Exploit virus

iptrader used Ask the Experts™
I am receiving a virus through Outlook Express (Exploit something or other), on my home PC.  I went to Symantec and downloaded their tool, and it did not find the virus on my machine.  I delete these e-mails as soon as they come in.  Basically, they are in the form of "Latest Upgrade From Microsoft" or something of this nature.  The problem is, I'm receiving about 100 per DAY, and it is getting REALLY annoying.  Other than taking down Outlook Express, what can be done to stop this?

Thanks in advance,


PS.  I'm running Windows XP Professional, and get DSL service through SBC Yahoo.
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Top Expert 2004

You cannot do anything cos it will be coming from the address book or contact list of your friends or colleagues who are having
your email address ..

One thing you can do is to set filter rule so that they get deleted '

Top Expert 2004

Information about that


If you had already known about this it is good

Check to see you have got the latest windows patches, update your virus definitions of Anti-virus program
install a good firewall like Zonealarm ..

Also download and install Spyware removal tools like Spybot and Ad-aware and Trojan remover and run them regularly ..

Also update those definitions aswell

Ignore the above.

There is no idication of any problem with your PC. The problem is with the PCs of others. They are the ones sending you their spam and junkware, whatever it is.

You inbox simply receives what is sent to you. There is no protection from that, other than for all of us to start using better judgement.  This can happen to anyone's inbox, it is independent of OE.

Now if you are sending these as well, that is going to be a problem. Don't let me catch you forwarding all of these to me.

One choice could be to switch ISPs. Good ones like AOL will filter out the more prominent spammers so it never goes to your inbox, they will track down spammers and take them to court.

So, maybe the best answer is, to get into direct contact with your eMail provider, and tell them to cut this out, that they should know by now that none of us wants this on the network, and that it is also using up a lof of their bandwidth. Tell them to clean up or you'll move on.
Become a CompTIA Certified Healthcare IT Tech

This course will help prep you to earn the CompTIA Healthcare IT Technician certification showing that you have the knowledge and skills needed to succeed in installing, managing, and troubleshooting IT systems in medical and clinical settings.

There are several ways to put an end to this and you probably know most of them.

(1) Do not ever respond to spam. This is only an attempt to get unwarranted attention. If no one ever gives it attention, it'll go away.

(2) Tell those you know that they should also "behave" likewise. Friends, family, coworkers ... advise them all to behave. There are other channels for obtaining anything the spammers offer.

(3) This includes forwarding of the "panic" memos. There is no reason to accept an unsolicited email that has no signature from anyone you have not personally dealt with before - to hurry and delete files (that may be critical). Take time to think.

(4) For this specific memo, patching your system, this is something everyone should do as a normal course. The popularity of expoits is due to people leaving their systems unpatched for months. There is a way to patch. If we were all using it, then no one would ever heed the memo. Then item #1 above would apply. With no one giving credence to the memo, it would never be sent. This is both education, knowing your system, and acting on what you know, patching it.

(5) Use a system that does not have all these vulnerabilities and needs for continual patches that require one to revist a vendor's home page for that and other advertisemens.

(6) Require your supplier to provide the stable system. This should not require any manual effort on your part, it should remain stable without need for you to intervene.

(7) Use an Internet service provider that handles the popular spams for you, not some company who does not care. Demand added value from ISP.  One example is AOL, who puts a big block on the proliferation of such memos, and also goes after the ones proliferating them with laesuits. Probably Verizon does this as well.

(8) Hire an effective administrator, and provide them with the authority and resources, including financial, to address these and other security, bandwidth, misinformation, and malware issues.

"If you are on a corporate network ... the administrator would be able to filter those messages."

Heed what ghana has said, act and make it so.  Sometimes it is the squaky wheel that gets the attention to get something done.

(9) Observe privacy protection needs. Do not be saving up everyone's email address you have ever come across. By the same token, do not allow others to save yours. Educate yourselves, and defend your right to privacy.  Do not send your email address to everyone who wants to collect it. for these things are also called harvesters. To proliferate, they collect the email IDs that they can find, and then try to use them anonymously.

(10) Do not allow such anonymous memos, and relaying of unauthenticated messages.

(11) Stay off the internet if you do not care to behave, or fear the behavior of others

(12) Do not permit internet to be privatized, privately owned.


I could go on. This is about our having been permitted to access a free service (internet itself) where people are trustworthy and behave. It is for adults, whatever the age. Probably the best answer for short term is my #8 or 7. But do work at least some of the others.

"Could it be that there is something inbedded in my registry that I can get delete so these messages stop? "

(a) No. The messages are coming from source outside your system. Registry is inside your system.

(b) No. Registry is not a place for easy use by the illiterate.  One should never have to do such a thing to a GUI based system merely to have it behave normal.

" I know that Microsoft does not send emails"

(c) You are incorrect. But you are probably quoting some reporter. Microsoft sends emails, but not containing the patch. One reason is bandwidth, and spam, and another is that there are different patches for different platform configurations. Also, they acknowledge that upgrades are often best done when users have the time to do the whole upgrade, which may include rebooting and potential loss of work, as well as the user's need to control a personal testing period to validate that there is an improvement and not something wrong with the product. But if you want to be proactive, and have the talent to edit resistry settings, etc. then sign up for their notification service and find out about the vulnerabilites and critical updates before the reporters can tell you (quoting):

Get Notified Right Away of Important Security Updates, October 7, 2003

"To help you maintain a safe computing environment, Microsoft offers e-mail alerts that notify you when we release an important security bulletin or virus alert, or when you might need to take action to guard against a circulating threat. Geared toward home users and small businesses, the Microsoft® Security Update explains the situation in nontechnical terms, lists which products are affected, and provides a link to the full announcement on the Security and Privacy Web site.

Sign up now for Microsoft Security Update e-mail alerts"

See also:

How to Tell If a Microsoft Security-Related Message Is Genuine, September 19, 2003
(confession: For context, I just plagiarized all that from my own comments in a nearly identical question in another TA. After posting the paste, I noticed a couple of responses were to assumptions and questions of the other asker. Sorry about that)
and in a fit of generosity, here is the comment labeled as best answer for the other 500:

"Mailwasher and Spambully have a feature that allows to bounce spam mails. That means the sender get's an answer that the address doesn't exist. This might help to get at least out of some spam lists."
If you isp provides you with more than one mail-box switch to a new one.
Or if not call your ISP and request a new userid.
Or switch ISP.
Or get a free e-mail account from say Yahoo. If your problem ever occurs again, get a new account with Yahoo, if that's your pick. Also, this approach makes you less dependent on your current ISP - the ISP doesn't meet your expectations, see yah...

After you have got yourself a new e-mail address, notify the people that you want to have your address. Yes, that's a bit of a tedious work, but so is getting 100 e-mail's a day. And, the current situation might very well escalate.

Cheers, Bjorn  

MarkLead Sales Engineer - Public Sector
Alas, there is little you can do to "fix" the problem except get a new e-mail address.

As for the e-mails you are getting: the suggestions above are all good. I don't think I have anything new to offer here except a condensed version of everything.

1) Set up a rule to move these messages automatically to trash. Better yet, permanently delete them automatically.
2) Get a good anti-virus software package installed on your system. I have used AntiVir (http://www.free-av.com) with reasonable results. Other products like Symantec can integrate directly into your e-mail programs as well.
3) Never open an e-mail from someone you don't know.
4) Turn off preview pane viewing of e-mail to prevent certain scripted viruses/worms from running while you are trying to select the message to delete it.
5) Never respond to SPAM. Don't reply, don't follow links in the messages, don't open the messages, and DON'T VIEW THEM IN PREVIEW PANE! What many people don't realize is that some SPAM has scripting in it that will automatically generate an http request to a certain site. This request contains your e-mail address in the URL. They use this method to validate your address and sell your address to marketers. Opening and previewing messages are two good ways to tell the SPAMmers that they've got a good address and they should continue to use it.


thanks for all of the replies!



Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial