Help identifying virus

  • Thread starter Thread starter HeyBub
  • Start date Start date
H

HeyBub

Guest
I get an email. Almost instantly another email "arrives" with the same

subject but containing the following text:



--- begin quote

Hello



How are you doing recently?



I would like to introduce you a very good company which i knew. Their



website is www.ebakm.com They can offer



you all kinds of electronical products which you need,like Laptops ,GPS ,TV

LCD,Cell Phones,PS3,MP3/4,Watch etc........



Please take some time to have a check ,there must be something you 'd like

to purchase .



Hope you have a good mood in shopping from their company !



Best Regards!!!



--- end quote







I suspect it's a virus existing locally because the headers make no sense

and SpamCop agrees that the header is incomplete/missing.







Resident Avast has never complained and online scanning by both McCaffee and

another found nothing.







It's a mystery.







Thanks for your help.
 
From: "HeyBub"



| I get an email. Almost instantly another email "arrives" with the same

| subject but containing the following text:



| --- begin quote

| Hello



| How are you doing recently?



| I would like to introduce you a very good company which i knew. Their



| website is www.ebakm.com They can offer



| you all kinds of electronical products which you need,like Laptops ,GPS ,TV

| LCD,Cell Phones,PS3,MP3/4,Watch etc........



| Please take some time to have a check ,there must be something you 'd like

| to purchase .



| Hope you have a good mood in shopping from their company !



| Best Regards!!!



| --- end quote







| I suspect it's a virus existing locally because the headers make no sense

| and SpamCop agrees that the header is incomplete/missing.

| Resident Avast has never complained and online scanning by both McCaffee and

| another found nothing.



| It's a mystery.

| Thanks for your help.





It's spam.



Either post the headers (obfuscating personal information) or just delete it and forget

about it.



--

Dave

http://www.claymania.com/removal-trojan-adware.html

Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
 
David H. Lipman wrote:

> From: "HeyBub"

>

>> I get an email. Almost instantly another email "arrives" with the

>> same subject but containing the following text:

>

>> --- begin quote

>> Hello

>

>> How are you doing recently?

>

>> I would like to introduce you a very good company which i knew. Their

>

>> website is www.ebakm.com They can offer

>

>> you all kinds of electronical products which you need,like Laptops

>> ,GPS ,TV LCD,Cell Phones,PS3,MP3/4,Watch etc........

>

>> Please take some time to have a check ,there must be something you

>> 'd like to purchase .

>

>> Hope you have a good mood in shopping from their company !

>

>> Best Regards!!!

>

>> --- end quote

>

>

>

>> I suspect it's a virus existing locally because the headers make no

>> sense and SpamCop agrees that the header is incomplete/missing.

>> Resident Avast has never complained and online scanning by both

>> McCaffee and another found nothing.

>

>> It's a mystery.

>> Thanks for your help.

>

>

> It's spam.

>

> Either post the headers (obfuscating personal information) or just

> delete it and forget about it.



Of course it's spam, but not really inasmuch as it wasn't sent as an email.

To restate the circumstances of its appearence:



I get an email from a known source, then, almost instantly, another email

"arrives" with exactly the same subject line as the righteous email but

containing the aformentioned text as the body.



The headers (probably) won't help. Here is a complete header, for what it's

worth:



--- begin "header"

Date: Mon, 8 Feb 2010 07:46:57 -0800

From: "(xxxxxx)"

To: campaign@proflowers.com

Message-ID:

Subject: Hello Re: Thank you for your ProFlowers order: xxxxxxxx

MIME-Version: 1.0

Content-Type: text/plain; charset=ISO-8859-1

Content-Transfer-Encoding: 7bit

Content-Disposition: inline

Precedence: bulk

X-Autoreply: yes

--- end header



I get one of these on about half the legit emails. So far I haven't

established a pattern.
 
Create a Message Rule that will automatically move such messages to Deleted

Items folder and mark it as Read. Then delete the message(s) without opening

them (of course).



Message Rules Tips

http://www.insideoe.com/tips/rules.htm



Why doesn't my rule work?

http://www.insideoe.com/faqs/why.htm#rules



HeyBub wrote:

> I get an email. Almost instantly another email "arrives" with the same

> subject but containing the following text:

>

> --- begin quote

> Hello

>

> How are you doing recently?

>

> I would like to introduce you a very good company which i knew. Their

>

> website is www.ebakm.com They can offer

>

> you all kinds of electronical products which you need,like Laptops ,GPS

> ,TV

> LCD,Cell Phones,PS3,MP3/4,Watch etc........

>

> Please take some time to have a check ,there must be something you 'd like

> to purchase .

>

> Hope you have a good mood in shopping from their company !

>

> Best Regards!!!

>

> --- end quote

>

>

>

> I suspect it's a virus existing locally because the headers make no sense

> and SpamCop agrees that the header is incomplete/missing.

>

>

>

> Resident Avast has never complained and online scanning by both McCaffee

> and

> another found nothing.

>

>

>

> It's a mystery.

>

>

>

> Thanks for your help.
 
PA Bear [MS MVP] wrote:

> Create a Message Rule that will automatically move such messages to

> Deleted Items folder and mark it as Read. Then delete the message(s)

> without opening them (of course).

>

> Message Rules Tips

> http://www.insideoe.com/tips/rules.htm

>

> Why doesn't my rule work?

> http://www.insideoe.com/faqs/why.htm#rules

>



Thanks for the advice. I can already get rid of them. My question is not

what to do with these oddball messages when they "arrive," but what causes

them in the first place.
 
It is definitely a spam as David Lippy has authoritatively stated. I

shall add that these spammers always send out probes to see if the

account exists. The messages are generally blank or with nothing in it.



The best thing is to open it (no as pig-bear says not to open it) with a

view to finding out their tricks, which changes almost daily. What you

mustn't do, however, is to reply to them or even to complain to their

ISP because some ISPs are so stupid that they send the entire message of

complaints (including your headers and email address) to the spammer and

this ensures they know you exist and you get more spams.



hth









HeyBub wrote:

>

> I get an email. Almost instantly another email "arrives" with the same

> subject but containing the following text:

>

> --- begin quote

> Hello

>

> How are you doing recently?

>

> I would like to introduce you a very good company which i knew. Their

>

> website is www.ebakm.com They can offer

>

> you all kinds of electronical products which you need,like Laptops ,GPS ,TV

> LCD,Cell Phones,PS3,MP3/4,Watch etc........

>

> Please take some time to have a check ,there must be something you 'd like

> to purchase .

>

> Hope you have a good mood in shopping from their company !

>

> Best Regards!!!

>

> --- end quote

>

> I suspect it's a virus existing locally because the headers make no sense

> and SpamCop agrees that the header is incomplete/missing.

>

> Resident Avast has never complained and online scanning by both McCaffee and

> another found nothing.

>

> It's a mystery.

>

> Thanks for your help.
 
HeyBub wrote:

> I get an email. Almost instantly another email "arrives" with the

> same subject but containing the following text:

>

> --- begin quote

> Hello

>

> How are you doing recently?

>

> I would like to introduce you a very good company which i knew.

> Their website is www.ebakm.com They can offer

> you all kinds of electronical products which you need,like Laptops

> ,GPS ,TV LCD,Cell Phones,PS3,MP3/4,Watch etc........

>

> Please take some time to have a check ,there must be something

> you'd like to purchase .

>

> Hope you have a good mood in shopping from their company !

> Best Regards!!!

> --- end quote

>

> I suspect it's a virus existing locally because the headers make no

> sense and SpamCop agrees that the header is incomplete/missing.

>

> Resident Avast has never complained and online scanning by both

> McCaffee and another found nothing.

>

> It's a mystery.

>

> Thanks for your help.





HeyBub wrote:

> I get an email from a known source, then, almost instantly, another

> email "arrives" with exactly the same subject line as the righteous

> email but containing the aformentioned text as the body.

>

> The headers (probably) won't help. Here is a complete header, for

> what it's worth:

>

> --- begin "header"

> Date: Mon, 8 Feb 2010 07:46:57 -0800

> From: "(xxxxxx)"

> To: campaign@proflowers.com

> Message-ID:

> Subject: Hello Re: Thank you for your ProFlowers order: xxxxxxxx

> MIME-Version: 1.0

> Content-Type: text/plain; charset=ISO-8859-1

> Content-Transfer-Encoding: 7bit

> Content-Disposition: inline

> Precedence: bulk

> X-Autoreply: yes

> --- end header

>

> I get one of these on about half the legit emails. So far I haven't

> established a pattern.





PA Bear [MS MVP] wrote:

> Create a Message Rule that will automatically move such messages to

> Deleted Items folder and mark it as Read. Then delete the

> message(s) without opening them (of course).

>

> Message Rules Tips

> http://www.insideoe.com/tips/rules.htm

>

> Why doesn't my rule work?

> http://www.insideoe.com/faqs/why.htm#rules



HeyBub wrote:

> Thanks for the advice. I can already get rid of them. My question

> is not what to do with these oddball messages when they "arrive,"

> but what causes them in the first place.



You have an Internet email address and actively receive email. Welcome to

the wonderful world of email.



What I would do is compare the valid full email header with the obvious spam

message that follows header and see where their pathing differs.



It is entirely plausible your system has a trojan/virus, your email provider

has one, the people sending the email have one or someone is doing an

excellent job sniffing a network somewhere down the line and putting in

words/phrases they can reproduce with a bot and emailing you.



Then again - you might be seeing something (a pattern) where none exists.

That's human nature.



--

Shenan Stanley

MS-MVP

--

How To Ask Questions The Smart Way

http://www.catb.org/~esr/faqs/smart-questions.html
 
Shenan Stanley wrote:



>It is entirely plausible your system has a trojan/virus,

>



Hey Antipodean,



How did you work this out? A trojan can perform the following operations:



* Use of the machine as part of a botnet (i.e. to

perform spamming or to perform

Distributed Denial-of-service (DDoS)

attacks)

* Data theft (e.g. passwords, credit card

information, etc.)

* Installation of software (including other malware)

* Downloading or uploading of files

* Modification or deletion of files

* Keystroke logging

* Viewing the user's screen

* Wasting computer storage space



Now HeyBoob has received completely innocent message offering:



"you all kinds of electronical products which you need, like Laptops

,GPS ,TV LCD,Cell Phones,PS3,MP3/4,Watch etc........"



There is no evidence that Heyboob's machine was used as part of botnet for spamming purpose nor any theft has taken place nor any software has been installed or performed any of the operations mentioned above.



It is completely ridiculous to suggest this without any evidence.



hth
 
HeyBub,



Apparently everyone else replying to you is either too lazy to read your

message, or simply doesn't understand what you're saying, so maybe I can

offer a few pointers.



Have you actually tried installing antivirus (MBAM, AVG) and running a full

scan of your system? What email client are you using? If it's Outlook (not

Express) have you tried checking to see what plugins you have loaded? It

sounds as though it may be some kind of malware that's installed itself as a

plugin and is thus duplicating the incoming emails.



If you are using Outlook, you could try using Outlook Express to receive

emails to see if the same behaviour is duplicated there. When configuring

your account options, tell it to leave a copy of the messages on the server

so that you don't end up with half your emails in one app and the other half

in the other.



If the same thing happens in OE, then the malware is either operating at an

OS level or possibly (but highly unlikely) some sort of hack has occurred on

your ISP.



Hope that helps,

Alex Clark













"HeyBub" wrote in message

news:eeqjH%23QqKHA.1948@TK2MSFTNGP05.phx.gbl...

>I get an email. Almost instantly another email "arrives" with the same

>subject but containing the following text:

>

> --- begin quote

> Hello

>

> How are you doing recently?

>

> I would like to introduce you a very good company which i knew. Their

>

> website is www.ebakm.com They can offer

>

> you all kinds of electronical products which you need,like Laptops ,GPS

> ,TV LCD,Cell Phones,PS3,MP3/4,Watch etc........

>

> Please take some time to have a check ,there must be something you 'd like

> to purchase .

>

> Hope you have a good mood in shopping from their company !

>

> Best Regards!!!

>

> --- end quote

>

>

>

> I suspect it's a virus existing locally because the headers make no sense

> and SpamCop agrees that the header is incomplete/missing.

>

>

>

> Resident Avast has never complained and online scanning by both McCaffee

> and another found nothing.

>

>

>

> It's a mystery.

>

>

>

> Thanks for your help.

>

>
 
Why do I keep getting adverts in my mailbox every week for stores &

businesses I've never heard of, that are hundreds of miles away from my home

and that I wouldn't patronize anyway?



Junk mail, be it snail mail or email, goes straight to the circular file,

unopened & unread.





HeyBub wrote:

> PA Bear [MS MVP] wrote:

>> Create a Message Rule that will automatically move such messages to

>> Deleted Items folder and mark it as Read. Then delete the message(s)

>> without opening them (of course).

>>

>> Message Rules Tips

>> http://www.insideoe.com/tips/rules.htm

>>

>> Why doesn't my rule work?

>> http://www.insideoe.com/faqs/why.htm#rules

>>

>

> Thanks for the advice. I can already get rid of them. My question is not

> what to do with these oddball messages when they "arrive," but what causes

> them in the first place.
 
PA Bear [MS MVP] wrote:

> Why do I keep getting adverts in my mailbox every week for stores &

> businesses I've never heard of, that are hundreds of miles away from

> my home and that I wouldn't patronize anyway?



You're missing his point...



1. He gets an email from a known source



2. He then gets SPAM with the *same subject* as the first - the one from the

known source.



--



dadiOH

____________________________



dadiOH's dandies v3.06...

....a help file of info about MP3s, recording from

LP/cassette and tips & tricks on this and that.

Get it at http://mysite.verizon.net/xico
 
HeyBub wrote:

> I get an email. Almost instantly another email "arrives" with the same

> subject but containing the following text:

>

> --- begin quote

> Hello

>

> How are you doing recently?







Is there a pattern vis a vis the first email and the second? For example,

the SPAM always follows legit mail from a specific person or IP...



--



dadiOH

____________________________



dadiOH's dandies v3.06...

....a help file of info about MP3s, recording from

LP/cassette and tips & tricks on this and that.

Get it at http://mysite.verizon.net/xico
 
Alex Clark wrote:

> HeyBub,

>

> Apparently everyone else replying to you is either too lazy to read

> your message, or simply doesn't understand what you're saying, so

> maybe I can offer a few pointers.

>

> Have you actually tried installing antivirus (MBAM, AVG) and running

> a full scan of your system? What email client are you using? If

> it's Outlook (not Express) have you tried checking to see what

> plugins you have loaded? It sounds as though it may be some kind of

> malware that's installed itself as a plugin and is thus duplicating

> the incoming emails.

> If you are using Outlook, you could try using Outlook Express to

> receive emails to see if the same behaviour is duplicated there. When

> configuring your account options, tell it to leave a copy of the

> messages on the server so that you don't end up with half your emails

> in one app and the other half in the other.

>

> If the same thing happens in OE, then the malware is either operating

> at an OS level or possibly (but highly unlikely) some sort of hack

> has occurred on your ISP.

>

> Hope that helps,

> Alex Clark

>

>



Thanks. The system has been scanned by three different AV tools.



I'm using Outlook (not express). I've checked the add-ins and see nothing

remotely suspicious.



I'll try the Outlook Express trick. Thanks.
 
dadiOH wrote:

> HeyBub wrote:

>> I get an email. Almost instantly another email "arrives" with the

>> same subject but containing the following text:

>>

>> --- begin quote

>> Hello

>>

>> How are you doing recently?

>

>

>

> Is there a pattern vis a vis the first email and the second? For

> example, the SPAM always follows legit mail from a specific person or

> IP...



No. The message always follows a legit email, but the original sender seems

to be irrelevant. I'm reluctant to call it "spam" because I'm pretty sure it

was not actually SENT by a spammer. I think it's being generated internally

to my computer and stuffed in my in-box.
 
It's not from a known source, it's from what looks to be a known source.

This is called spoofing.



dadiOH wrote:

> PA Bear [MS MVP] wrote:

>> Why do I keep getting adverts in my mailbox every week for stores &

>> businesses I've never heard of, that are hundreds of miles away from

>> my home and that I wouldn't patronize anyway?

>

> You're missing his point...

>

> 1. He gets an email from a known source

>

> 2. He then gets SPAM with the *same subject* as the first - the one from

> the

> known source.
 
PA Bear [MS MVP] wrote:

> It's not from a known source, it's from what looks to be a known

> source. This is called spoofing.



OP says...

"I get an email from a known source, then, almost instantly, another email

"arrives" with exactly the same subject line as the righteous email but

containing the aformentioned text as the body."



I took him at his word :)



dadiOH

____________



> dadiOH wrote:

>> PA Bear [MS MVP] wrote:

>>> Why do I keep getting adverts in my mailbox every week for stores &

>>> businesses I've never heard of, that are hundreds of miles away from

>>> my home and that I wouldn't patronize anyway?

>>

>> You're missing his point...

>>

>> 1. He gets an email from a known source

>>

>> 2. He then gets SPAM with the *same subject* as the first - the one

>> from the

>> known source.
 
HeyBub wrote:

> dadiOH wrote:

>> HeyBub wrote:

>>> I get an email. Almost instantly another email "arrives" with the

>>> same subject but containing the following text:

>>>

>>> --- begin quote

>>> Hello

>>>

>>> How are you doing recently?

>>

>>

>> Is there a pattern vis a vis the first email and the second? For

>> example, the SPAM always follows legit mail from a specific person or

>> IP...

>

> No. The message always follows a legit email, but the original sender seems

> to be irrelevant. I'm reluctant to call it "spam" because I'm pretty sure it

> was not actually SENT by a spammer. I think it's being generated internally

> to my computer and stuffed in my in-box.

>

>



It might be a bit tedious, but to confirm whether these spurious

messages are being generated locally or not, check the headers in your

inbox on your ISP's server without actually downloading anything. That

way you can see if messages with duplicate subjects are in fact arriving

at your ISP.



Some ISPs have a web interface to their POP3 mail. Or you might be able

to telnet into your inbox. Or use one of the various email removers that

work in a similar fashion (e.g., http://www.email-remover.com/index.htm)



--

Lem



Apollo 11 - 40 years ago:

http://www.nasa.gov/mission_pages/apollo/40th/index.html
 
HeyBub wrote:

>

> No. The message always follows a legit email, but the original sender seems

> to be irrelevant. I'm reluctant to call it "spam" because I'm pretty sure it

> was not actually SENT by a spammer. I think it's being generated internally

> to my computer and stuffed in my in-box.



Well in that case you can do only one thing and that will solve the

riddle once and for all.



1) Clone your HD and store it somewhere safe on an external drive;

2) Re-install the OS from scratch after formatting the HD;

3) Run your mail to see if the symptoms still persists;

4) If everything is OK then it is time to put back your cloned HD, and

this time copy only your main documents before wiping everything again.



The reason for doing this is to save time because if the problem is in

the mail server or at ISP then clearly there is no point in wiping

anything from the HD. However, if the problem is in the drive itself

then it is time to start all over again.



I believe, I am the only one to claim that Anti-virus, Anti-Malware

programs are NOT full proof to all evils on this land nor are they a

silver bullet solution to all computer problems.



hth
 
20100209 wrote:

> I believe, I am the only one to claim that Anti-virus, Anti-Malware

> programs are NOT full proof to all evils on this land nor are they a

> silver bullet solution to all computer problems.



Only because no one ever made the claim that you didn't make that I have

seen anyway. ;-)



--

Shenan Stanley

MS-MVP

--

How To Ask Questions The Smart Way

http://www.catb.org/~esr/faqs/smart-questions.html
 
Look at all the idiots in this newsgroup who post spoofing others. Do you

take their posts to be the real thing?



dadiOH wrote:

> PA Bear [MS MVP] wrote:

>> It's not from a known source, it's from what looks to be a known

>> source. This is called spoofing.

>

> OP says...

> "I get an email from a known source, then, almost instantly, another email

> "arrives" with exactly the same subject line as the righteous email but

> containing the aformentioned text as the body."

>

> I took him at his word :)

>

> dadiOH

> ____________

>

>> dadiOH wrote:

>>> PA Bear [MS MVP] wrote:

>>>> Why do I keep getting adverts in my mailbox every week for stores &

>>>> businesses I've never heard of, that are hundreds of miles away from

>>>> my home and that I wouldn't patronize anyway?

>>>

>>> You're missing his point...

>>>

>>> 1. He gets an email from a known source

>>>

>>> 2. He then gets SPAM with the *same subject* as the first - the one

>>> from the

>>> known source.
 
You must log in or register to reply here.
Back
Top