W32/Bagel-Zip virus
Martin Underwood06-25-04, 12:20 PMsomethingI'm getting reports from one (and only one) person in my address book, via
their anti-virus filter, that my PC has been sending emails with attachments
that contain the W32/Bagel-Zip virus. I've not knowingly sent any emails to
this person recently, so they could be being sent by virus.
I have the latest Norton Anti Virus definitions (16 June 2004) and I've done
full system scan which has not found any evidence of viruses.
Since I can't get at the On-Line Virus Encyclopedia (see my earlier
posting!), can someone please look it up and tell me what action I should
take to remove it from my computer.
The virus report is as follows:
<begins>
Attention: <my email address>
A virus was found in an Email message you sent.
The Business Serve AuntyVirus scanner intercepted it and stopped the entire
message reaching its destination.
The virus was reported to be:
W32/Bagle-Zip
Please update your virus scanner or contact your IT support
personnel as soon as possible as you have a virus on your system.
Your message was sent with the following envelope:
MAIL FROM: <my email address>
RCPT TO: <recipient's address>
.... and with the following headers:
---
MAILFROM: <my email address>
Delivered-To: <recipient's address>
Received: (qmail 29598 invoked from network); 17 Jun 2004 12:15:50 -0000
Received: from unknown (HELO 40-f76a656a5af4.com) (80.40.78.57)
by 0 with SMTP; 17 Jun 2004 12:15:50 -0000
Date: Thu, 17 Jun 2004 13:14:34 +0000
To: "Jill" <recipient's address>
From: "Martin" <my email address>
Subject: Re: Yahoo!
Message-ID: <rzzqstdiocvmryaeshw@40plusrecruitmentfranchise.co. uk>
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="--------xaxnbzpdjoclzdwjffwa"
X-Spam-Status: No, hits=2.9 required=5.0
tests=HTML_30_40,HTML_IMAGE_ONLY_02,HTML_MESSAGE,M IME_HTML_ONLY
version=2.53
X-Spam-Level: **
X-Spam-Checker-Version: Business Serve antiSPAM
<ends>
Christine Moon06-25-04, 12:20 PMsomethingThe virus is on a third party computer and is spoofing your address, so the
recipient thinks the virus is coming from you.
Christine
"Martin Underwood" <me@privacy.net> wrote in message
news:40d1949b$0$521$ed2619ec@ptn-nntp-reader01.plus.net...
> I'm getting reports from one (and only one) person in my address book, via
> their anti-virus filter, that my PC has been sending emails with
attachments
> that contain the W32/Bagel-Zip virus. I've not knowingly sent any emails
to
> this person recently, so they could be being sent by virus.
>
> I have the latest Norton Anti Virus definitions (16 June 2004) and I've
done
> full system scan which has not found any evidence of viruses.
>
> Since I can't get at the On-Line Virus Encyclopedia (see my earlier
> posting!), can someone please look it up and tell me what action I should
> take to remove it from my computer.
>
> The virus report is as follows:
>
> <begins>
> Attention: <my email address>
>
>
> A virus was found in an Email message you sent.
> The Business Serve AuntyVirus scanner intercepted it and stopped the
entire
> message reaching its destination.
>
> The virus was reported to be:
>
> W32/Bagle-Zip
>
>
> Please update your virus scanner or contact your IT support
> personnel as soon as possible as you have a virus on your system.
>
>
> Your message was sent with the following envelope:
>
> MAIL FROM: <my email address>
> RCPT TO: <recipient's address>
>
> ... and with the following headers:
>
> ---
> MAILFROM: <my email address>
> Delivered-To: <recipient's address>
> Received: (qmail 29598 invoked from network); 17 Jun 2004 12:15:50 -0000
> Received: from unknown (HELO 40-f76a656a5af4.com) (80.40.78.57)
> by 0 with SMTP; 17 Jun 2004 12:15:50 -0000
> Date: Thu, 17 Jun 2004 13:14:34 +0000
> To: "Jill" <recipient's address>
> From: "Martin" <my email address>
> Subject: Re: Yahoo!
> Message-ID: <rzzqstdiocvmryaeshw@40plusrecruitmentfranchise.co. uk>
> MIME-Version: 1.0
> Content-Type: multipart/mixed;
> boundary="--------xaxnbzpdjoclzdwjffwa"
> X-Spam-Status: No, hits=2.9 required=5.0
> tests=HTML_30_40,HTML_IMAGE_ONLY_02,HTML_MESSAGE,M IME_HTML_ONLY
> version=2.53
> X-Spam-Level: **
> X-Spam-Checker-Version: Business Serve antiSPAM
> <ends>
>
>
>
Martin Underwood06-25-04, 12:20 PMsomething"Christine Moon" <christine@fojd.org.uk> wrote in message
news:40d1f0c0$0$284$cc9e4d1f@news-text.dial.pipex.com...
> The virus is on a third party computer and is spoofing your address, so
the
> recipient thinks the virus is coming from you.
Thanks. As I analysed the report a bit more closely, I did wonder whether it
might be a spoof because the friendly name (in double quotes) in the 'From:
"Martin" <my email address>' header was simply my first name, whereas any
emails that I send out myself have both my first and surnames and any virus
on my PC would probably either not have my real name or else would pick up
the full name from the Outlook Express configuration.
I'm glad you've confirmed that my PC is clean: I did another scan and also
downloaded the Bagle removal tool, both of which reported no virus - now I
know why!
Bullwinkel J. Moose06-25-04, 12:20 PMsomethingThis is the latest way to get a spam message out. I have friends who no
longer use email as a result of these time consuming interruptions of their
use of the computer. A shame that there are so many "people" out there who
work at destroying such a wonderful system.
--
Regards,
Werner
quincey.nyc@nospam.verizon.net
Remove "Nospam" when e-mailing
"Martin Underwood" <me@privacy.net> wrote in message
news:40d2c74a$0$8256$ed2619ec@ptn-nntp-reader01.plus.net...
> "Christine Moon" <christine@fojd.org.uk> wrote in message
> news:40d1f0c0$0$284$cc9e4d1f@news-text.dial.pipex.com...
> the
>
> Thanks. As I analysed the report a bit more closely, I did wonder whether
it
> might be a spoof because the friendly name (in double quotes) in the
'From:
> "Martin" <my email address>' header was simply my first name, whereas any
> emails that I send out myself have both my first and surnames and any
virus
> on my PC would probably either not have my real name or else would pick up
> the full name from the Outlook Express configuration.
>
> I'm glad you've confirmed that my PC is clean: I did another scan and also
> downloaded the Bagle removal tool, both of which reported no virus - now I
> know why!
>
>
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.707 / Virus Database: 463 - Release Date: 6/15/2004
their anti-virus filter, that my PC has been sending emails with attachments
that contain the W32/Bagel-Zip virus. I've not knowingly sent any emails to
this person recently, so they could be being sent by virus.
I have the latest Norton Anti Virus definitions (16 June 2004) and I've done
full system scan which has not found any evidence of viruses.
Since I can't get at the On-Line Virus Encyclopedia (see my earlier
posting!), can someone please look it up and tell me what action I should
take to remove it from my computer.
The virus report is as follows:
<begins>
Attention: <my email address>
A virus was found in an Email message you sent.
The Business Serve AuntyVirus scanner intercepted it and stopped the entire
message reaching its destination.
The virus was reported to be:
W32/Bagle-Zip
Please update your virus scanner or contact your IT support
personnel as soon as possible as you have a virus on your system.
Your message was sent with the following envelope:
MAIL FROM: <my email address>
RCPT TO: <recipient's address>
.... and with the following headers:
---
MAILFROM: <my email address>
Delivered-To: <recipient's address>
Received: (qmail 29598 invoked from network); 17 Jun 2004 12:15:50 -0000
Received: from unknown (HELO 40-f76a656a5af4.com) (80.40.78.57)
by 0 with SMTP; 17 Jun 2004 12:15:50 -0000
Date: Thu, 17 Jun 2004 13:14:34 +0000
To: "Jill" <recipient's address>
From: "Martin" <my email address>
Subject: Re: Yahoo!
Message-ID: <rzzqstdiocvmryaeshw@40plusrecruitmentfranchise.co. uk>
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="--------xaxnbzpdjoclzdwjffwa"
X-Spam-Status: No, hits=2.9 required=5.0
tests=HTML_30_40,HTML_IMAGE_ONLY_02,HTML_MESSAGE,M IME_HTML_ONLY
version=2.53
X-Spam-Level: **
X-Spam-Checker-Version: Business Serve antiSPAM
<ends>
Christine Moon06-25-04, 12:20 PMsomethingThe virus is on a third party computer and is spoofing your address, so the
recipient thinks the virus is coming from you.
