[pchelpers] Re: new virus note

I do not understand which line shows the actual virus.  I don't
understand this virus or how you spotted it as a virus.  Could
you explain?  It this one like ordinary spam mail we get that
contains a virus without an attachment?

Ming

-----Original Message-----
From: pchelpers-bounce@xxxxxxxxxxxxx
[mailto:pchelpers-bounce@xxxxxxxxxxxxx]On Behalf Of rweyer
Sent: April 29, 2004 3:59 PM
To: JW_Tech; pchelpers
Subject: [pchelpers] new virus note

Here is a virus I just intercepted (thanks to
http://www.ravantivirus.com ).
If this kind of stuff keeps coming it will force an end to email
service as we know it.  Maybe this is a government conspiracy?

Note the message it has with it.  First the virus pack including
header..
-----------------------------------------------------------------
---------------

Return-Path: <davidjwong@xxxxxxxxxxxxx>
Delivered-To: anro@xxxxxxxxx
Received: from 127.0.0.1 (mail.cell1amarillo.net [127.0.0.1])
 by dummy.domain.name (Postfix) with SMTP id 230B928C2EA
 for <anro@xxxxxxxxx>; Thu, 29 Apr 2004 17:01:38 -0500 (CDT)
Received: from c1ama.net (host-216-153-170-92.ind.choiceone.net
[216.153.170.92])
 by mail.cell1amarillo.net (Postfix) with ESMTP id 739E428C304
 for <anro@xxxxxxxxx>; Thu, 29 Apr 2004 16:58:27 -0500 (CDT)
From: davidjwong@xxxxxxxxxxxxx
To: anro@xxxxxxxxx
Subject: Re: Old photos
Date: Thu, 29 Apr 2004 16:57:59 -0500
MIME-Version: 1.0
Content-Type: multipart/mixed;
 boundary="----=_NextPart_000_0016----=_NextPart_000_0016"
X-Priority: 3
X-MSMail-Priority: Normal
Message-Id: <20040429215827.739E428C304@xxxxxxxxxxxxxxxxxxxxxx>
Status:

This is a multi-part message in MIME format.

------=_NextPart_000_0016----=_NextPart_000_0016
Content-Type: text/plain;
 charset="Windows-1252"
Content-Transfer-Encoding: 7bit

Have a look at these.

+++ Attachment: No Virus found
+++ MessageLabs AntiVirus - www.messagelabs.com


------=_NextPart_000_0016----=_NextPart_000_0016
Content-Type: application/octet-stream;

name="___________________________________________________________
__________________warn.txt"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;

filename="_______________________________________________________
______________________warn.txt"

UkFWIEFudGlWaXJ1cyBoYXMgZGVsZXRlZCB0aGlzIGZpbGUNCiBiZWNhdXNlIGl0I
GNvbnRhaW5l
ZCBkYW5nZXJvdXMgY29kZSENCg0KDQog

-----------------------------------------------------------------
---------------


Next this is what the actual email looks like upon reciept.  Not
the 'authentication "no virus found' and a url
-----------------------------------------------------------------
---------------

Have a look at these.

+++ Attachment: No Virus found
+++ MessageLabs AntiVirus - www.messagelabs.com

-----------------------------------------------------------------
---------------

This e-mail is generated by the mail.cell1amarillo.net mail
server to warn you that the e-mail
sent by davidjwong@xxxxxxxxxxxxx to anro@xxxxxxxxx is infected
with virus: Win32/Netsky.P@mm.


-----------------------------------------------------------------
---------------

I sent message labs a copy of the virus and the email infected
with it.

Bob Weyer
Regards, John Durham (list moderator)
<http://modecideas.com/contact.html?sig>
Freelists login at http://www.freelists.org/cgi-bin/lsg2.cgi
List archives at http://www.freelists.org/archives/pchelpers
PC-HELPERS list subscribe/unsub at
http://modecideas.com/discuss.htm?sig
Good advice is like good paint- it only works if applied.

Regards, John Durham (list moderator) <http://modecideas.com/contact.html?sig>
Freelists login at http://www.freelists.org/cgi-bin/lsg2.cgi
List archives at http://www.freelists.org/archives/pchelpers
PC-HELPERS list subscribe/unsub at http://modecideas.com/discuss.htm?sig
Good advice is like good paint- it only works if applied.

Other related posts: