An infected PC somewhere out there has your email address in its address book. The virus has chosen your address to
mimic. It sends itself to other machines and makes it appear as though it came from yours. There's little more you
can do until the infected machine has been cleaned. This is common - I was getting those same 'bounced email
messages' for quite some time but they appear to have stopped. The best way to avoid this is to keep your email
address private, but that's not realistic. A better approach is to have your contacts avoid forwarding email, but
even that is nearly impossible. So the short answer is to do nothing, or change your email address - your PC is
clean and the attachments were not sent from it. hth

Al Thompson

----- Original Message -----
From: "Emie"
Subject: [PCSOFT] W32.sobig.F@mm Question


> Someone could probably clear me up on this.
>
> Starting today, Monday, 8/25/03, I've been receiving  "bounced back"
> messages from different places where I supposedly sent messages to.  I
> copied 2  examples below:
> ==========================================
> "Garland ISD - Network Associates WebShield SMTP V4.5 MR1a on tcms02-imvp
> detected
> virus W32/Sobig.f@MM in attachment application.pif from
> <[log in to unmask]> and it
> was Cleaned. The email you sent was not delivered."
>
> Still another one...
>
> "            ***** SECURITY NOTICE *****
>
> An attachment was sent by you, in the message "Re: Your application",
> that violates Kimberly-Clark's E-mail security policy regarding
> potentially dangerous attachments.
> The offending message has been dropped and will not be delivered.
>
> <Snipped>
>
> If you do not know why you received this notice, it is possible that
> your computer has been infected by a virus, or you have been the target
> of an email worm which is now attacking other computers on its own,
> without your knowledge or consent.  Please contact your system
> administrator.
> ===========================================
>
> Obviously this is a result of the "Sobig" worm.  I immediately did a
> complete scan of my PC/Files using NAV 2003 (My NAV live update is current)
> and found nothing.  I went to Symantec's website and had them do a complete
> scan of my system which they didn't find anything either.  I dowloaded
> Symantec's W32 removal tool, printed it and I manually checked the files
> which this worm supposedly infect and embed itself onto.  I found no strange
> directory in my C-drive, no trace of "winppr32" file in my Registry as well
> as in my Start up file.  I then ran Symantec's  "W32Sobig..." removal tool
> aand it went through every single file on my hardrive for about 15 minutes
> and gave me a result... "W32.sobig.F@mm  has not been found on your
> computer."  During this connection with Symantec's Security website, I made
> sure that ZA blocked incoming/outgoing traffic except with  between me and
> Symantec to be safe.
>
> I couldn't find any trace of this worm, and so does Symantec, on my
> computer, how then did it manage to use my email address?  Anyone?  Did NAV
> missed it? (I have my NAV AutoProtect enable on Startup all the time.)  Have
> I been attacked without knowing it?  I was out of town from Friday thru
> Sunday last week aand my computer was off... how could it be?  I'm lossing
> my head trying to figure this one out.  Help!  Ugh!!!
>
> (By the way, I scanned this email before sending just to make sure.)
> Thanks.
>
> Emie DelRosario

             Do you want to signoff PCSOFT or just change to
                    Digest mode - visit our web site:
                   http://freepctech.com/pcsoft.shtml