. Then I remembered I had used the message rules to block them and found 28 of them in my deleted folder. :-[ :(
I saved the attachments and found them to contain no viruses- opened 2 to make sure- but found a link to a porn site in email+link form and also a dat file. So I'm no wiser.
-
Mrs Clive received a pile of .dat files from a reliable source the other day but couldn't open them with any of the software programs she has on her PC. All I could find when I did a Google search were references to antivirus software which wasn't particularly helpful. Then, in a stroke of genius, she transferred them to her Apple laptop and they turned out to be AppleWorks files which all opened without any problem.
-
Right I'll nip out and buy a laptop then! ;D
-
Update now i can get back on site due to lost paasword.
This little problem has resolved itself. :D
Now I have another little problem instead. >:( :(
I was receiving emails that were opening ie windows that wouldn't close even by using the ctrl,alt del. These popups happened even while running popup stopper and Norton.
My homepage was hijacked to a websearch engine. I won't put the url in in case it hits your pcs as well. This was only a minor problem. The real problem was that it has created a new toolbar called "eannllufafa". This appears as a search window and icons for various sites. I keep unticking it from view-toolbars but each time I open a new window or visit a new site in same window it reappeared. I even "upgraded"-and I use the term loosely :) to IE6 from 5.5.
So, has anyone any idea how to permanently get rid of it? And NO! Any suggestion of just installing a different browser- you listening Simon! >:( ;)- will be treated with the contempt it deserves.
I thank you my readers in advance :)
-
Install Spybot Search & Destroy (http://www.safer-networking.org/), Barra. Then let us know how it goes, would you? ;)
-
There is a way in REGEDIT to delete it but I cant think where I started from or the path I followed to do it when I had a similar problem :(
-
Spybot should set the 'kill bit' in the registry if everything works according to plan.
-
And NO! Any suggestion of just installing a different browser- you listening Simon! - will be treated with the contempt it deserves.
(https://www.pc-pals.com/smf/proxy.php?request=http%3A%2F%2Fwww.apax34.dsl.pipex.com%2Fsmileys%2Fwhome.gif&hash=f38c163333b61f0ea4f52c23e34600474c53ad19) (https://www.pc-pals.com/smf/proxy.php?request=http%3A%2F%2Fwww.apax34.dsl.pipex.com%2Fsmileys%2Fwhistle.gif&hash=9e5e71f405724cdd90e1d3316f7c93e253e58822)
-
(https://www.pc-pals.com/smf/proxy.php?request=http%3A%2F%2Fwww.apax34.dsl.pipex.com%2Fsmileys%2Fwhome.gif&hash=f38c163333b61f0ea4f52c23e34600474c53ad19) (https://www.pc-pals.com/smf/proxy.php?request=http%3A%2F%2Fwww.apax34.dsl.pipex.com%2Fsmileys%2Fwhistle.gif&hash=9e5e71f405724cdd90e1d3316f7c93e253e58822)
:wahh: Yeah you! ;D
Install Spybot Search & Destroy, Barra. Then let us know how it goes, would you?
What am I, a guinea pig? ;)
-
Don't forget, with Spybot S&D you must run the online function to check for the latest detection information and then run Immunize before checking your PC for spyware :)
HTH
-
What's HTH? ???
-
What's HTH? ???
::) Hope this helps ::)
-
Ahhh! Not Hide The Hamster. ;D
-
:pmsl:
-
I think HTH stands for hopeless times happening.
I've tried everything from spybot,norton AV PCcillin,Zome Alarm and popup stopper. None of these have kept it at bay or got rid of it, and yes they are all up to date. Next suggestion plese, or failing that I will have to uninstall and hope that works. :(
-
Install and run Hijack this from tomcoyote.org/hjt/ (http://tomcoyote.org/hjt/)
Run, scan and post the log file here or over on http://forums.spywareinfo.com (http://forums.spywareinfo.com)
Wouldn't try and fix anything yet as it may be a new strain.
-
Fixed! :D
I actually risked going on to the site that created the search engine/toolbar and downloaded a program off it to remove it. I won't post the url on here in case it hijacks all you good folks pcs.
Thanks for all the help and suggestions.