VIRUS QUESTION - NEED HELP!!!

Guest · #1 Postby **Guest** » Thu Aug 21, 2003 11:39 am

I just received this in my email box at my isp. It hasn't been opened at home - I am reading my emails via the internet. Can someone explain what is happening here.

From: Mail Delivery Subsystem <MAILER-DAEMON@aol.com>

Date: Thu, 21 Aug 2003 12:29:55 -0400 (EDT)
To: <>
Subject: Returned mail: Service unavailable
--------------------------------------------------------------------------------
This is a MIME-encapsulated message

--------------------------------------------------------------------------------
The original message was received at Thu, 21 Aug 2003 12:29:25 -0400 (EDT)
from firewall2.ci.pasadena.tx.us [204.2.44.68]

*** ATTENTION ***

Your e-mail is being returned to you because there was a problem with its
delivery. The address which was undeliverable is listed in the section
labeled: "----- The following addresses had permanent fatal errors -----".

The reason your mail is being returned to you is listed in the section
labeled: "----- Transcript of Session Follows -----".

The line beginning with "<<<" describes the specific reason your e-mail could
not be delivered. The next line contains a second error message which is a
general translation for other e-mail servers.

Please direct further questions regarding this message to your e-mail
administrator.

--AOL Postmaster

----- The following addresses had permanent fatal errors -----
<timebomb70@aol.com>

----- Transcript of session follows -----
... while talking to air-xh04.mail.aol.com.:
>>> DATA
<<< 554 TRANSACTION FAILED - Unrepairable Virus Detected. Your mail has not been sent.
554 <timebomb70@aol.com>... Service unavailable

--------------------------------------------------------------------------------
Reporting-MTA: dns; rly-xh02.mx.aol.com
Arrival-Date: Thu, 21 Aug 2003 12:29:25 -0400 (EDT)

Final-Recipient: RFC822; timebomb70@aol.com
Action: failed
Status: 5.0.0
Remote-MTA: DNS; air-xh04.mail.aol.com
Diagnostic-Code: SMTP; 554 TRANSACTION FAILED - Unrepairable Virus Detected. Your mail has not been sent.
Last-Attempt-Date: Thu, 21 Aug 2003 12:29:55 -0400 (EDT)

--------------------------------------------------------------------------------
Received: from FM0303 (firewall2.ci.pasadena.tx.us [204.2.44.68]) by rly-xh02.mx.aol.com (v95.1) with ESMTP id MAILRELAYINXH21-4893f44f35416c; Thu, 21 Aug 2003 12:29:11 -0400
From: <>
To: <Timebomb70@aol.com>
Subject: Re: Wicked screensaver
Date: Thu, 21 Aug 2003 11:28:13 --0500
X-MailScanner: Found to be clean
Importance: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MSMail-Priority: Normal
X-Priority: 3 (Normal)
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="_NextPart_000_24DCFFC3"
X-AOL-IP: 204.2.44.68
X-AOL-SCOLL-SCORE: 0:XXX:XX
X-AOL-SCOLL-URL_COUNT: 0
Message-ID: <200308211229.4893f44f35416c@rly-xh02.mx.aol.com>

PerficktGurl · #2 Postby **PerficktGurl** » Thu Aug 21, 2003 11:43 am

I don't know, but I've recieved several of those weird messages since Tuesday, and deleted them (per my father's instructions).

#3 Postby **Stephanie** » Thu Aug 21, 2003 11:53 am

See the "sticky" about the viruses.

One of the messages said something about the "wicked screensaver". That's one of the attachments that's being floated around with this Sobig virus. It seems like your mail server is blocking e-mails being sent to you through this virus. I'd run a virus scan just in case!

#4 Postby **bfez1** » Thu Aug 21, 2003 12:07 pm

We have been flooded here today with those emails, wicked screensaver, re:details, etc. Don't open anything unless you know the sender.

Guest · #5 Postby **Guest** » Thu Aug 21, 2003 12:12 pm

I am getting the idea that a massive attack has been launched. I am deleting all these from the backend of my email from my ISP website and will not open my email at home at all today.

Patricia

GalvestonDuck · #6 Postby **GalvestonDuck** » Thu Aug 21, 2003 12:13 pm

Two things stuck out:

1) Diagnostic-Code: SMTP; 554 TRANSACTION FAILED - Unrepairable Virus Detected. Your mail has not been sent.

2) To: <Timebomb70@aol.com>

Is "Timebomb70@aol.com" in your address book? Have you opened anything weird lately (not necessarily from Timebomb).

It looks as though you could have been infected and the virus was using your addressbook to send itself out to others (at least, that's how how it works was explained to me). It said "Your mail has not been sent" which would suggest it was coming from you to Timebomb.

Run your virus scan. If you can go here ftp://mcafee.utmb.edu/pub/mcafee/upgrade/ try that to get the upgrade if you have McAfee.

I've never had one on my home computer so I don't know much else about how to fix them. Here at UTMB, we have info services guys who take care of the hospital's computers.

Also, remember to check all the computers that you've used to access that mail that had that message. For example, if you checked your AOL mail on your work computer, it will be on that one instead of on your home computer, even though AOL is your "home" addy.

Good luck, Ticka!

Lindaloo · #7 Postby **Lindaloo** » Thu Aug 21, 2003 12:35 pm

It sounds like your computer has been infected ticka!! It did not deliver the mail to 'timebomb" because the virus was detected, so the AOL postmaster sent it back.

Did you send an email to timebomb and it came back?

JetMaxx · #8 Postby **JetMaxx** » Thu Aug 21, 2003 11:25 pm

Patricia, I've been recieving crazy emails like that for three or four days.....returned emails that I NEVER sent; from email addresses I've NEVER HEARD of (I don't send very many emails to begin with; and only to folks I know well).

This is all part of that crazy virus that I posted about the other night. It completely shut down one website I post at, and screwed up Weathermatrix (they were recieving 50 virus infected emails per hour :o

Lindaloo · #9 Postby **Lindaloo** » Fri Aug 22, 2003 6:51 am

Found out at the PTO meeting last night that the virus shut down the school computers.

Guest · #10 Postby **Guest** » Fri Aug 22, 2003 8:09 am

Lindaloo its shut down school computers here in Houston. I found out that I don't have the virus on my computer. Like Perry said above - I keep getting tons of emails from people that are infected and don't have a clue they have it on their machine.

This virus puts your name in the from space and tries sending it to everyone - there thats why I got the AOL returned mail message. My email was on someone's machine that go infected and its sending bogus emails out.

Woke up this morning and had over 200 emails in my inbox - my ISP had deleted everyone one of them. I ran Virus Scan on my computer 3 times last night after updating and making sure I had the most recent updates - I did.

So there is really nothing I can do until the folks that are infected clean it from their machines and quit sending the emails.

Patricia

Lindaloo · #11 Postby **Lindaloo** » Fri Aug 22, 2003 9:03 am

Thanks for informing me how that worked. My home PC has not been overloaded by those type emails. I only received 4 in my hotmail account on the first day the virus started. I learned a long time ago to never open any attachments from someone you do not know. lol. I feel for those people who are infected. Guess we have to put up with it til Sept. 9th. Eerie, considering that is two days before 9-11.

Guess my firewall and McAfee virus scan did it's job.

#12 Postby **Stephanie** » Fri Aug 22, 2003 12:29 pm

I stopped receiving those e-mails after Monday.

I agree Lindaloo, it is pretty eerie about the date the virus is supposed to stop. I'm sure that it was programmed on purpose - I just hate to see what is instore on 9/11! :o

Rainband · #13 Postby **Rainband** » Fri Aug 22, 2003 6:03 pm

I won't open mail unless i recognise the sender..One of mine was for NOAA.. :o but it looked suspicious!!! :wink:

VIRUS QUESTION - NEED HELP!!!

VIRUS QUESTION - NEED HELP!!!

Who is online