email virus?

[wayner]

I got it too, called shimgapi.dll, I have Mcaffee scans e-mail & system, I did a system virus scan & it deleted 3 but could not delete the one above.

It resides in my C/windows/system 32, how do I get rid of it, it won't allow me to delete it?

[Chad]

My office here got a couple.. but so far nothing on my home email.

[Chad]

Quote:

Originally Posted by wayner

I got it too, called shimgapi.dll, I have Mcaffee scans e-mail & system, I did a system virus scan & it deleted 3 but could not delete the one above.

It resides in my C/windows/system 32, how do I get rid of it, it won't allow me to delete it?

Follow the instructions in this link

http://securityresponse.symantec.com...varg.a@mm.html

[Samw]

Ah crap. It apears that someone has been able to hijack my Linux mail server and send emails to people and make it appear to be coming from me.

[Chad]

That sucks.. tho I thought this virus could not infect the linux OS? A different virus?

[Samw]

Oops. Scratch that. It isn't doing what I thought it was doing. It turns out that I have added some procmail rules on my Linux account to filter Email with program attachments.



So whenever someone with an infected computer tries to send me an Email with an attachment, I send a message back telling them that I don't accept program attachments. So no one has hijacked me. I had thought that because I started getting copies of empty messages with the email address of the person who tried to send me the virus. So I thought someone was hijacking my computer to send outbound Email. Not the case.

But I do know who has the infected computer trying to infect me though.

[Aquattro]

Quote:

Originally Posted by Samw

But I do know who has the infected computer trying to infect me though.

You did notify them, right?

[EmilyB]

It's not me

[AJ_77]

Quote:

Originally Posted by EmilyB

some people have gotten an emai from me, including myself, even thought I do not have their emails on my system.

Apparently someone else had your email address on their system, and now the worm is spoofing your address as the "from".

From the Symantec site:

Quote:

Attempts to send email messages using its own SMTP engine. The worm looks up the mail server that the recipient uses before sending the email. If it is unsuccessful, it will use the local mail server instead.


The email will have the following characteristics:

From: May be a spoofed from address.

So even though your updated antivirus software may have caught them all, Deb (as mine seems to have), you may still get msgs back from "Mailer-Daemon" and "Mail Subsystem" at other ISPs because they are sending it back to you. Don't sweat it, you're likely fine.

Kind of freaky though... "Hey, I didn't send that! Did I??..."

[Aquattro]

Right. The from feild is spoofed, therefore it gets sent back to you. I've gotten so many back it isn't funny anymore. The headers indicated the source IP of some, so I did send a PM to that person.
Even though your system is clean, you can still get these non delivery reports.