Virus source: intelos.net Familiar? CLICK HERE!

[Jeff]

O.K.
I am getting tired of these emails The last one gave me the clue I need to find the source. Funny it said it was from woodtick@forestryforum.com to me at jeff@forestryforum.com

Lets try to see what member is infected. I have a call into intelos if nothing else and we will track it down tomorrow. Who ever it is has Ron W, Me, and probably dewwood in thier computer address book or sent mail.

the email text was:
"Please see the attached file for details."

the subject was Re:Re:My details

Interesting. Now I am able to varify both ends of the email trail because its frm my server. This email came from:
Received: from SOS2 (64-4-109-18.mvl.intelos.net [64.4.109.18])

So, if the name or isp intelos.net looks familiar to you, CONTACT ME!! so I can help you clean up your computer or rule you out.

[biziedizie]

  Hey Jeff I get about 100 e-mails a day with the att details, I also get them from the forum as well. One of the main people that I get mail from is a person named Jason, don't know if this person is a member or not but thought I would let you know.
  Called my server and they said there was nutting I could do about the problem, cleaned things twice on this end and I still get these odd e-mails. This is starting to pith me off and I wish these idiots would get real jobs!


   Steve

[Jeff]

Bizzie, the person who they are from is irelevent other then they happen to have thier name on the infected computer. The emails are probably NOT from the person they say they are. when you get an email like that, open it, go to properties, then message source, and look for the line that begins:
Received: from

[Ron Wenrich]

I don't know if this helps you or not, but I've only received about 60 e-mails on that account in the past year.  I've sent a total of 5 and have no addresses in the address book

Right now I have 5 undelivered mails in the mailbox.  All were sent today and say 19:36.  The one I looked at was an e-mail address I'm not familiar with.

My normal e-mail has never had any problems.  They must have some pretty good virus scanner, and I know it won't let certain types of attachments to be viewed.

I know my wife's business has had several of the viruses and it has never infected me.  Mayve I'm not in her address book.  

[Jeff]

Ron send me the addresses to whom you sent emails too. Odds are its one of them. Outlook express has the habit of adding someone to its address book if you reply to them, so if you emailed someone, and they replies to you, thats a good place to look.

[Tom]

Heck, Outlook express will add spam addresses to your address book without your having done anything.  I have to purge mine regularly and some are difficult to identify. :-/

[Jeff]

Tom, they are added when you send those nasty replies to the spammers.  

[Jeff]

In outlook, go to tools, then options, then send and make sure that where it says
"Automatically put people in my address book that I reply to"  is NOT checked

[Ron Wenrich]

But, forestryforum.com is not opened in Outlook.  And it didn't add anything to the address book, even when I sent e-mail out.

The virus was the sobig variety.  I thought that was supposed to dismantle on 9/10 or thereabouts.

[Jeff]

Ron, it has nothing to do with you. It has to do with whoever has your address on THEIR machine. They have the virus. And outlook is not a factor with sobig. It has its own smtp engine. It does not need an email client, only an email address. It can find them by looking for @.* on a hard drive

[Den Socling]

Why use Outlook? Use Mozilla. It's a little different and it takes a couple days to get used to but it does the same. And, you can import all of your old mail for reference. Mozilla with a good ISP and I don't get more than one or two spams a week! And, since I got rid of Outlook, I don't think I have been part of spreading a worm or virus even once.

[Jeff]

I am now using my web based program I installed on the server. Its pretty good.

[Jeff]

I have had a SHARP reduction in the crap mail the last few hours. went from 20 or so an hour for the last few days to just 2 in the last 2 hours. Hope its a sign. I hate to have to change my address.

[Tom]

I don't reply to spam.  the stuff gets on my contact list some way on its own. :-/

[cut2size]

The isp intelos.net is one that I am familier with.  I used it for about a month 2 years ago.  It was so slow that I canceled it without really using it.  It is the server that Clifton Forge/Waynesboro telephone owns in south central VA.  I believe that they are in bankrupcy procedings at this time.  This should give you a geographical area to locate the culprit.  I hope that it isn't me
David

[Jeff]

Really is not a culprit here. Just a victim. I am sure they don't know they are infected. Intelos is suppose to be calling me this afternoon.  I already knew that they were virginia, and I have the I.P. address of the machine. If they are willing, they can clean this up.  I got 2 more last night, both from the sameserver only saying they were from a bballard@superiorwv.com which I dint recognize.

[dewwood]

The emails dropped in number dramatically yesterday afternoon, like Jeff I went from several an hour to only one or two all afternoon according to the time they were received.  Hopefully this is running its course!

Although I did have one this morning supposedly from Microsoft which I think was one because they don't usually ask you to open an attachment.  I never do any update from an email, I go to the site and load updates from there.

[woodmills1]

when i signed on this morning I had 2 e-mails notifing me of undeliver e-mail and 2 more warning that I had a virus.  Trouble is I didn't send the two e-mails and didn't recognize the addresses of the supposed infected sent e-mails either.

[David_c]

i must be the only lucky one out here becuase i dont get any of that 8) 8) 8) 8) knock on wood.

[biziedizie]

  Well ain't this cool I opened outlook and got no e-mail....none....nutting....zip 8)
  Is it over??? Sure hope so.

    Steve

[jerry-m]

This might help:   I got this from another board...
This may help you to know if you are infected...
Put a Bogus email address at the top and another
one at the end of your address book (sometimes a            virus starts at the bottom)... This should tell you if you  
are infected as the bogus email will bounce back as undeliverable... Hey, Might be Worth a Try :-/

jerry

[Den Socling]

dewwood,

I wouldn't touch that attachment from "Microsoft" with a wireless mouse.

Den

[dewwood]

Knock on WOOD, I have not had nearly as many emails today although my virus protection did pick one  virus up and cleaned it.  

The exasperating thing about all of those emails was it took so long to receive them because everyone had an attachment which really slowed down my entire system.  Sometimes when I had shut the computer off (overnight) it would take and hour or two in the morning just to receive all of the emails.  They were going directly to the deleted folder but they still used a lot of system resources even though I would never see them.

Glad it seems to have run its course.

[biziedizie]

  I think (hope) that the bug is gone I haven't got one single e-mail today 8)  The forum moves at break neck speeds again and it seems like everything is normal.

  Hey Jeff how did you know that the bug would die on the 10th??? I was told that a bug doesn't die till the puter dies.


    Steve

[Jeff]

Mcafee.com has very good virus info. Anytime I need to know something thats where I turn.