Someone could probably clear me up on this.
Starting today, Monday, 8/25/03, I've been receiving "bounced back"
messages from different places where I supposedly sent messages to. I
copied 2 examples below:
==========================================
"Garland ISD - Network Associates WebShield SMTP V4.5 MR1a on tcms02-imvp
detected
virus W32/Sobig.f@MM in attachment application.pif from
<[log in to unmask]> and it
was Cleaned. The email you sent was not delivered."
Still another one...
" ***** SECURITY NOTICE *****
An attachment was sent by you, in the message "Re: Your application",
that violates Kimberly-Clark's E-mail security policy regarding
potentially dangerous attachments.
The offending message has been dropped and will not be delivered.
<Snipped>
If you do not know why you received this notice, it is possible that
your computer has been infected by a virus, or you have been the target
of an email worm which is now attacking other computers on its own,
without your knowledge or consent. Please contact your system
administrator.
===========================================
Obviously this is a result of the "Sobig" worm. I immediately did a
complete scan of my PC/Files using NAV 2003 (My NAV live update is current)
and found nothing. I went to Symantec's website and had them do a complete
scan of my system which they didn't find anything either. I dowloaded
Symantec's W32 removal tool, printed it and I manually checked the files
which this worm supposedly infect and embed itself onto. I found no strange
directory in my C-drive, no trace of "winppr32" file in my Registry as well
as in my Start up file. I then ran Symantec's "W32Sobig..." removal tool
aand it went through every single file on my hardrive for about 15 minutes
and gave me a result... "W32.sobig.F@mm has not been found on your
computer." During this connection with Symantec's Security website, I made
sure that ZA blocked incoming/outgoing traffic except with between me and
Symantec to be safe.
I couldn't find any trace of this worm, and so does Symantec, on my
computer, how then did it manage to use my email address? Anyone? Did NAV
missed it? (I have my NAV AutoProtect enable on Startup all the time.) Have
I been attacked without knowing it? I was out of town from Friday thru
Sunday last week aand my computer was off... how could it be? I'm lossing
my head trying to figure this one out. Help! Ugh!!!
(By the way, I scanned this email before sending just to make sure.)
Thanks.
Emie DelRosario
PCSOFT maintains many useful files for download
visit our download web page at:
http://freepctech.com/downloads.shtml
|