Announcement

**Cleveland Metal** · 03-10-2009, 01:00 PM

Were they headed as being sent through the sender from someone you know?

**Newc** · 03-10-2009, 01:30 PM

Nope. It's an advertising scheme of some sort.

**Strangletooth** · 03-10-2009, 01:38 PM

Newc, can you post the full headers or send them to me? I'd like to see them.

**CharvelRocker** · 03-10-2009, 03:08 PM

Newc, what were they and how many files did your anti-virus stuff find? I've had a few issues with adware on this PC lately (spent 3 hours cleaning crap Sunday), and I am CONVINCED one of the other two people on this PC are bringing them in as it always happens after they are on it, and they tend to open/pass on stupid chain mail things like that.

**guitarsjb** · 03-10-2009, 06:13 PM

Originally posted by Newc View Post

P.S.A. for my JCF bros and sis'

Avast just caught a couple of Worms/Trojans coming in through email attached to Hallmark and American Greetings e-cards.

The sener address is [email protected] and [email protected], but those could be fake.

Got em here too...avast rules

**Ben...** · 03-10-2009, 06:36 PM

Originally posted by guitarsjb View Post

Got em here too...avast rules

Heck yes it does. I find it to be quite satisfying when it catches something because it yells "INTRUSION ALERT" or whatever it says and scares the bejesus out of me every time. It also makes me jump when it randomly tells me that it has been updated. You know your anti-virus is serious when it yells at you. I'm getting my dad to put it on our main computer because Macafee likes to slow that one to a crawl. It takes about 5 minutes to start while my laptop (I timed it) takes about 1 minute and the main computer has about double the power of my laptop. It uses 10% less RAM too according to my little memory usage thingy in comparison to how it used to be. Plus it ain't 60 bucks plus per year.

**Cleveland Metal** · 03-10-2009, 06:42 PM

Macafee blows for sure. Such a resource hog. I think they compete with Norton to see which one can bog people's computers down the most before they go belly up, haha...

I've been running ESET Business edition and have been very happy. Never used Avast yet.

**Shawn Lutz** · 03-10-2009, 11:02 PM

thats a farily old one, just like attachments, if you dont know the sender, nolo clickie

**hippietim** · 03-11-2009, 12:28 AM

Newc, I'm glad to hear you finally got the greeting cards I sent

**Outlander** · 03-12-2009, 01:19 AM

Originally posted by hippietim View Post

newc, i'm glad to hear you finally got the greeting cards i sent

**OnlineStageGear** · 03-12-2009, 01:44 PM

Originally posted by Cleveland Metal View Post

Macafee blows for sure. Such a resource hog. I think they compete with Norton to see which one can bog people's computers down the most before they go belly up, haha...

People don't understand how true that is. I have seen Norton take up close to 800 megs of memory. I used to recommend and sell Norton till I think it was the 2002 version came out. Absolute garbage. Now you have to even run a special tool to get it ALL off your machine.

Matt

**Cleveland Metal** · 03-12-2009, 02:03 PM

Originally posted by OnlineStageGear View Post

I used to recommend and sell Norton till I think it was the 2002 version came out. Absolute garbage. Now you have to even run a special tool to get it ALL off your machine.

Matt

Yeah, that tool is called reformat/reinstall OS, hehe...

**Ben...** · 03-12-2009, 03:52 PM

Originally posted by OnlineStageGear View Post

People don't understand how true that is. I have seen Norton take up close to 800 megs of memory. I used to recommend and sell Norton till I think it was the 2002 version came out. Absolute garbage. Now you have to even run a special tool to get it ALL off your machine.

Matt

That removal tool sucks. I cleared Norton off. Then when I went to clean my registry there were more than a thousand errors relating to Norton. My RAM usage dropped like a rock when I removed it.

**Newc** · 03-12-2009, 07:03 PM

Originally posted by Strangletooth View Post

Newc, can you post the full headers or send them to me? I'd like to see them.

First one:

X-x: TimeOut
X-x: TimeOut
X-Delivered: at request of striker on hobo
Return-Path: <[email protected]>
X-Original-To: [email protected]
Delivered-To: [email protected]
Received: from localhost (localhost [127.0.0.1])
by hobo.ecsis.net (Postfix) with ESMTP id 39195F0946
for <[email protected]>; Mon, 9 Mar 2009 20:18:05 -0500 (CDT)
X-Quarantine-ID: <BYSDAZAvI7IA>
X-Amavis-Modified: Original mail moved to attachment (defanged) by
hobo.ecsis.net
X-Virus-Scanned: amavisd-new at ecsis.net
X-Amavis-Alert: BANNED, message contains part: multipart/mixed |
message/rfc822,message | multipart/mixed |
application/octet-stream,.zip,postcard.zip | .exe,.exe-ms,postcard.exe
Resent-From: "Content-filter at hobo.ecsis.net" <[email protected]>
Resent-Date: Mon, 9 Mar 2009 20:18:01 -0500 (CDT)
Resent-Message-ID: <[email protected]>
Received: from hobo.ecsis.net ([127.0.0.1])
by localhost (hobo.ecsis.net [127.0.0.1]) (amavisd-new, port 10024)
with LMTP id BYSDAZAvI7IA for <[email protected]>;
Mon, 9 Mar 2009 20:18:01 -0500 (CDT)
Content-Type: multipart/mixed; boundary="----------=_1236647885-19019-1"
Content-Transfer-Encoding: binary
MIME-Version: 1.0
Subject: [avast! - INFECTED] You have received A Hallmark E-Card!
Received: from mem01.ecsis.net (mem01.ecsis.net [65.255.112.2])
by hobo.ecsis.net (Postfix) with ESMTP id 6F5B9EB284
for <[email protected]>; Mon, 9 Mar 2009 20:18:00 -0500 (CDT)
Received: by mem01.ecsis.net (Postfix)
id BFBD11DA10D; Mon, 9 Mar 2009 20:17:59 -0500 (CDT)
Received: from localhost (localhost [127.0.0.1])
by mem01.ecsis.net (Postfix) with ESMTP id B209C1DA10C
for <[email protected]>; Mon, 9 Mar 2009 20:17:59 -0500 (CDT)
Received: from mem01.ecsis.net ([127.0.0.1])
by localhost (mem01.ecsis.net [127.0.0.1]) (amavisd-new, port 10024)
with LMTP id tHCiNnjy8XSu for <[email protected]>;
Mon, 9 Mar 2009 20:17:53 -0500 (CDT)
Received: from barryg.celestial.com (barryg.celestial.com [192.136.111.13])
by mem01.ecsis.net (Postfix) with ESMTP id 534061DA013
for <[email protected]>; Mon, 9 Mar 2009 20:17:50 -0500 (CDT)
Received: from localhost (localhost [127.0.0.1])
by barryg.celestial.com (Postfix) with ESMTP id 2D35843FD549
for <[email protected]>; Mon, 9 Mar 2009 18:17:27 -0700 (PDT)
Received: from barryg.celestial.com ([127.0.0.1])
by localhost (barryg.celestial.com [127.0.0.1]) (amavisd-new, port 10024)
with LMTP id 1AuikQ8ZQYW1 for <[email protected]>;
Mon, 9 Mar 2009 18:17:25 -0700 (PDT)
Received: from hallmark.com (user-38lm504.cable.mindspring.com [209.91.20.4])
by barryg.celestial.com (Postfix) with ESMTP id 5D32843FBE7B
for <[email protected]>; Mon, 9 Mar 2009 18:17:19 -0700 (PDT)
From: [email protected]
To: [email protected]
Date: Mon, 9 Mar 2009 20:17:30 -0500
Message-Id: <[email protected]>
X-Csys-md5body: 6eff3af5eff9eb1e176f041c7194e8d0
Content-Length: 302684
Lines: 3964
X-Antivirus: avast! (VPS 090309-0, 03/09/2009), Inbound message
X-Antivirus-Status: Infected
Attachment: \message#2626795383\message#1831703620\postcard.zi p#86502466\postcard.exe Virus: Win32:Trojan-gen {Other} Deleted

Second:

X-x: TimeOut
X-Delivered: at request of striker on hobo
Return-Path: <[email protected]>
X-Original-To: [email protected]
Delivered-To: [email protected]
Received: from localhost (localhost [127.0.0.1])
by hobo.ecsis.net (Postfix) with ESMTP id 182B7F00E0
for <[email protected]>; Mon, 9 Mar 2009 22:11:38 -0500 (CDT)
X-Quarantine-ID: <sAid-6HvEMlc>
X-Amavis-Modified: Original mail moved to attachment (defanged) by
hobo.ecsis.net
X-Virus-Scanned: amavisd-new at ecsis.net
X-Amavis-Alert: BANNED, message contains part: multipart/mixed |
message/rfc822,message | multipart/mixed |
application/octet-stream,.zip,postcard.zip | .exe,.exe-ms,postcard.chm
... .exe
Resent-From: "Content-filter at hobo.ecsis.net" <[email protected]>
Resent-Date: Mon, 9 Mar 2009 22:11:36 -0500 (CDT)
Resent-Message-ID: <[email protected]>
Received: from hobo.ecsis.net ([127.0.0.1])
by localhost (hobo.ecsis.net [127.0.0.1]) (amavisd-new, port 10024)
with LMTP id sAid-6HvEMlc for <[email protected]>;
Mon, 9 Mar 2009 22:11:36 -0500 (CDT)
Content-Type: multipart/mixed; boundary="----------=_1236654698-2081-1"
Content-Transfer-Encoding: binary
MIME-Version: 1.0
Subject: [avast! - INFECTED] You have received A Hallmark E-Card!
Received: from obrd1.ecsis.net (obrd1.shop.ecsis.net [192.168.25.98])
by hobo.ecsis.net (Postfix) with ESMTP id 271B9ECC98
for <[email protected]>; Mon, 9 Mar 2009 22:11:34 -0500 (CDT)
Received: by obrd1.ecsis.net (Postfix)
id AFE799B523; Mon, 9 Mar 2009 22:11:33 -0500 (CDT)
Received: from localhost (localhost [127.0.0.1])
by obrd1.ecsis.net (Postfix) with ESMTP id 6087C9B519
for <[email protected]>; Mon, 9 Mar 2009 22:11:33 -0500 (CDT)
Received: from obrd1.ecsis.net ([127.0.0.1])
by localhost (obrd1.ecsis.net [127.0.0.1]) (amavisd-new, port 10024)
with LMTP id xsv4nqxVLfyl for <[email protected]>;
Mon, 9 Mar 2009 22:11:11 -0500 (CDT)
Received: from barryg.celestial.com (barryg.celestial.com [192.136.111.13])
by obrd1.ecsis.net (Postfix) with ESMTP id 6189F9A46E
for <[email protected]>; Mon, 9 Mar 2009 22:10:51 -0500 (CDT)
Received: from localhost (localhost [127.0.0.1])
by barryg.celestial.com (Postfix) with ESMTP id 08F7A43FD545
for <[email protected]>; Mon, 9 Mar 2009 20:10:28 -0700 (PDT)
Received: from barryg.celestial.com ([127.0.0.1])
by localhost (barryg.celestial.com [127.0.0.1]) (amavisd-new, port 10024)
with LMTP id I9FoALyBVKhh for <[email protected]>;
Mon, 9 Mar 2009 20:10:27 -0700 (PDT)
Received: from hallmark.com (user-38lm504.cable.mindspring.com [209.91.20.4])
by barryg.celestial.com (Postfix) with ESMTP id 5A15B43FBE7B
for <[email protected]>; Mon, 9 Mar 2009 20:10:22 -0700 (PDT)
From: [email protected]
To: [email protected]
Date: Mon, 9 Mar 2009 22:10:56 -0500
Message-Id: <[email protected]>
X-Csys-md5body: ea8cddbdcbd87ce99b25ce9e3a0a9d68
Content-Length: 302902
Lines: 3969
X-Antivirus: avast! (VPS 090309-0, 03/09/2009), Inbound message
X-Antivirus-Status: Infected
Attachment: \message#1133340559\message#1652347591\postcard.zi p#960143343\postcard.chm .exe Virus: Win32:Trojan-gen {Other} Deleted

Third:

X-x: TimeOut
X-x: TimeOut
X-Delivered: at request of striker on hobo
Return-Path: <[email protected]>
X-Original-To: [email protected]
Delivered-To: [email protected]
Received: from localhost (localhost [127.0.0.1])
by hobo.ecsis.net (Postfix) with ESMTP id 599C4EE558
for <[email protected]>; Tue, 10 Mar 2009 05:52:20 -0500 (CDT)
X-Quarantine-ID: <xEUtVX5EPN8Y>
X-Amavis-Modified: Original mail moved to attachment (defanged) by
hobo.ecsis.net
X-Virus-Scanned: amavisd-new at ecsis.net
X-Amavis-Alert: BANNED, message contains part: multipart/mixed |
message/rfc822,message | multipart/mixed |
application/octet-stream,.zip,e-card.zip | .exe,.exe-ms,e-card.exe
Resent-From: "Content-filter at hobo.ecsis.net" <[email protected]>
Resent-Date: Tue, 10 Mar 2009 05:52:18 -0500 (CDT)
Resent-Message-ID: <[email protected]>
Received: from hobo.ecsis.net ([127.0.0.1])
by localhost (hobo.ecsis.net [127.0.0.1]) (amavisd-new, port 10024)
with LMTP id xEUtVX5EPN8Y for <[email protected]>;
Tue, 10 Mar 2009 05:52:18 -0500 (CDT)
Content-Type: multipart/mixed; boundary="----------=_1236682340-29288-1"
Content-Transfer-Encoding: binary
MIME-Version: 1.0
Subject: [avast! - INFECTED] You have got a new E-Card from your friend!
Received: from obrd1.ecsis.net (obrd1.shop.ecsis.net [192.168.25.98])
by hobo.ecsis.net (Postfix) with ESMTP id 3E8ECEF87E
for <[email protected]>; Tue, 10 Mar 2009 05:52:17 -0500 (CDT)
Received: by obrd1.ecsis.net (Postfix)
id E0E49980AC; Tue, 10 Mar 2009 05:52:16 -0500 (CDT)
Received: from localhost (localhost [127.0.0.1])
by obrd1.ecsis.net (Postfix) with ESMTP id 58CAB99440
for <[email protected]>; Tue, 10 Mar 2009 05:52:16 -0500 (CDT)
Received: from obrd1.ecsis.net ([127.0.0.1])
by localhost (obrd1.ecsis.net [127.0.0.1]) (amavisd-new, port 10024)
with LMTP id Gb-G1lFQrKH5 for <[email protected]>;
Tue, 10 Mar 2009 05:51:59 -0500 (CDT)
Received: from barryg.celestial.com (barryg.celestial.com [192.136.111.13])
by obrd1.ecsis.net (Postfix) with ESMTP id 965FF980AC
for <[email protected]>; Tue, 10 Mar 2009 05:51:40 -0500 (CDT)
Received: from localhost (localhost [127.0.0.1])
by barryg.celestial.com (Postfix) with ESMTP id 8B3DA43FD545
for <[email protected]>; Tue, 10 Mar 2009 03:51:15 -0700 (PDT)
Received: from barryg.celestial.com ([127.0.0.1])
by localhost (barryg.celestial.com [127.0.0.1]) (amavisd-new, port 10024)
with LMTP id ANB7warSIlKp for <[email protected]>;
Tue, 10 Mar 2009 03:51:14 -0700 (PDT)
Received: from americangreetings.com (user-38lm504.cable.mindspring.com [209.91.20.4])
by barryg.celestial.com (Postfix) with ESMTP id 876E143FBE7B
for <[email protected]>; Tue, 10 Mar 2009 03:51:09 -0700 (PDT)
From: [email protected]
To: [email protected]
Date: Tue, 10 Mar 2009 05:51:23 -0500
Message-Id: <[email protected]>
X-Csys-md5body: 2b1c62fec021794de41f868eca49be39
Content-Length: 309367
Lines: 3971
X-Antivirus: avast! (VPS 090309-0, 03/09/2009), Inbound message
X-Antivirus-Status: Infected
Attachment: \message#4156794681\message#69199115\e-card.zip#988015132\e-card.exe Virus: Win32:Trojan-gen {Other} Deleted

Announcement

Email virus alert!

Email virus alert!

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment