Virus or no???

Ok, I need to know if I have a virus or not. I keep getting things such as the following:


he original message was received at Sat, 17 Apr 2004 20:50:16 -0400 (EDT) from la-agents.farmersagent.com [12.151.176.10]



*** ATTENTION ***

Your e-mail is being returned to you because there was a problem with its delivery. The address which was undeliverable is listed in the section

labeled: "----- The following addresses had permanent fatal errors -----".

The reason your mail is being returned to you is listed in the section

labeled: "----- Transcript of Session Follows -----".

The line beginning with "<<<" describes the specific reason your e-mail could not be delivered. The next line contains a second error message which is a general translation for other e-mail servers.

Please direct further questions regarding this message to your e-mail administrator.

--AOL Postmaster





----- The following addresses had permanent fatal errors ----- <oppstop@aol.com>

----- Transcript of session follows -----

... while talking to air-ye04.mail.aol.com.:

>>> RCPT To:<oppstop@aol.com>

<<< 550 MAILBOX NOT FOUND

550 <oppstop@aol.com>... User unknown



AND This email with the subject title of : Virus (W32/Netsky-J) IN MAIL FROM YOU

VIRUS ALERT

Our content checker found

virus: W32/Netsky-J

in your email to the following recipient:

-> pow913@dwx.com

Please check your system for viruses,

or ask your system administrator to do so.

Delivery of the email was stopped!



For your reference, here are headers from your email:

------------------------- BEGIN HEADERS -----------------------------

Return-Path: <mickiebaca@cableone.net>

Received: from dwx.com (LA-Agents.farmersagent.com [12.151.176.10])

by mailrelay.dwx.com (Postfix) with ESMTP id 824F1208052

for <pow913@dwx.com>; Fri, 16 Apr 2004 10:16:22 -0500 (CDT)

From: mickiebaca@cableone.net

To: pow913@dwx.com

Subject: Re: Your website

Date: Fri, 16 Apr 2004 08:16:58 -0700

MIME-Version: 1.0

Content-Type: multipart/mixed;

boundary="----=_NextPart_000_0008_0000135D.00007D06"

X-Priority: 3

X-MSMail-Priority: Normal

Message-Id: <20040416151622.824F1208052@mailrelay.dwx.com>

-------------------------- END HEADERS ------------------------------


Problem is, I have not sent any emails recently. And definetly not to either two of these addresses. However, I have scanned my computer online with Mcafee, Symantec, Trend and Panda and they all say that my computer is clean. So what is up with these emails? Anyone have a clue???

 

As I said, I have done the online virus scans from Mcafee, symantec, panda, and trend. Also my antivirus is updated every day. But if none of these products can find what it is, what am I supposed to do? Because one of the emails was from someone who said that I sent them an email with the Netsky-J virus in it. But no virus has been found on my computer. I realize that the virus sends out emails all by itself. But how am I supposed to get rid of it if I can't find it????

 

Most likely its a virus attempting to spread by generating fake undeliverable messages. They spoof e-mail TO and FROM random e-mail addy's that have been harvested from the infected computer (ie. someone who has/had your e-mail address on their computer is infected, and now you may be too). Update your virus defintions and run a check!

 

My ISP is Cable One. I have a cable modem, etc. The ISP's program is what I use to send email. I have had several emails from Cable One stating that it discovered the Netsky virus attached to several emails sent to me and that it removed the entire email before it was delivered into my inbox. I am starting to wonder if the virus might be on the Cable One server? Could that happen? I have looked through my registry for the entries that Mcafee and Symantec say should be there if I have the Netsky-J virus, but I haven't found anything. I did run the stinger program from Mcafee, but it found nothing. I am at a loss. What concerns me is that I had my computer crash (blue screen and all) about 3 days ago. When I rebooted, I tried to run NAV, and the program told me that I needed to uninstall and reinstall NAV because the product code had been altered. However, then the computer crashed again and on reboot, NAV worked fine. I think my computer is trying to give me a nervous breakdown. Also, it seems like my mouse is acting funny. It moves to the corners of the screen when I try to use it (not always, but enough to bug me). Any ideas?

 

Do you have and use Adware-Spybot-
http://www.majorgeeks.com/download506.html
http://www.majorgeeks.com/download2471.html

 

I have spybot and adaware, have run both, nothing. And no, I only have norton on the computer. I went to Mcafee website and ran the online scan. I went to norton and ran the online virus scan and the security scan. Did the same at Trend's and Panda's website. As for the mouse thing possibly being a trojan, Panda and Trend did not find anything either. The only thing that confuses me about maybe being on someone's mailing list is that how I sent the email with the virus to someone, when I didn't! Wouldn't something have to be on my computer?? The only reason I started investigating this whole thing is because I got an email from someone that said their scanner detected a virus attached to an email I sent them. But I can't find anything on my computer that would suggest that I do have the Netsky virus.

 

How do I do that Nemesis? I want to try that!

 

Ok....that makes me feel better. I was starting to think that I had some kind of new virus or something that no one knew about! Thanks for your help guys...maybe now I can sleep You just gotta love this web site

 

There is no properties option when I right click on the email. I downloaded the email from my cableone mailbox into Outlook. But no properties there either.

 

hold up.....options brought up the following:


Received: from psmtp.com ([12.158.36.88]) by mxmail2.cableone.net with Microsoft SMTPSVC(5.5.1877.687.68);
Fri, 16 Apr 2004 08:12:51 -0700
Received: from source ([207.206.203.32]) by exprod6mx104.postini.com ([12.158.35.251]) with SMTP;
Fri, 16 Apr 2004 11:17:13 EDT
Received: from localhost (mailrelay.dwx.com [127.0.0.1])
by mailrelay.dwx.com (Postfix) with ESMTP id 7F4F32081D3
for ME (edit) ; Fri, 16 Apr 2004 10:16:46 -0500 (CDT)
MIME-Version: 1.0
Subject: VIRUS (W32/Netsky-J) IN MAIL FROM YOU
In-Reply-To: <20040416151622.824F1208052@mailrelay.dwx.com>
Message-Id: <VS24769-01@mailrelay.dwx.com>
Content-Type: multipart/report; report-type=delivery-status;
boundary="----------=_1082128606-24769-1"
From: amavisd-new <postmaster@mailrelay.dwx.com>
To: ME (edit)
Date: Fri, 16 Apr 2004 10:16:46 -0500 (CDT)
Return-Path: <>
X-NAS-Bayes: #0: 6.93998E-047; #1: 1
X-NAS-Classification: 0
X-NAS-MessageID: 2616
X-NAS-Validation: {7A8281CD-11FF-47F8-A7D0-791BC157F083}

 

The mail that I got that said something I sent was undeliverable has these properties:

Received: from psmtp.com ([12.158.35.217]) by mxmail2.cableone.net with Microsoft SMTPSVC(5.5.1877.687.68);
Sat, 17 Apr 2004 17:46:37 -0700
Received: from source ([64.12.138.20]) by exprod6mx62.postini.com ([12.158.35.251]) with SMTP;
Sat, 17 Apr 2004 20:51:01 EDT
Received: from rly-ye03.mx.aol.com (rly-ye03.mail.aol.com [172.18.204.35]) by omr-m08.mx.aol.com (v98.19) with ESMTP id RELAYIN9-a4081d0e99b; Sat, 17 Apr 2004 20:50:49 -0400
Received: from localhost (localhost)
by rly-ye03.mx.aol.com (8.8.8/8.8.8/AOL-5.0.0)
with internal id UAH01634;
Sat, 17 Apr 2004 20:50:49 -0400 (EDT)
Date: Sat, 17 Apr 2004 20:50:49 -0400 (EDT)
From: Mail Delivery Subsystem <MAILER-DAEMON@aol.com>
Message-Id: <200404180050.UAH01634@rly-ye03.mx.aol.com>
To: ME (edit)
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
boundary="UAH01634.1082249449/rly-ye03.mx.aol.com"
Subject: Returned mail: User unknown
Auto-Submitted: auto-generated (failure)
X-AOL-IP: 172.18.204.35
Return-Path: <>
X-NAS-Bayes: #0: 7.7709E-055; #1: 1
X-NAS-Classification: 0
X-NAS-MessageID: 2691
X-NAS-Validation: {7A8281CD-11FF-47F8-A7D0-791BC157F083}