I am geting at least 50 emails per day containing the W32.Swen@mm virus. Either they cliam to be updates from Microsoft or "returned mail". So far, my Norton Anti virus has caught and deleted all of them. However, it is slowing everything down just receiving, scanning and deleting the viruses. I know the return addresses are no good, but is there some way to trace these back from the message header? I am sure that someone I know has this on their computer and may not even know it. I sent an email to Symantec last week asking about this but never got any answer. Thanks.
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
How to trace W32.Swen@mm virus
- Thread starter cdharris
- Start date
I haven't actually looked at the header info for this one, but many of the virii that spoof the from line will still contain the originating mail server in the header. That's about the best you can do. In the the header info, look for the first 'Received: from somserver.somedomain.mail.com' or whatever.
- Thread starter
- #3
I checked over 50 of these messages and the first "Received from" in the detailed header is either "mtac3.prodigy.net (151.164.30.67)" or "mtac1.prodigy.net (151.164.30.65)". Does this mean the PC that is sending me these has a Prodigy email address? Are these all probably from the same person, even though the "Received from" is slightly different? Thanks for any help.
- Thread starter
- #5
KimberTech
MIS
I would hope that all ISPs are well aware of the problems this is causing and are taking measures to try to counteract via filtering etc.
I would call YOUR ISP and see if they are doing anything about it. I know it is bogging down mail servers all over, and crashing one local one that I know of.
Also, are you able to configure your email client to not download or delete from the server certain subject lines etc?
This has helped some of my clients get out from under.
Good luck.
Members of Tek-Tips provide answers to questions based on the information given. For the best answers, post detailed descriptions of the issue. Use the search features of the site to see if your issue was previously addressed in a thread or FAQ.
I would call YOUR ISP and see if they are doing anything about it. I know it is bogging down mail servers all over, and crashing one local one that I know of.
Also, are you able to configure your email client to not download or delete from the server certain subject lines etc?
This has helped some of my clients get out from under.
Good luck.
Members of Tek-Tips provide answers to questions based on the information given. For the best answers, post detailed descriptions of the issue. Use the search features of the site to see if your issue was previously addressed in a thread or FAQ.
- Thread starter
- #7
Turns out that Prodigy was bought out by SBCGlobal.net, the same ISP I have 2 DSL accounts with so I emailed them and asked for help. However, more than 24 hours later, no reply. I have never been very impressed with the customer service at SBCGlobal.net (formerly SWBell.Net). However, I would think this is causing them problems and that they would want to put a stop to it.
- Status
Similar threads
- Locked
- Question