Virus??

wcox

CGF II, Certified Grumble Framer Level 2
Joined
Jun 15, 1999
Posts
422
From
Winter Park, Florida
What does the following Email that I have been getting alot of mean??. Does it mean I got the virus and send it out or what. I have Nortons virus protector.


++++++++++++++++++++++++++++++++++++++
VIRUS BLOCKER MESSAGE STATUS
++++++++++++++++++++++++++++++++++++++

+ Virus successfully cleaned out of attachment(s):
No attachments are in this category.

+ Attachment(s) deleted due to virus:
1. Unknown000006CD.data/Music_MP3.scr: W32.Beagle.AG@mm


+++++++++++++++++++
Powered by Symantec
+++++++++++++++++++

------------ Original message text follows ------------


This is the Mail program at host mail.jyvastek.fi.

I'm sorry to have to inform you that the message returned
below could not be delivered to one or more destinations.

For further assistance, please send mail to <postmaster>

If you do so, please include this problem report. You can
delete your own text from the message returned below.

The Mail program

<sctLg@jyvastek.fi>: host gwise.jyvastek.fi[10.182.1.254] said: 550 No such
recipient (in reply to RCPT TO command)
 

Mike Labbe

Administrator
Forum Support Team
Forum Donor
Joined
Jun 25, 2002
Posts
18,229
From
Lincoln, RI
Business
Get The Picture
Most likely it's a faked/spoofed email, intended to look like it was sent out by you and returned as undeliverable.

Here are the details of what this one does: http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.ag@mm.html (discovered July 19, 2004)

"W32.Beagle.AG@mm is a mass-mailing worm that uses its own SMTP engine to spread through email and opens a backdoor on TCP port 1080. "

</font>
  • Sends email to the addresses collected from an infected computer.</font>
  • Terminates processes associated with various security-related programs. Allows unauthorized remote access to a compromised host.</font>
  • Attachment will be one of: Cat, Cool_MP3, Dog, Doll, Fish, Garry, MP3, Music_MP3, New_MP3_Player (w/extension of EXE, SCR, COM, CPL, ZIP)</font>
As long as you're sure that your Antivirus Definitions files are dated 7/20/2004 or later, and that you see the a/v program icon down on the taskbar, you should be all set.

I received dozens of these last week, myself, from someone that had PPFA or HH email addresses in their contact list. They since stopped, so I assume the person removed the infection. (Marietta, GA local area)

What a waste of talent. If only these virus authors would put their skills towards something productive. I hear Microsoft could use some help


Mike
 
Top