[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Is this a virus? What do I do?

Posted on 2005-05-17
5
Medium Priority
?
904 Views
Last Modified: 2012-06-27
A user on my network, who had been on vacation, reported to me this morning that there was an NDR in her email inbox. She didn't send the mail, I'm not sure what to do....here's what she got....please advise.

From:       System Administrator  
Sent:      Sunday, May 15, 2005 11:59 PM
To:      josecastro@prudentialcaliforniarealty.com; kathys@prudentialcaliforniarealty.com; michelle@prudentialcaliforniarealty.com; RichardBrooks@prudentialcaliforniarealty.com
Subject:      Undeliverable:Undeliverable mail: Paranoider Deutschenmoerder kommt in Psychiatrie

Your message did not reach some or all of the intended recipients.

      Subject:      Paranoider Deutschenmoerder kommt in Psychiatrie
      Sent:      5/15/2005 11:43 PM

The following recipient(s) could not be reached:

      josecastro@prudentialcaliforniarealty.com on 5/15/2005 11:52 PM
            The e-mail system was unable to deliver the message, but did not report a specific reason.  Check the address and try again.  If it still fails, contact your system administrator.
            < server45.appriver.com #5.0.0>

      kathys@prudentialcaliforniarealty.com on 5/15/2005 11:52 PM
            The e-mail system was unable to deliver the message, but did not report a specific reason.  Check the address and try again.  If it still fails, contact your system administrator.
            < server45.appriver.com #5.0.0>

      michelle@prudentialcaliforniarealty.com on 5/15/2005 11:52 PM
            The e-mail system was unable to deliver the message, but did not report a specific reason.  Check the address and try again.  If it still fails, contact your system administrator.
            < server45.appriver.com #5.0.0>

      RichardBrooks@prudentialcaliforniarealty.com on 5/15/2005 11:52 PM
            The e-mail system was unable to deliver the message, but did not report a specific reason.  Check the address and try again.  If it still fails, contact your system administrator.
            < server45.appriver.com #5.0.0>
0
Comment
Question by:neomage23
5 Comments
 
LVL 97

Accepted Solution

by:
Lee W, MVP earned 2000 total points
ID: 14019974
If they don't know these people, then it's probably someone who had the user in their address book and got a virus.  The virus picked a name at random (your users), then sent itself to everyone it could find.  Some addresses were no longer valid and since the sender was supposedly your user, your user received the bounce notices.  If there's a file attachment, do not open it.  Otherwise, just delete it.  And always be safe by runnning current, updated antivirus.
0
 

Expert Comment

by:kabed2003
ID: 14020140
try to view the log in your email server to verify if there is a suspect email activity. View also the MIME header of the email to view the origin of the message.
0
 
LVL 1

Expert Comment

by:ASADRAHMED
ID: 14020162
Probably best to check all pcs on your network.

Ensure Latest AV is installed.
Run a Full Scan.

Also check all processes running.
I sometimes like to use the symantec online security check or trend micro's house call to check pcs. Even if my AV is installed and upto date.
0
 
LVL 6

Author Comment

by:neomage23
ID: 14020200
Thanks leew...that makes perfect sense. wish there was something I could do to prevent crap like this, but in this situation it seems to be the failure of some other system admin to protect his/her network.

Full points...A grade. Thank you for the quick response.
0
 
LVL 7

Expert Comment

by:computerfixins
ID: 14020210
the german subject translates to " Paranoid German murderer comes into psychiatry " more or less....

Which means someone with your adress's has the Trojan.Ascetic.C, probaly the user that got the NDR's, although it uses its own smtp server...

go here for removal

http://securityresponse.symantec.com/avcenter/venc/data/w32.sober.p@mm.html
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Tech spooks aren't just for those who are tech savvy, it also happens to those of us running a business. Check out the top tech spooks for business owners.
Experts Exchange expands question security options for members.
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…
Suggested Courses

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question