Possible e-mail virus question.

Factual Questions
1

My hotmail junk mail filter keeps telling me that an e-mail is undeliverable because it is a virus.
I have never seen this e-mail before and I also get e-mails from places I have never heard of telling me that they are returning the e-mail because I tried to send them a virus.
My virus scans have come back clear so I don’t think I have a virus. And this issue has been going on for a month or so.
How do I take care of this?
Could I be unknowingly sending out a virus?
The title is Proverbs 15. Has anyone else heard of this?
I am not very computer savvy.
MSN/hotmail sent me a couple of notices asking me to take care of this, and I tried to respond asking them for help and just got another, what I can figure, auto response.

Please help! I would hate to think I was hurting someones computer. Oh, this sucks.

2

Hi there Kricket, if your hotmail email account is setup to be used with your outlook express theres a fairly good chance that you might be sending a virus unknowingly.I once had this problem in which all the people in my address book and also all the email addresses in my cookies(and believe me it was a lot of addresses!)were being bombarded with viruses unknown to me. Only after I started getting a couple of emails informing me that I was sending accross viruses, I did a virus check which didnt show anything wrong the frist time.I updated my virus definitions and then found out the culprit.
If you are not using Outlook Express and access your account only from the web I think there is a very good chance that someone is using your account to send viruses.In this case I think it is better to change your password and your password recovery question.
I hope this helps.

3

Try installing a virus scanner. AVG, available from grisoft.com, is good and free.

4

More info would be useful, like: are you using Hotmail as “web mail” (i.e., by logging in trough their web page) or via Outlook?
Anyway, besides being infected the possibilities are the following:
A: some wicked person had nothing better to do than to send viruses to people using your e-mail address as the return path OR
B: A friend of yours who had your address on his computer got infected. (this is, I believe, the most likely case) The virus tries to propagate by sending itself to the entire “contacts” list on the infected computer, but also makes the e-mail to look like they come from one of those contacts.
To find out the real origin of the offending e-mails you can do the following:
Go to the Hotmail webmail account. Click on the “Options” tab and on the right side column, under “additional options” click on “mail display settings”
Check “advanced” for “message headers”. Click OK at the bottom of the page.
Go back and click on the offending message. Before the actual message, you should see a “header” in blue with all sorts of information and a link to “view e-mail message source”. Click on it. A new window will open and you will see someting like this: (taken from an actual spam message) ---------------------------------------------------

X-Message-Info: JGTYoYF78jEHjJx36Oi8+Q1OJDRSDidP
Received: from **64.222.177.209 **([64.222.177.209]) by mc9-f17.bay6.hotmail.com with Microsoft SMTPSVC(5.0.2195.5600);
Fri, 25 Jul 2003 17:35:17 -0700
From: “smabqkmrki” <smabqkmrki@yahoo.com>
To: <oblivious_victim@hotmail.com>
Date: Thu, 24 Jul 2003 19:36:09 -0600
Subject: unbelivable secret important important must see great secret birhepeh
Message-ID: <169239722178$24251758$17851264@VGMEUY>
MIME-version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0001_DA3BCFA3.AAAC1D31"
X-Priority: 3
X-MSMail-priority: Normal
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Content-Transfer-Encoding: 7bit
Return-Path: smabqkmrki@yahoo.com
X-OriginalArrivalTime: 26 Jul 2003 00:35:17.0685 (UTC) FILETIME=[C980D650:01C3530D]

(there’s a lot more after that, but it doesn’t matter; What we want to find is in the second line; again, this is how the line sould look:

Received: from **64.222.177.209 **([64.222.177.209]) by mc9-f17.bay6.hotmail.com with Microsoft SMTPSVC(5.0.2195.5600);
Fri, 25 Jul 2003 17:35:17 -0700

And there we have it: the REAL (Internet) address from which the annoying e-mails originate: 64.222.177.209.

But we’re not done yet… Copy the address on your clipboard It’s important to be exact here. Go to: http://ww1.arin.net/whois/ and paste the address in the form on the page, then click on “submit query”

You should get something like this: (again, actual example for the spam above):

Search results for: **64.222.177.209 **

OrgName: Verizon Global Networks, Inc.
OrgID: VGBN
Address: 1880 Campus Commons Drive
City: Reston
StateProv: VA
PostalCode: 20191
Country: US

NetRange: 64.222.0.0 - 64.223.255.255
CIDR: 64.222.0.0/15
NetName: VZGNI-PUB-5
NetHandle: NET-64-222-0-0-1
Parent: NET-64-0-0-0-0
NetType: Direct Allocation
NameServer: NSDC.BA-DSG.NET
NameServer: GTEPH.BA-DSG.NET
Comment:
RegDate:
Updated: 2001-05-31

TechHandle: BN-ORG-ARIN
TechName: Verizon Global Networks Inc.
TechPhone: +1-703-295-4583
TechEmail: noc@gnilink.net

There… now you can… start from here: try to figure out who a) Has your e-mail address and b) is using the ISP (Internet Service Provider) that you will find (note that the ISP may be anyone: AOL, Earthling, Cox, Roadrunner, etc.) If you can limit the “suspects” to a few, contact them and tell them they may be infected.
Another option is to call the number provided for that particular ISP and explain your problem to their tech support. Most likely they can find the physical location of the offending computer. (they will not disclose it to you, but they may contact the person found at that address)

If you can’t open the message addressed to you, try to open one of the “replies” from ISP’s refusing to forward your e-mail because of the virus. After some message from that ISP the e-mail should have a part saying: “Original message:” and in it the same lines as in the example above (Received from, return path, etc.) find the line with "received from ([xxxx.xxxx.xxxx.xxxx]). Copy the number between ([ and ]). Repeat the rest of the steps.
I hope this helps.

5

We have a virus scanner and a firewall.
The firewall is set so freakin’ high that at first it stopped any incomming IM’s and wouldn’t let me play Everquest.
I use Internet Explorer for everything. I didn’t know there were other ways. Except I guess I did know that AOL users screens look different.
And we are using Windows XP.
My virus scans have come back fine and I think that is set to update once a week?
And none of my friends have complained of odd e-mails, it’s people I don’t know and it looks like businesses.

Thank you fellow night owls for the advice.
maleinblack, I will have someone put your post into small words that I will understand. :smiley:
I’m sure by the time I get this figured out you will all be wondering how I have survived online for so long, or how my computer survives me.

6

Very simple:

Get a new hotmail account, notify only your friends of your new address. :wink:

7

Kriket, if you don’t use a POP mail reader like Outlook then there’s no way those emails are coming from your computer.

Both points A and B of what HanoNymus said are very likely and there’s nothing you can do about it.

8

Changing my e-mail address would really suck since it’s the first one and only one I’ve ever had.
Yuck.

9

I’ve changed my email address many times… I don’t see the big deal.

But I only want people I know contacting me. :cool:

10

It’s most likely B. This happened to me a while back. This is called “spoofing.” Someone who has your email address has had his computer affected by a virus, and this virus sends out mail from his computer but with your “from” address. What I did was to notify everyone that would have my email address about this and for them to check their computers. Shortly thereafter, I was no longer “spoofed.”

11

olefin, I guess it’s just that I’ve had the same e-mail address since the first day I ever stepped online.
My husband has a few and my friends have something like twenty apiece!
I just find it frustrating to keep up with them. I would almost call it a pet peeve getting an e-mail from them every other week telling me they have a new address or screen name.
Or we could go with just plain old sentimental attachment.
But like the trooper I am I will do what needs to be done and get over it eventually.
Why do people have to do such jerky things? What is the thrill in messing up someones computer. And random people at that. Not even someone you know and might have a beef with?

Another question is, could this come back on me? I mean can I get in trouble for this even though I had nothing to do with it?

12

Trouble? No. If you find the address I was talking about you will have proof that the spam/virused e-mails did not originate from your computer.
Any ISP’s administrator will know what this is about. So you need not to worry too much. But you can shorten your ordeal by identifying the source.

13

Thank you all so much for all of your help.
I am having a friend come over to help me run through a few of the things suggested by you wonderful people.
HanoNymus, you seem to be a bit of a lurker and I thank you for comming out to offer help.