Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
multiple copies of email - what virus? 2
- Thread starter silvere
- Start date
what pc setup / what email client / what email server / do you have admin access to the email server?
the easiest way is to identify the sender's IP address (look at the email's header) and block this IP on the mail server.
<marc> i wonder what will happen if i press this...![[pc]](/data/assets/smilies/pc.gif "[pc] [pc]")
[ul][li]please give feedback on what works / what doesn't[/li][li]need some help? how to get a better answer: faq581-3339[/li][/ul]
the easiest way is to identify the sender's IP address (look at the email's header) and block this IP on the mail server.
<marc> i wonder what will happen if i press this...
[ul][li]please give feedback on what works / what doesn't[/li][li]need some help? how to get a better answer: faq581-3339[/li][/ul]- Thread starter
- #4
I would suspect either spam or SoBig-F. Also find out if there are attachments to these e-mails.
James P. Cottingham
When a man sits with a pretty girl for an hour, it seems like a minute. But let him sit on a hot stove for a minute and it's longer than any hour. That's relativity.
[tab][tab]Albert Einstein explaining his Theory of Relativity to a group of journalists.
James P. Cottingham
When a man sits with a pretty girl for an hour, it seems like a minute. But let him sit on a hot stove for a minute and it's longer than any hour. That's relativity.
[tab][tab]Albert Einstein explaining his Theory of Relativity to a group of journalists.
- Thread starter
- #6
I checked his email from our webmail and still has the messages there, so it must not be a virus. He has 146 emails in his inbox now...so that's within the past 24 hours. They are all from different addys just the all say "Please see the attached file for details" and have an attachment with a .pif extension. Does this help narrow the problem down?
-
1
- #7
It's most likely a virus. 2ffat may be right about SoBig-F, but the subject is close but not quite right. See
Silvere,
He is getting copies of the Sobig virus sent to him. When a PC is infected the virus will send out e-mails to an address found on the infected machine. It will also use a different e-mail address from the infected machine in the emails from field. That should explain why he doesn't recognize the name that the mail is from. The mail from somebody that has both his email address and the email address of the fake sender on his computer. Have him delete all the mail like that and make sure that you do a thorough virus check on his machine.
He is getting copies of the Sobig virus sent to him. When a PC is infected the virus will send out e-mails to an address found on the infected machine. It will also use a different e-mail address from the infected machine in the emails from field. That should explain why he doesn't recognize the name that the mail is from. The mail from somebody that has both his email address and the email address of the fake sender on his computer. Have him delete all the mail like that and make sure that you do a thorough virus check on his machine.
- Thread starter
- #9
I've had him run the sobig tool from symantec and another one and didn't detect anything. but he's still getting tons of emails with a .pif attachment. I've tried going into safe mode turning off system restore run nortons with latest definations and still no luck. the subject headings are all the same as posted on symantecs webpage for the sobig virus. any suggestions.
-
1
- #10
It is not his problem. It is somebody else that has his address that is infected.
You might have a chance if you print one of the messages and trace back the address to an ISP. Or change the preferences to show the headers.
In the meantime, grin and bear it.
Ed Fair
Any advice I give is my best judgement based on my interpretation of the facts you supply. Help increase my knowledge by providing some feedback, good or bad, on any advice I have given.
You might have a chance if you print one of the messages and trace back the address to an ISP. Or change the preferences to show the headers.
In the meantime, grin and bear it.
Ed Fair
Any advice I give is my best judgement based on my interpretation of the facts you supply. Help increase my knowledge by providing some feedback, good or bad, on any advice I have given.
As wbg34 and edfair say, he will get tons of e-mail like this until the sender's system is cleaned up.
In the meantime, depending on the mail client, your co-worker should be able to create a mail rule to delete the messages of the server withought even downloading them. Create a rule to delete any of these subjects:
Your details
Thank you!
Re: Thank you!
Re: Details
Re: Re: My details
Re: Approved
Re: Your application
Re: Wicked screensaver
Re: That movie
In the meantime, depending on the mail client, your co-worker should be able to create a mail rule to delete the messages of the server withought even downloading them. Create a rule to delete any of these subjects:
Your details
Thank you!
Re: Thank you!
Re: Details
Re: Re: My details
Re: Approved
Re: Your application
Re: Wicked screensaver
Re: That movie
- Status