getting win32.Swen.A@mm attached emails..

jryoch
jryoch used Ask the Experts™
on
I've been getting worm(w32.Swen.A@mm)attached spam mails for the past 4days.
Some of them look like updates from Microsoft and most of them are returned
email using Inet, qmail that I never sent.
My Norton has caught and deleted them everytime it scans incoming emails and I fully scanned my system last night, but no infection.
I am not sure if the worm is already in my system and cloning itself internally or they are from somebody else?

Another strange thing that has happened is my computer turned off itself and
restarted again when the cable modem lost all signals and got back on.
Actually my cable modem has been activated my computer for a long time.  I
cannot shut my machine down without disconnecting the modem.  

Could  you tell me what my computer is doing?
Thanks.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Top Expert 2004

Commented:
Jryoch,

Go to this link and do all the removal instructions

http://securityresponse.symantec.com/avcenter/venc/data/w32.swen.a@mm.html

Sunray
Top Expert 2004
Commented:
Also check for MS blaster worm cos it affects the system whenever you connect to internet

It results in the automatic shutdown of the system

http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.html

Sunray
Commented:
> I am not sure if the worm is already in my system and cloning itself internally or they are from somebody else?
Your AV software reported that your computer is clean and most emails were returned as undeliverable: The worm has not infected your computer until now. Some other computer was infected were your mail address was stored. The worm has selected your mail address (it spoofes the sender) on this computer to send out itself - and now all the mails that were sent to invalid mail addresses do return to your mail account.

About the restarting of your computer: If your operating system is Windows XP / Server 2003 then it might be a symptom of Blaster attacks (or its variants) against your computer (as mentioned above). But only while your computer is connected to the internet. You should install the latest RPC patch (http://www.microsoft.com/technet/security/bulletin/MS03-039.asp) to prevent this vulnerability being exploited. But restarting the computer when cable modem connection is established is not a symptom for this kind of virus. This sounds like a driver problem. I would try to install the latest version for your cable modem.
nader alkahtaniInformation security consultant
Commented:

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial