Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: Number of issues..

  1. #1
    Junior Member
    Join Date
    Jan 2005
    Posts
    5

    Post Number of issues..

    Hello to all the helping soul,

    It appears to me that I have few issues on my windows 2000 box. Please help me to get rid of it. Few of the problems are :

    1) I am continously getting email which has subject line " Mail Delivery (failure bigzero@******.com)" from email id which seems to be valid in most of the case. But in reality, I never sent any emails to that ids. The content of email is even more intresting. It says something like this :

    If the message will not displayed automatically,follow the link to read the delivered message.

    Received message is available at:

    http://www.*******.com/inbox/bigzero/...?sessionid-8827

    Please tell me what it's and how can I get rid of it ?

    2) Secondly, I also getting emails at regular interval which has attachments of 24 bytes which has only 1-2 line of text like, Please read the important document, important document for you etc and etc

    Help me to get rid of it also.

    3)My computer takes lot of time in booting. It takes more then 6-7 minutes to show me the desktop.

    FYAI, I am fully up to date with all the latest patches and have N2k3 having Virus defination 12 Jan 2005. I had scan my machines quite a times but getting no information about the bugs..

    Thanks in advance.

    BigZero

  2. #2
    What e-mail service do you use ? Is it spam > Im sleepy and tired so im not gonna look into it much tonight,

    3)My computer takes lot of time in booting. It takes more then 6-7 minutes to show me the desktop.
    Did u check what starts up ? click start-> run -> msconfig (does that work on 2000 anyways ?, i think it does) and check what all starts under the "Startup" tab and de-select everything you dont want to run at startup and you'll get your desktop instantly....
    O.G at A.O

  3. #3
    Junior Member
    Join Date
    Jan 2005
    Posts
    5

    Thanks

    Thanks Copyright for the prompt reply.

    What e-mail service do you use ?
    Well, am getting these emails on my dad office domain account. I can't say whether it's a spam or something else. One of my classmate says that it's a virii activity and he even named that virii i.e. Netsky.P@mm. I have already checked whatever published on the Norton websites but, I can't see anything suspicious on my windows 2k pro box.

    Did u check what starts up ? click start-> run -> msconfig (does that work on 2000 anyways ?, i think it does) and check what all starts under the "Startup" tab and de-select everything you dont want to run at startup and you'll get your desktop instantly....
    Well, being a kid and curious to know sevral things loads of applications are installed on my machine but none of them are started automatically except Norton.

    With Thanks !
    BigZero

  4. #4
    The Doctor Und3ertak3r's Avatar
    Join Date
    Apr 2002
    Posts
    2,744
    First of all..

    Don't open those emails..

    your recieving them from an infected client (another computer user).

    I would recommend rereading HOW Netsky collects the email addresses for sending itself out..

    then check other computers on the network incase one of them is infected.. check all of them..

    I would recommend downloading and running McAfee Stinger on each machine.. that is load it on restart in safe mode and start a scan..
    ..

    OH BTW: Netsky is not the only email virus/worm that uses the "Mail delivery Error"as part of its delivery..

    the virus it self may not even be on any machine on the network..
    just alot of people have your email addy who are infected..
    not much you can do untill they are all clean..

    use a mail filter prog like Mailwasher.

    cheers
    "Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr

  5. #5
    Hi mom!
    Join Date
    Aug 2001
    Posts
    1,103
    Like suggested above, check your computer for virusses and ad/spyware. For the latter, I'd recomment http://www.hitmanpro.nl

    [edit]Oh, crap. The program is only available in Dutch for now. They're working on an English (and German, for that matter) version though.[/edit]
    I wish to express my gratitude to the people of Italy. Thank you for inventing pizza.

  6. #6
    Junior Member
    Join Date
    Jan 2005
    Posts
    1

    Post You can't do much...:(

    would recommend rereading HOW Netsky collects the email addresses for sending itself out..
    As I understand it Netsky collects email addresses from infected machines address books and then it picks one address at random and pretends to be from that address. In nutshell, Netsky has infected a computer that had your address in its address book..

    As undertaker stated, you can't do much untill all infected machines are clear from the virus who has your address.

    Newkid

  7. #7
    Junior Member
    Join Date
    Jan 2002
    Posts
    11
    Another good way to see what programs are starting up automagically is to use Mike Lin's startup control panel application.

    http://www.mlin.net/StartupCPL.shtml

  8. #8
    Why don't you start by deleting the trash, temp files. Then get you computer scanned online at http://housecall.trendmicro.com.
    You can then download Hijackthis and put its log online here (include your startup entries)
    Get a spyware cleaner like spybot, ad-adaware or you can also try microsoft's beta spyware cleaner.

    Now you have not mentioned you computer's hardware configuration like what processor and amount of ram, because if you have norton antivirus installed your startup time increase a lot (but not to 5-6 minutes except your computer's hardware configuration just meet's the recommended level's and you have lot of startup programs)

    Also its a safe practise NOT TO OPEN ANY ATTACHMENT'S from unknown person.

    Now this is by no means a tutorial on how to safeguard your E-Mail address but you can keep following in mind :
    1. its nice to make 2 E-mail address. One should be always given to known people (like family member's,friend's and to trusted sites etc) and the second one to web-sites and newsgroups. Now when i mean trusted web-sites i mean web-sites of reputed companies.

    2. If you receive any mail from unknown person on your first ID (the one you gave to family members and friend's etc) and is classified as spam by your service provider NEVER EVER OPEN IT OR EVEN IF YOU HAVE OPENED IT THEN DONT CLICK ON ANY LINKS. Even the link given at the bottom which states "click here if you do not wish to receive mails from our company again......"

    3. set your junk mail filter to atleast high

    4. use your 2nd ID (for web-sites etc) more often then first when you give it out on the internet to unknown people or for downloading a software. (note: lets say you want to download a nice software for free but is not know that well give this address, but let's say you want to download a trialware or shareware or even a free ware from known companies like symantec, iomega, trend-micro etc give your first ID {atleast thats what I do, so i have to check the second ID less times}

    At the end remember after taking all these precaution's you can still get infected if your anti-virus is not updated or even if any of your friends or family member's get infected by a worm. so always remember to scan any attachments before opening no matter who sent the mail. AND NEVER CLICK ANY HYPERLINK SENT TO YOU BY A UNKNOWN PERSON (it doesn't matter Whether it says you have won a million $ or you have won a IBM mainframe )

    Also keep in mind that if you use program like outlook express to read your mail configure them to show the mail in plaintext format
    here's what you should do

    -> Start Outlook Express
    --> Tools
    ---> Options
    ----> Read
    -----> Enable: Read all messages in plaintex
    ----> Send
    -----> Mail sending format
    ------> Select: Plain text
    ----> Security
    -----> Disable: Do not allow attachments to be saved or opened that could potentially be a virus (if you dont disable this one, your ability to receive attachments is almost zero. Your email virus protection should rely on the fact that you do NOT open files that you receive as email attachments if you are not ABSOLUTELY sure they are safe to be run.)
    ----> Maintenance
    -----> Enable: Purget deleted messages when leaving IMAP folders

    If you get a worm from any of your family members or any one you know tell them about it and also tell them how to get rid of it.
    Parth Maniar,
    CISSP, CISM, CISA, SSCP

    *Thank you GOD*

    Greater the Difficulty, SWEETER the Victory.

    Believe in yourself.

  9. #9
    Junior Member
    Join Date
    Jan 2005
    Posts
    5

    Post Thanks !

    Thanks you all for your valuable time.

    Undertaker:

    Do you have any URL/ tutorial/ which can guide me 'How Netsky can collect the email address'? What are the various security precautions one should take ? How to remove individual email ids from that loop?

    Guus:

    FYI, there is no virus/adware/spyware on my machine. I had checked it quite a times. Two times from norton ( safe mode; w/o safe mode), 1 time from Trendmicro online( http://housecall.trendmicro.com). Not only this, I had run the Netsky removal tool but nothings comes out so far..

    Newkid:

    Is there anyway to break the loop and remove individual ids from Netsky log?

    Brentlea:

    Thanks for the URL. As mentioned earlier, there is nothing in the startup except Norton Antivirus but still machines take lots of time in booting.

    Edit Message:

    ByteWrangler:

    There is nothing suspicious in HJT log nor in Spybot S and D. I already scanned the machine with them. Machine configurations are as follows:

    Windows 2000 with Service Pack 4
    Internet Explorer 6 with SP 1
    Pentium 4 Processor having clock speed 2.1 Ghz
    512 MB DDR RAM


    Do you need any more detail ? Please let me know...

    With Thanks !
    BigZero

  10. #10
    How netsky works:

    http://reviews-zdnet.com.com/4520-6600_16-5122164.html

    Try Disabled NAV and see if it boots faster, if not then hmmm, see what programs are running right when you boot your computer, does it boot slow in safe mode too ? Maybe its a slow PC ....

    edit: ugh, 2.1 Ghz, not the CPU than

    Netsky.b then searches the infected hard drive for usable e-mail addresses.
    O.G at A.O

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •