Is this a virus? What do I do?

A user on my network, who had been on vacation, reported to me this morning that there was an NDR in her email inbox. She didn't send the mail, I'm not sure what to do....here's what she got....please advise.

From:       System Administrator  
Sent:      Sunday, May 15, 2005 11:59 PM
To:      josecastro@prudentialcaliforniarealty.com; kathys@prudentialcaliforniarealty.com; michelle@prudentialcaliforniarealty.com; RichardBrooks@prudentialcaliforniarealty.com
Subject:      Undeliverable:Undeliverable mail: Paranoider Deutschenmoerder kommt in Psychiatrie

Your message did not reach some or all of the intended recipients.

      Subject:      Paranoider Deutschenmoerder kommt in Psychiatrie
      Sent:      5/15/2005 11:43 PM

The following recipient(s) could not be reached:

      josecastro@prudentialcaliforniarealty.com on 5/15/2005 11:52 PM
            The e-mail system was unable to deliver the message, but did not report a specific reason.  Check the address and try again.  If it still fails, contact your system administrator.
            < server45.appriver.com #5.0.0>

      kathys@prudentialcaliforniarealty.com on 5/15/2005 11:52 PM
            The e-mail system was unable to deliver the message, but did not report a specific reason.  Check the address and try again.  If it still fails, contact your system administrator.
            < server45.appriver.com #5.0.0>

      michelle@prudentialcaliforniarealty.com on 5/15/2005 11:52 PM
            The e-mail system was unable to deliver the message, but did not report a specific reason.  Check the address and try again.  If it still fails, contact your system administrator.
            < server45.appriver.com #5.0.0>

      RichardBrooks@prudentialcaliforniarealty.com on 5/15/2005 11:52 PM
            The e-mail system was unable to deliver the message, but did not report a specific reason.  Check the address and try again.  If it still fails, contact your system administrator.
            < server45.appriver.com #5.0.0>
LVL 6
neomage23Asked:
Who is Participating?
 
Lee W, MVPConnect With a Mentor Technology and Business Process AdvisorCommented:
If they don't know these people, then it's probably someone who had the user in their address book and got a virus.  The virus picked a name at random (your users), then sent itself to everyone it could find.  Some addresses were no longer valid and since the sender was supposedly your user, your user received the bounce notices.  If there's a file attachment, do not open it.  Otherwise, just delete it.  And always be safe by runnning current, updated antivirus.
0
 
kabed2003Commented:
try to view the log in your email server to verify if there is a suspect email activity. View also the MIME header of the email to view the origin of the message.
0
 
ASADRAHMEDCommented:
Probably best to check all pcs on your network.

Ensure Latest AV is installed.
Run a Full Scan.

Also check all processes running.
I sometimes like to use the symantec online security check or trend micro's house call to check pcs. Even if my AV is installed and upto date.
0
 
neomage23Author Commented:
Thanks leew...that makes perfect sense. wish there was something I could do to prevent crap like this, but in this situation it seems to be the failure of some other system admin to protect his/her network.

Full points...A grade. Thank you for the quick response.
0
 
computerfixinsCommented:
the german subject translates to " Paranoid German murderer comes into psychiatry " more or less....

Which means someone with your adress's has the Trojan.Ascetic.C, probaly the user that got the NDR's, although it uses its own smtp server...

go here for removal

http://securityresponse.symantec.com/avcenter/venc/data/w32.sober.p@mm.html
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.