Canreef Aquatics Bulletin Board

Canreef Aquatics Bulletin Board (http://www.canreef.com/vbulletin/index.php)
-   Lounge (http://www.canreef.com/vbulletin/forumdisplay.php?f=14)
-   -   email virus? (http://www.canreef.com/vbulletin/showthread.php?t=7742)

wayner 01-27-2004 04:29 PM

I got it too, called shimgapi.dll, I have Mcaffee scans e-mail & system, I did a system virus scan & it deleted 3 but could not delete the one above.

It resides in my C/windows/system 32, how do I get rid of it, it won't allow me to delete it?

Chad 01-27-2004 04:31 PM

My office here got a couple.. but so far nothing on my home email.

Chad 01-27-2004 04:32 PM

Quote:

Originally Posted by wayner
I got it too, called shimgapi.dll, I have Mcaffee scans e-mail & system, I did a system virus scan & it deleted 3 but could not delete the one above.

It resides in my C/windows/system 32, how do I get rid of it, it won't allow me to delete it?

Follow the instructions in this link

http://securityresponse.symantec.com...varg.a@mm.html

Samw 01-28-2004 12:04 AM

Ah crap. It apears that someone has been able to hijack my Linux mail server and send emails to people and make it appear to be coming from me.

Chad 01-28-2004 12:09 AM

That sucks.. tho I thought this virus could not infect the linux OS? A different virus?

Samw 01-28-2004 12:16 AM

Oops. Scratch that. It isn't doing what I thought it was doing. It turns out that I have added some procmail rules on my Linux account to filter Email with program attachments.

:lol:

So whenever someone with an infected computer tries to send me an Email with an attachment, I send a message back telling them that I don't accept program attachments. So no one has hijacked me. :lol: I had thought that because I started getting copies of empty messages with the email address of the person who tried to send me the virus. So I thought someone was hijacking my computer to send outbound Email. Not the case.

But I do know who has the infected computer trying to infect me though.

Aquattro 01-28-2004 02:00 AM

Quote:

Originally Posted by Samw

But I do know who has the infected computer trying to infect me though.

You did notify them, right?

EmilyB 01-28-2004 02:20 AM

It's not me :lol:

AJ_77 01-28-2004 02:44 AM

Quote:

Originally Posted by EmilyB
some people have gotten an emai from me, including myself, even thought I do not have their emails on my system.

Apparently someone else had your email address on their system, and now the worm is spoofing your address as the "from".

From the Symantec site:
Quote:

Attempts to send email messages using its own SMTP engine. The worm looks up the mail server that the recipient uses before sending the email. If it is unsuccessful, it will use the local mail server instead.


The email will have the following characteristics:

From: May be a spoofed from address.

So even though your updated antivirus software may have caught them all, Deb (as mine seems to have), you may still get msgs back from "Mailer-Daemon" and "Mail Subsystem" at other ISPs because they are sending it back to you. Don't sweat it, you're likely fine.

Kind of freaky though... "Hey, I didn't send that! Did I??..."

Aquattro 01-28-2004 02:46 AM

Right. The from feild is spoofed, therefore it gets sent back to you. I've gotten so many back it isn't funny anymore. The headers indicated the source IP of some, so I did send a PM to that person.
Even though your system is clean, you can still get these non delivery reports.


All times are GMT. The time now is 11:08 PM.

Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.