Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

So where is Netsky?

Posted on 2004-03-30
5
Medium Priority
?
289 Views
Last Modified: 2010-03-05
I keep getting msgs from unkown addresses telling me they did not accept my message because it was infected with netsky.

I have up to date antivirus software in every desktop and server, I have searched trough the registry for know keys created by netsky, and I ran netsky removal tool from Symantec in every computer. Nothing.

Still I get e-mails again and again with the same msgs.

Where else can I go to remove it?
0
Comment
Question by:VanAlex
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 22

Accepted Solution

by:
kristinaw earned 800 total points
ID: 10714875
Van,

These viruses will spoof the From address in the emails they send out. Sometimes the address it spoofs happens to be a real address, such as postmaster@yourdomain.com, or whatever. That means you conveniently get the reply or NDR from the recipient of the message.

Read here for more details:

http://asia.cnet.com/itmanager/netadmin/0,39006400,39170938,00.htm

hth,
Kris.
0
 

Author Comment

by:VanAlex
ID: 11003323
Here is an example of the msgs I receive at least once a day.

Since I have my own may server registered let's say to "company.com", I believe the problem is here, but I've scanned with every virus removal tool my servers and my workstations, and still they don't detect anything.

____________________________________________________
Our viruschecker found the

      Worm.SomeFool.Gen-1

virus in your email to the following recipient:

-> <info.ibl-haustechnik.de@secureland.de>

Delivery of the email was stopped!

Please check your system for viruses,
or ask your system administrator to do so.


For your reference, here are the SMTP envelope originator and headers from your email:

From <2201a8c0@company.com>
------------------------- BEGIN HEADERS -----------------------------
Received: from ibl-haustechnik.de (pD9FF78A3.dip.t-dialin.net [217.255.120.163])
      by login260.webprovider.net (8.12.11/8.11.6) with ESMTP id i45ChZwj036062
      for <info@ibl-haustechnik.de>; Wed, 5 May 2004 14:43:39 +0200 (CEST)
Message-Id: <200405051243.i45ChZwj036062@login260.webprovider.net>
From: 2201a8c0@company.com
To: info@ibl-haustechnik.de
Subject: Re: Your text
Date: Wed, 5 May 2004 14:59:45 +0200
MIME-Version: 1.0
Content-Type: multipart/mixed;
      boundary="----=_NextPart_000_0007_00005A2E.00000ECF"
X-Priority: 3
X-MSMail-Priority: Normal
-------------------------- END HEADERS ------------------------------
_________________________________________________________
0
 
LVL 22

Expert Comment

by:kristinaw
ID: 11005039
I get these types of messages too, unfortunatley. Even though I'm 100% sure we're not sending out any virus infected messages. Spoofing.

kris.
0
 

Author Comment

by:VanAlex
ID: 11005165
So I imagine there is nothing that I can do about it unless watching my business image being hurt by this?
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are times when we need to generate a report on the inbox rules, where users have set up forwarding externally in their mailbox. In this article, I will be sharing a script I wrote to generate the report in CSV format.
As much as Microsoft wants to kill off PST file support, just as they tried to do with public folders, there are still times when it is useful or downright necessary to export Exchange mailboxes to PST files. Thankfully, it is still possible to e…
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
This video discusses moving either the default database or any database to a new volume.
Suggested Courses

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question