SCOUG-HELP Mailing List Archives
Return to [ 23 |
September |
2003 ]
<< Previous Message <<
Content Type: text/plain
=====================================================
If you are responding to someone asking for help who
may not be a member of this list, be sure to use the
REPLY TO ALL feature of your email program.
=====================================================
I got bit by this problem on my brand new WinXP partition, which I've only
used about 2 weeks... At one point, I had over 2000 emails in one of my
email accounts, so I called my ISP for assistance. The ISP rep told me it is
the "w32.swen" virus. It affects Windows; I do not know if there is an OS/2
version of this virus... you may just see the effects of others having the
virus and sending you emails.
I had just finished registering at a (valid) Microsoft site when I got the
virus-infected email; I stupidly thought it was a genuine Microsoft email,
in response to my registration, and so I ran the attachment, and have been
trying to recover ever since.
By the time I found out what it was, I'd pretty much trashed my WinXP system
and had to rebuild it from scratch... I am still having trouble rebuilding
it, so I'm going to start another thread about that problem.
You can read about this virus, and download a (Windows) tool to get rid of
it (I found it too late to try it) at:
http://www.dslreports.com/shownews/33290
A google search on w32.swen will bring up other sites. If you have an
anti-virus program, that vendor's site probably has information as well.
Wayne
Robert Blair writes:
> =====================================================
> If you are responding to someone asking for help who
> may not be a member of this list, be sure to use the
> REPLY TO ALL feature of your email program.
> =====================================================
>
> ** Reply to message from Peter Skye on Tue, 23 Sep 2003
> 19:47:36 PDT7
>
>> Since last Friday I've been getting about two per hour. I am *also*
>> getting "Microsoft Security Update" notices (the name changes a lot)
>> telling me to install the attached patch, which is an ongoing
>> replication of the Swen virus.
>
> The security update is a virus. As I recall the "administrator" message is
> also a virus.
>
>
>> If you aren't running Windows or an SMTP server then somebody else is
>> simply using your email address in their From field or a virus on their
>> machine is reading their address book or (typically) the last-received
>> message in their inbox (which could be a mail list posting from you) to
>> get a random From address.
>>
>> I've tried tracing these darn things and they appear to be coming from
>> everywhere. Of interest is the Message-ID which you can check against
>> the lowest (first) Received line in the header. The Message-ID field
>> contains a date-time stamp plus the name of the originating SMTP server.
>
> Coming from all of those windows users that are infected which is everywhere.
>
> I have not read the RFC about the message-id but from what I see is if there is
> a message-id no other server will replace it. So it may be inserted by any
> mail server along the path from source to destination. I sometimes see a
> message-id inserted by my ISPs mail server since there was not one in the
> message when it got it. I do know that the content of the message-id can be
> anything as long as it is, in theory, unique for the internet (no two messages
> will have the same message-id).
>
>
>> I've even gotten these bounceback messages from auto-reply machines such
>> as people on vacation and tech support departments ("We'll respond as
>> soon as possible.") and I even got one from a mail list server that
>> tried to interpret the lines as commands.
>>
>> So you're not alone. I just delete them, hoping Swen will die down in a
>> few more days. The "Microsoft Security Update" notices are the biggest
>> pain since each one is 155K and, at two per hour, my 10 MB inbox fills
>> up in a day or so.
>
> I guess I am lucky, I have not received a single security update (it may be
> that my ISP is deleting them but should not as I have told them not to filter
> my email). I have heard of some people getting thousands a day.
>
> --
> Robert Blair
>
> =====================================================
>
> To unsubscribe from this list, send an email message
> to "steward@scoug.com". In the body of the message,
> put the command "unsubscribe scoug-help".
>
> For problems, contact the list owner at
> "rollin@scoug.com".
>
> =====================================================
>
>
=====================================================
To unsubscribe from this list, send an email message
to "steward@scoug.com". In the body of the message,
put the command "unsubscribe scoug-help".
For problems, contact the list owner at
"rollin@scoug.com".
=====================================================
<< Previous Message <<
Return to [ 23 |
September |
2003 ]
The Southern California OS/2 User Group
P.O. Box 26904
Santa Ana, CA 92799-6904, USA
Copyright 2001 the Southern California OS/2 User Group. ALL RIGHTS
RESERVED.
SCOUG, Warp Expo West, and Warpfest are trademarks of the Southern California OS/2 User Group.
OS/2, Workplace Shell, and IBM are registered trademarks of International
Business Machines Corporation.
All other trademarks remain the property of their respective owners.
|
