PDA

Click to See Complete Forum and Search --> : Virus?? Help?? MAILER-DAEMON Undeliverable mail

fuzy
April 30th, 2002, 11:45 PM
I have been getting a ton of e-mails returned to me with "MAILER-DAEMON@mx12.cluster1.charter.net" in the from line. Things like "Undeliverable mail: A excite game" in the subject line. and the contents of the e-mail look like this....Failed to deliver to 'lildevilgurl31@hotmail.com'
SMTP module(domain hotmail.com) reports:
host mx07.hotmail.com says:
550 Requested action not taken: mailbox available

Received: from [24.158.170.150] (HELO Uxvbsqbr)
by mx12.cluster1.charter.net (CommuniGate Pro SMTP 3.5.9)
with SMTP id 5841189 for lildevilgurl31@hotmail.com; Sun, 28 Apr 2002 15:24:02 -0400
From: GordonL <GordonL@Kochind.com>
To: lildevilgurl31@hotmail.com
Subject: A excite game
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary=HSXQ5798wWe9ONj47RyQ072049PyinnW4
Date: Sun, 28 Apr 2002 15:24:03 -0400
Message-ID: <auto-000005841189@mx12.cluster1.charter.net>

I even have had a few come back that tell me this....
A Virus was found in an Email message you sent.
This Email scanner intercepted it and stopped the entire message
reaching it's destination.

The Virus was reported to be:

I-Worm.Klez.h

Please update your virus scanner or contact your I.T. support
personnel as soon as possible as you have a virus on your system.

So I went to both grisoft (avg anti-virus) which is the a/v I currently use and norton's web site and did the neccesary step to remove this virus but neither program found any viruses on my machine. I even went to the registry key they said to check myself, and found no such entries. I am still getting these e-mails. I am missing something here??? Anyone have any ideas??

Thanks
Fuzy

Amd 1800xp 512megs ddr ram and running winxp
Vette
May 1st, 2002, 12:00 AM
Yep....Sounds like you got the klez.h virus. I used housecall.antivirus.com on a clients computer today, and it found 345 infected files. He was getting a ton of the undeliverable mails also. There is a patch from Microsoft <a href="http://www.microsoft.com/technet/security/bulletin/MS01-020.asp" target="_blank">http://www.microsoft.com/technet/security/bulletin/MS01-020.asp</a>
that will fix the vunerability exploited by this worm. Symantec.com has a pretty good write up on this virus and a fix tool to kill it.
fuzy
May 1st, 2002, 12:08 AM
I already went to symantec and ran their tool but it found nothing. I also checked out the microsoft site you listed and found that it was for versions 5.01 and 5.5 but i am running 6.0
I am just stumped......
silencio
May 1st, 2002, 12:15 AM
Maybe the mailbox (550 Requested action not taken: mailbox available) was not receptive to your advance because you weren't wearing a condom.
Jeff the Brit
May 1st, 2002, 06:26 AM
Klez.h spoofs the email address. Your box may well be clean, but somebody else who has you in their address book may be sending out infected messages purporting to come from you. I get this happening to me a lot. Despite my best efforts and encouragement/preaching/dire warnings, some of my customers can't be bothered to keep their AV software up to date and their virus infested boxes are spamming all their contacts with worms carrying a sender name from the owner's address book.
Deity
May 1st, 2002, 09:35 AM
</font><blockquote><font size="1" face="Trebuchet MS, Verdana, Arial, Helvetica, sans-serif">quote:</font><hr /><font size="2" face="Trebuchet MS, Verdana, Arial, Helvetica, sans-serif">Originally posted by iateyourcat:
<strong>Maybe the mailbox (550 Requested action not taken: mailbox available) was not receptive to your advance because you weren't wearing a condom.</strong></font><hr /></blockquote><font size="2" face="Trebuchet MS, Verdana, Arial, Helvetica, sans-serif">LOL! :D

I would have to agree with Jeff here. I have a user who is getting the same type of return mails you are. I know the system is clean and just yesterday I got the first sign of Klez.h with the typical email arriving in her mailbox. It was clean with no sign of infection. It didn't even have an attachment on it. But I would have to assume that somebody who has her in their address book is infected and therefor sending spoofed messages. If it is one account/system that is having the problem, send a mass message to the address book explaining the situation and asking them to check for the Klez.H on their systems.