Christine
"Martin Underwood" <me@privacy.net> wrote in message
news:40d1949b$0$521$ed2619ec@ptn-nntp-reader01.plus.net...
> I'm getting reports from one (and only one) person in my address book, via
> their anti-virus filter, that my PC has been sending emails with
attachments
> that contain the W32/Bagel-Zip virus. I've not knowingly sent any emails
to
> this person recently, so they could be being sent by virus.
>
> I have the latest Norton Anti Virus definitions (16 June 2004) and I've
done
> full system scan which has not found any evidence of viruses.
>
> Since I can't get at the On-Line Virus Encyclopedia (see my earlier
> posting!), can someone please look it up and tell me what action I should
> take to remove it from my computer.
>
> The virus report is as follows:
>
> <begins>
> Attention: <my email address>
>
>
> A virus was found in an Email message you sent.
> The Business Serve AuntyVirus scanner intercepted it and stopped the
entire
> message reaching its destination.
>
> The virus was reported to be:
>
> W32/Bagle-Zip
>
>
> Please update your virus scanner or contact your IT support
> personnel as soon as possible as you have a virus on your system.
>
>
> Your message was sent with the following envelope:
>
> MAIL FROM: <my email address>
> RCPT TO: <recipient's address>
>
> ... and with the following headers:
>
> ---
> MAILFROM: <my email address>
> Delivered-To: <recipient's address>
> Received: (qmail 29598 invoked from network); 17 Jun 2004 12:15:50 -0000
> Received: from unknown (HELO 40-f76a656a5af4.com) (80.40.78.57)
> by 0 with SMTP; 17 Jun 2004 12:15:50 -0000
> Date: Thu, 17 Jun 2004 13:14:34 +0000
> To: "Jill" <recipient's address>
> From: "Martin" <my email address>
> Subject: Re: Yahoo!
> Message-ID: <rzzqstdiocvmryaeshw@40plusrecruitmentfranchise.co. uk>
> MIME-Version: 1.0
> Content-Type: multipart/mixed;
> boundary="--------xaxnbzpdjoclzdwjffwa"
> X-Spam-Status: No, hits=2.9 required=5.0
> tests=HTML_30_40,HTML_IMAGE_ONLY_02,HTML_MESSAGE,M IME_HTML_ONLY
> version=2.53
> X-Spam-Level: **
> X-Spam-Checker-Version: Business Serve antiSPAM
> <ends>
>
>
>
Martin Underwood06-25-04, 12:20 PMsomething"Christine Moon" <christine@fojd.org.uk> wrote in message
news:40d1f0c0$0$284$cc9e4d1f@news-text.dial.pipex.com...
> The virus is on a third party computer and is spoofing your address, so
the
> recipient thinks the virus is coming from you.
Thanks. As I analysed the report a bit more closely, I did wonder whether it
might be a spoof because the friendly name (in double quotes) in the 'From:
"Martin" <my email address>' header was simply my first name, whereas any
emails that I send out myself have both my first and surnames and any virus
on my PC would probably either not have my real name or else would pick up
the full name from the Outlook Express configuration.
I'm glad you've confirmed that my PC is clean: I did another scan and also
downloaded the Bagle removal tool, both of which reported no virus - now I
know why!
Bullwinkel J. Moose06-25-04, 12:20 PMsomethingThis is the latest way to get a spam message out. I have friends who no
longer use email as a result of these time consuming interruptions of their
use of the computer. A shame that there are so many "people" out there who
work at destroying such a wonderful system.
--
Regards,
Werner
quincey.nyc@nospam.verizon.net
Remove "Nospam" when e-mailing
"Martin Underwood" <me@privacy.net> wrote in message
news:40d2c74a$0$8256$ed2619ec@ptn-nntp-reader01.plus.net...
> "Christine Moon" <christine@fojd.org.uk> wrote in message
> news:40d1f0c0$0$284$cc9e4d1f@news-text.dial.pipex.com...
> the
>
> Thanks. As I analysed the report a bit more closely, I did wonder whether
it
> might be a spoof because the friendly name (in double quotes) in the
'From:
> "Martin" <my email address>' header was simply my first name, whereas any
> emails that I send out myself have both my first and surnames and any
virus
> on my PC would probably either not have my real name or else would pick up
> the full name from the Outlook Express configuration.
>
> I'm glad you've confirmed that my PC is clean: I did another scan and also
> downloaded the Bagle removal tool, both of which reported no virus - now I
> know why!
>
>
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.707 / Virus Database: 463 - Release Date: 6/15/2004