Topic awaiting preservation: is this a virus? $Pages that link to <a href="https://ozoneasylum.com/backlink?for=6794" title="Pages that link to Topic awaiting preservation: is this a virus?" rel="nofollow" >Topic awaiting preservation: is this a virus?\$

Author	Thread
lallous Paranoid (IV) Inmate From: Lebanon Insane since: May 2001	posted 08-26-2003 14:58 quote: X-Apparently-To: myaddress@yahoo.com via 216.136.173.244; Tue, 26 Aug 2003 03:03:09 -0700 Return-Path: <tenzgjk@foni.net> Received: from 212.7.146.13 (EHLO mp-backup.komtel.net) (212.7.146.13) by mta128.mail.sc5.yahoo.com with SMTP; Tue, 26 Aug 2003 03:03:08 -0700 Received: from mx03.komtel.net (IDENT:mirapoint@mx03.komtel.net [212.7.146.2]) by mp-backup.komtel.net (8.11.6/8.11.6) with ESMTP id h7Q9t3c31419 for <myaddress@yahoo.com>; Tue, 26 Aug 2003 11:55:08 +0200 Received: from Dne ([62.214.76.89]) by mx03.komtel.net (Mirapoint Messaging Server MOS 3.3.5-GR) with SMTP id AIS14587 for <myaddress@yahoo.com>; Tue, 26 Aug 2003 12:02:38 +0200 (CEST) Date: Tue, 26 Aug 2003 12:02:38 +0200 (CEST) Message-Id: <200308261002.AIS14587@mx03.komtel.net> From: postmaster <postmaster@yahoo.com> To: myaddress@yahoo.com Subject: Undeliverable mail--"cellpadding" MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="MIRAPOINT_PART1_3f4b3055" X-Mirapoint-Virus: VIRUSDELETED; host=mx03.komtel.net; attachment=[2.2]; virus=W32/Klez-H Der Virenscanner hat folgende Anhaenge dieser E-Mail geloescht bzw. konnte die folgenden Anhaenge evtl. nicht auf Viren ueberpruefen (The following message attachments were flagged by the antivirus scanner) : Anhang (attachment) : valign.scr [2.2], Status: virus infected, deleted, W32/Klez-H Bitte beachten Sie: Diese Meldung wird automatisch erstellt, sobald das System eine durch Viren befallene Mail entdeckt. Der Inhalt dieser E-Mail wurde nicht veraendert, lediglich der virenbefallene Anhang wurde evtl. entfernt, um eine weitere Verbreitung dieses Virus zu verhindern. (Please notice that this message is generated automatically if our system detects an e-mail-virus. The attachment has been eventually deleted because it contained a virus. Any other part of this e-mail has been delivered without changes.) Ein Service Ihres Internetproviders (A service provided by your Internetprovider)Content-Type: text/html; The following mail can't be sent to xxxx@goldmail.de: From: myaddress@yahoo.com To: xxxx@goldmail.de Subject: cellpadding The attachment is the original mail Content-Type: application/octet-stream; name=pratzenani0211.jpg Content-ID: <Y66pZwWOVYS4d2pjS> I always receive variants of this email! Suspecting that it was a virus on its way to my box but the smtp server deleted the virus before sending? Don't know, anyone receives such messages? -- Regards, Elias
Skaarjj Maniac (V) Mad Scientist From: :morF Insane since: May 2000	posted 08-26-2003 15:03 this is the key line quote: virus=W32/Klez-H Someone keeps trying to send you the Klez virus, but apparently your ISP's mail server had auto virus scanning on it...
Wolfen Paranoid (IV) Inmate From: Minnesota Insane since: Jan 2001	posted 08-27-2003 02:39 Lallous: Yes, that WAS a virus, but fortunately yahoo uses norton antivirus to scan every piece of email for viruses. It picked up that the mail you recieved was infected with the Klez virus and deleted it. That is the one reason why I like Yahoo mail. The programmer's national anthem is 'AAAAAAAAHHHHHHHH'' Wolfen's Sig Site
lallous Paranoid (IV) Inmate From: Lebanon Insane since: May 2001	posted 08-27-2003 07:16 Why would Yahoo then talk to me in German? My address is @ Yahoo.com and not .de Besides, most of the times viruses get passed Yahoo's virus scanner and land in my inbox! I don't trust its AV, i still scan suspicious emails manually. -- Regards, Elias
Wolfen Paranoid (IV) Inmate From: Minnesota Insane since: Jan 2001	posted 08-27-2003 07:27 I do not know then... very odd...
mr.maX Maniac (V) Mad Scientist From: Belgrade, Serbia Insane since: Sep 2000	posted 08-27-2003 09:17 Judging by the e-mail headers, the virus has been removed by Mirapoint Messaging Server, that's running on mx03.komtel.net address and it is actually mail server of the sender (originating). And since Komtel is a German company, that explains why you received e-mail in German. So, the bottom line is that Yahoo didn't even touch that e-mail...
Tyberius Prime Paranoid (IV) Mad Scientist with Finglongers From: Germany Insane since: Sep 2001	posted 08-27-2003 09:28 well, either you have configured your yahoo account to think you're german (accidentilly choose 'french' one time... everything was in french after that), or, it's not actually yahoo doing the scanning, but goldmail.de -> your system is infected and sent out the original mail to goldmail.de which bounced it back, where it might have gotten into the yahoo filter (again).
Petskull Maniac (V) Mad Scientist From: 127 Halcyon Road, Marenia, Atlantis Insane since: Aug 2000	posted 08-28-2003 17:24 um... TP... look right above you... Code - CGI - links - DHTML - Javascript - Perl - programming - Magic - http://www.twistedport.com ICQ: 67751342
bitdamaged Maniac (V) Mad Scientist From: 100101010011 <-- right about here Insane since: Mar 2000	posted 08-28-2003 18:05 Actually here's the deal, From what I can tell (this is happening to me to) someone with my addy has been infected and the sobig.F virus is sending infected emails from their computer but spoofed with my address so I'm getting the bounceback's from domains that scan the emails coming in. I think this is the same for your but you should scan anyway .:[ Never resist a perfect moment ]:.

Topic awaiting preservation: is this a virus?\$

Author

Thread

lallous
Paranoid (IV) Inmate

From: Lebanon
Insane since: May 2001

posted 08-26-2003 14:58

quote:
X-Apparently-To: myaddress@yahoo.com via 216.136.173.244; Tue, 26 Aug 2003 03:03:09 -0700
Return-Path: <tenzgjk@foni.net>
Received: from 212.7.146.13 (EHLO mp-backup.komtel.net) (212.7.146.13)
by mta128.mail.sc5.yahoo.com with SMTP; Tue, 26 Aug 2003 03:03:08 -0700
Received: from mx03.komtel.net (IDENT:mirapoint@mx03.komtel.net [212.7.146.2])
by mp-backup.komtel.net (8.11.6/8.11.6) with ESMTP id h7Q9t3c31419
for <myaddress@yahoo.com>; Tue, 26 Aug 2003 11:55:08 +0200
Received: from Dne ([62.214.76.89])
by mx03.komtel.net (Mirapoint Messaging Server MOS 3.3.5-GR)
with SMTP id AIS14587
for <myaddress@yahoo.com>;
Tue, 26 Aug 2003 12:02:38 +0200 (CEST)
Date: Tue, 26 Aug 2003 12:02:38 +0200 (CEST)
Message-Id: <200308261002.AIS14587@mx03.komtel.net>
From: postmaster <postmaster@yahoo.com>
To: myaddress@yahoo.com
Subject: Undeliverable mail--"cellpadding"
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="MIRAPOINT_PART1_3f4b3055"
X-Mirapoint-Virus: VIRUSDELETED;
host=mx03.komtel.net;
attachment=[2.2];
virus=W32/Klez-H

Der Virenscanner hat folgende Anhaenge dieser E-Mail geloescht bzw. konnte die folgenden Anhaenge evtl. nicht auf Viren ueberpruefen (The following message attachments were flagged by the antivirus scanner) :

Anhang (attachment) : valign.scr [2.2], Status: virus infected, deleted, W32/Klez-H

Bitte beachten Sie: Diese Meldung wird automatisch erstellt, sobald das System eine durch Viren befallene Mail entdeckt. Der Inhalt dieser E-Mail wurde nicht veraendert, lediglich der virenbefallene Anhang wurde evtl. entfernt, um eine weitere Verbreitung dieses Virus zu verhindern. (Please notice that this message is generated automatically if our system detects an e-mail-virus. The attachment has been eventually deleted because it contained a virus. Any other part of this e-mail has been delivered without changes.)

Ein Service Ihres Internetproviders (A service provided by your Internetprovider)Content-Type: text/html;

The following mail can't be sent to xxxx@goldmail.de:

From: myaddress@yahoo.com
To: xxxx@goldmail.de
Subject: cellpadding
The attachment is the original mail
Content-Type: application/octet-stream;
name=pratzenani0211.jpg
Content-ID: <Y66pZwWOVYS4d2pjS>

I always receive variants of this email!
Suspecting that it was a virus on its way to my box but the smtp server deleted the virus before sending?

Don't know, anyone receives such messages?

--
Regards,
Elias

Skaarjj
Maniac (V) Mad Scientist

From: :morF
Insane since: May 2000

posted 08-26-2003 15:03

this is the key line

quote:
virus=W32/Klez-H

Someone keeps trying to send you the Klez virus, but apparently your ISP's mail server had auto virus scanning on it...

Wolfen
Paranoid (IV) Inmate

From: Minnesota
Insane since: Jan 2001

posted 08-27-2003 02:39

Lallous: Yes, that **WAS** a virus, but fortunately yahoo uses norton antivirus to scan every piece of email for viruses. It picked up that the mail you recieved was infected with the Klez virus and deleted it. That is the one reason why I like Yahoo mail.

The programmer's national anthem is 'AAAAAAAAHHHHHHHH''

Wolfen's Sig Site

lallous
Paranoid (IV) Inmate

From: Lebanon
Insane since: May 2001

posted 08-27-2003 07:16

Why would Yahoo then talk to me in German? My address is @ Yahoo.com and not .de

Besides, most of the times viruses get passed Yahoo's virus scanner and land in my inbox!

I don't trust its AV, i still scan suspicious emails manually.

--
Regards,
Elias

Wolfen
Paranoid (IV) Inmate

From: Minnesota
Insane since: Jan 2001

posted 08-27-2003 07:27

I do not know then... very odd...

mr.maX
Maniac (V) Mad Scientist

From: Belgrade, Serbia
Insane since: Sep 2000

posted 08-27-2003 09:17

Judging by the e-mail headers, the virus has been removed by Mirapoint Messaging Server, that's running on mx03.komtel.net address and it is actually mail server of the sender (originating). And since Komtel is a German company, that explains why you received e-mail in German. So, the bottom line is that Yahoo didn't even touch that e-mail...

Tyberius Prime
Paranoid (IV) Mad Scientist with Finglongers

From: Germany
Insane since: Sep 2001

posted 08-27-2003 09:28

well, either you have configured your yahoo account to think you're german (accidentilly choose 'french' one time... everything was in french after that), or, it's not actually yahoo doing the scanning, but goldmail.de -> your system is infected and sent out the original mail to goldmail.de which bounced it back, where it might have gotten into the yahoo filter (again).

Petskull
Maniac (V) Mad Scientist

From: 127 Halcyon Road, Marenia, Atlantis
Insane since: Aug 2000

posted 08-28-2003 17:24

um... TP... look right above you...

Code - CGI - links - DHTML - Javascript - Perl - programming - Magic - http://www.twistedport.com
ICQ: 67751342

bitdamaged
Maniac (V) Mad Scientist

From: 100101010011 <-- right about here
Insane since: Mar 2000

posted 08-28-2003 18:05

Actually here's the deal, From what I can tell (this is happening to me to) someone with my addy has been infected and the sobig.F virus is sending infected emails from their computer but spoofed with my address so I'm getting the bounceback's from domains that scan the emails coming in. I think this is the same for your but you should scan anyway

.:[ Never resist a perfect moment ]:.