[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 296
  • Last Modified:

So where is Netsky?

I keep getting msgs from unkown addresses telling me they did not accept my message because it was infected with netsky.

I have up to date antivirus software in every desktop and server, I have searched trough the registry for know keys created by netsky, and I ran netsky removal tool from Symantec in every computer. Nothing.

Still I get e-mails again and again with the same msgs.

Where else can I go to remove it?
0
VanAlex
Asked:
VanAlex
  • 2
  • 2
1 Solution
 
kristinawCommented:
Van,

These viruses will spoof the From address in the emails they send out. Sometimes the address it spoofs happens to be a real address, such as postmaster@yourdomain.com, or whatever. That means you conveniently get the reply or NDR from the recipient of the message.

Read here for more details:

http://asia.cnet.com/itmanager/netadmin/0,39006400,39170938,00.htm

hth,
Kris.
0
 
VanAlexAuthor Commented:
Here is an example of the msgs I receive at least once a day.

Since I have my own may server registered let's say to "company.com", I believe the problem is here, but I've scanned with every virus removal tool my servers and my workstations, and still they don't detect anything.

____________________________________________________
Our viruschecker found the

      Worm.SomeFool.Gen-1

virus in your email to the following recipient:

-> <info.ibl-haustechnik.de@secureland.de>

Delivery of the email was stopped!

Please check your system for viruses,
or ask your system administrator to do so.


For your reference, here are the SMTP envelope originator and headers from your email:

From <2201a8c0@company.com>
------------------------- BEGIN HEADERS -----------------------------
Received: from ibl-haustechnik.de (pD9FF78A3.dip.t-dialin.net [217.255.120.163])
      by login260.webprovider.net (8.12.11/8.11.6) with ESMTP id i45ChZwj036062
      for <info@ibl-haustechnik.de>; Wed, 5 May 2004 14:43:39 +0200 (CEST)
Message-Id: <200405051243.i45ChZwj036062@login260.webprovider.net>
From: 2201a8c0@company.com
To: info@ibl-haustechnik.de
Subject: Re: Your text
Date: Wed, 5 May 2004 14:59:45 +0200
MIME-Version: 1.0
Content-Type: multipart/mixed;
      boundary="----=_NextPart_000_0007_00005A2E.00000ECF"
X-Priority: 3
X-MSMail-Priority: Normal
-------------------------- END HEADERS ------------------------------
_________________________________________________________
0
 
kristinawCommented:
I get these types of messages too, unfortunatley. Even though I'm 100% sure we're not sending out any virus infected messages. Spoofing.

kris.
0
 
VanAlexAuthor Commented:
So I imagine there is nothing that I can do about it unless watching my business image being hurt by this?
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now