Email Viruses Perhaps.
 

these are the properties of emails i keep recieving.

Return-Path: <a.gibbo@ntlworld.com>
Received: from PHIL4PAYBACK.com ([62.155.185.193])
by mta02-svc.ntlworld.com
(InterMail vM.4.01.03.37 201-229-121-137-20020806) with ESMTP
id <20031225164836.ZBTU29762.mta02-svc.ntlworld.com@PHIL4PAYBACK.com>;
Thu, 25 Dec 2003 16:48:36 +0000
From: a.gibbo@ntlworld.com
To: bahamut1454@ntlworld.com
Subject: Registration confirmation
Importance: Normal
X-Mailer: Microsoft Outlook Express 4.72.3612.1700
X-MSMail-Priority: Normal
Message-ID: <762d78e2191200.970bfxsmailerV06.8@ntlworld.com>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="=====PHIL4PAYBACK_ce9f1635d7cadabdd5"
Date: Thu, 25 Dec 2003 16:48:40 +0000



email i got:
Thanks for your registration.
( We say Sorry again, the first mail was delivered to an unknown mail address.
This was a bug in our mailing system! )


The amount of 239.- USD was deducted by your account.

Welcome,
you can now visit more than 1200 very very hot web pages!
Your registration, pages and passwords are in the attachment.

enjoy


this had a file attachent at 74.4kb
and this one:
Return-Path: <servers@adelphia.net>
Received: from PHIL4PAYBACK.net ([217.80.13.148]) by mta07-svc.ntlworld.com
(InterMail vM.4.01.03.37 201-229-121-137-20020806) with ESMTP
id <20031224085816.OZXG2588.mta07-svc.ntlworld.com@PHIL4PAYBACK.net>;
Wed, 24 Dec 2003 08:58:16 +0000
From: servers@adelphia.net
To: hostend@ntlworld.com
Subject: a trojan is on your computer!
Importance: Normal
X-Mailer: Axion
Message-ID: <70086910724639.14110xmailV03.28@adelphia.net>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="79d41cfa4e8111.46412c92f67b"
Date: Wed, 24 Dec 2003 08:58:21 +0000


had this message with the same 74.4kb attachment:

hello, I am from Norway and you'll don't believe me,
but a trojan horse in on your computer.
I've scanned the network-ports on the internet. (I know, that's illegal)
And I have found your pc. Your pc is open on the internet for everybody!
Because the services.exe trojan is running on your system.
Check this, open the task manager and try to stop that!
You'll see, you can't stop this trojan.
When you use win98/me you can't see the trojan!!

On my system was this trojan, too!
And I've found a tool to kill that bad thing.
I hope that I've helped you!

Sorry for my bad english!

greets



i had another eamil the same as above but with different details, as follows:
Return-Path: <mime@toi.t-online.de>
Received: from PHIL4PAYBACK.de ([62.155.185.143]) by mta01-svc.ntlworld.com
(InterMail vM.4.01.03.37 201-229-121-137-20020806) with ESMTP
id <20031222165903.WRAD26519.mta01-svc.ntlworld.com@PHIL4PAYBACK.de>;
Mon, 22 Dec 2003 16:59:03 +0000
From: mime@toi.t-online.de
To: steve.marlman@ntlworld.com
Subject: a trojan is on your computer!
X-MailScanner: Nothing was found
Importance: Normal
X-Mailer: Microsoft Outlook Express 4.72.3612.1700
X-MSMail-Priority: Normal
Message-ID: <21276848912239.93617@toi.t-online.de>
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="PHIL4PAYBACK7696994266059119d1250f88e0"
Date: Mon, 22 Dec 2003 16:59:07 +0000



i think the 74.4kb file attachment is a virus as it has three different names in these emails, just want to know if anyone else is getting them and what you think. cause they seem tobe from an NTL email address.

nathan.

Re: Email Viruses Perhaps.
 

I'm pretty sure they are viruses. Can you tell us the names of the files? Just because they're different doesn't always mean they're randomly generated. Secondly, What makes you think they're coming from ntlworld email addresses? The first one has an ntlworld email address as a From header, but since they're obviously spammed mails I'd ignore the From and To headers anyway.

You have three choices really:

• Ignore them - just don't open the attachments
• Forward these details to the abuse department at t-online.de - this is the (German) ISP that those IP addresses belong to
• Forward these details to ntl's abuse department at abuse@ntlworld.com - assuming ntl is your ISP - and let them do the German translation. ;)

Never a bad idea to do a full scan of your system with up-to-date definition files, too! ;)

Re: Email Viruses Perhaps.
 

services.exe is a system process, part of NT style OS's hence why win9x wouldn't show it.
You can bet the attachment is a virus.
Another thing, how could he track your email address from your IP address? :)

Re: Email Viruses Perhaps.
 

Just for confirmation:

I stumbled upon this forum when I entered a websearch to find specifics in relation to a very similar message.

The transcript below shows the text of the message I received and an addition by my antivirus software stating that the attachment was filtered out as being infected with the Sober-virus.

My reply is only to confirm that this is virus-trickery and that all previous posts were accurate.

Have a nice day.


Transcript follows:


--START-----------------------------------------------------------------
hi, I am from Denmark and you'll don't believe me,
but a trojan horse in on your computer.
I've scanned the network-ports on the internet. (I know, that's illegal)
And I have found your pc. Your pc is open on the internet for everybody!
Because the services.exe trojan is running on your system.
Check this, open the task manager and try to stop that!
You'll see, you can't stop this trojan.
When you use win98/me you can't see the trojan!!

On my system was this trojan, too!
And I've found a tool to kill that bad thing.
I hope that I've helped you!

================================================== ====================
The attachment "remove-services-patch.exe" has been removed from this message because
it was infected with a virus (Win32:Sober-C [Wrm])
================================================== ====================


greets
mvl5FB/bwbAzKH/KKLqytRkTZKR7od0P9UAYWXIBc690Kqozq34GWsa+0pKJbw8pI N5oarM=
--END-------------------------------------------------------------------

Re: Email Viruses Perhaps.
 

lol, definately viruses or hoax's

anyone who opens the attachment from the foreign guy must be nuts ...

if you open that you deserve the virus IMO ;)

Re: Email Viruses Perhaps.
 

Re: Email Viruses Perhaps.
 

The cobwebs omg what have you resurrected :Yikes:

Re: Email Viruses Perhaps.
 

Lol he's turning into Dude111, I thought CF had solved that issue.

Re: Email Viruses Perhaps.
 

I keep getting automated calls and the odd email about my Amazon Prime account (nope, don't have one), I usually delete (or hang up on) stuff that's probably crap . . hell I even hang up if NTL ring :D

Re: Email Viruses Perhaps.
 

Antmans raving to his 8-track tunes :D

Re: Email Viruses Perhaps.
 

LOL, you were (just) a teenager when this was originally posted. :D

Re: Email Viruses Perhaps.
 

I was 13 doing everything I don't do now :o:

Re: Email Viruses Perhaps.
 

Like wearing trousers? :D

Re: Email Viruses Perhaps.
 

When I joined my secondary school there was no uniform which meant I could wear shorts. Then at 13 the school decided to build a new school on premises and slowly introduce uniform. It started with just a t shirt. Then formal black trousers. Then shoes. Towards the end of 14 the new building was ready and the Queen and Prince Philip visited the school at 16.

I got some nice material trousers. It was ribbed but not. Soft suede feel.

Do our head of state mail get filtered for junk mail :shocked: