yes i'm stumped 
Author Message
 yes i'm stumped

i realize that a virus could send out email to those
listed in my address book...
but recently a very small handful or my friends got an email
from me which i didn't send...it had an attachment which
i assume to be a virus.

the odd thing is...the only people who got this bugus mail
were a few people who would have been in my addrss book
nearly 2 years ago.
the harddrive where they were kept was long ago re-formatted
and sold.
when i got my new harddrive i did a fresh install
so nothing from my old drive would have been transferred.
i virus check on my machine tunrs out negative...

so anyone have a good theory as to what could have happened.
???

Thank you

--

Philo

website : www.plazaearth.com/philo

dos win lin os/2 cp/m nde beos



Wed, 05 Nov 2003 06:42:44 GMT  
 yes i'm stumped

Strange, you are telling that some one being not included in your address
book has received an e-mail from you, which you have not sent ?!

1) what is the includes of that e-mail ? What is the file attached ?

2) maybe some one had tried to be shown as you while sending that e-mails
( who also knows that recipients )

3) your older HDD might have been used to restore that address book ( I do
not thing so much on this ). You may know delete and / or format can be
restored with some tools...

some others ??


Quote:
> i realize that a virus could send out email to those
> listed in my address book...
> but recently a very small handful or my friends got an email
> from me which i didn't send...it had an attachment which
> i assume to be a virus.

> the odd thing is...the only people who got this bugus mail
> were a few people who would have been in my addrss book
> nearly 2 years ago.
> the harddrive where they were kept was long ago re-formatted
> and sold.
> when i got my new harddrive i did a fresh install
> so nothing from my old drive would have been transferred.
> i virus check on my machine tunrs out negative...

> so anyone have a good theory as to what could have happened.
> ???

> Thank you

> --

> Philo

> website : www.plazaearth.com/philo

> dos win lin os/2 cp/m nde beos



Wed, 05 Nov 2003 21:02:04 GMT  
 yes i'm stumped

here is some more info:

the few people who got this bogus email had an attachment

unregmp2.exe   this is a microsoft file...
but one person did a virus scan and found it positive for a virus
so obviously it had been tampered with.

but the thing is...
even though i know it would be theoretically possible to retrieve data
from a formatted drive...the old drive was put in a machine that i sold to a
friend
of mine who, not only would not have the knowledge to do such a thing...
would never think of doing something like that.

all i can think of is that some virus must have been kept dormant
on some machine for over a year, then released.

it's possible that my old machine had the virus and transmitted it to
someone else...
and maybe a year later got released.
it's the only plausible explanation i can come up with...
but i'd appreciate any comments from anyone on this.

additionally, the message itself was simply some technical appearing info
about not being able to ping microsoft from the C:\osr2 directory.

plus one additional thing.
i got an email returned that had been sent to an address of one of my
friends who changed their server over a year ago...
so i too got the message...
and when i looked to the source it was from
an apparenlty phony source differing from my own email
address by one letter

still puzzled here

Philo



Wed, 05 Nov 2003 22:34:06 GMT  
 yes i'm stumped
Hi ,


Quote:

> here is some more info:

> the few people who got this bogus email had an attachment

> unregmp2.exe   this is a microsoft file...
> but one person did a virus scan and found it positive for a virus
> so obviously it had been tampered with.

**  So, he/she may know the name of the virus detected !

Quote:

> but the thing is...
> even though i know it would be theoretically possible to retrieve data
> from a formatted drive...the old drive was put in a machine that i sold to
a
> friend
> of mine who, not only would not have the knowledge to do such a thing...
> would never think of doing something like that.

> all i can think of is that some virus must have been kept dormant
> on some machine for over a year, then released.


( as you said ) in general ! They post themselves to the adressbook's some
part ( suc as first 50 ) or all.

Quote:

> it's possible that my old machine had the virus and transmitted it to
> someone else...
> and maybe a year later got released.
> it's the only plausible explanation i can come up with...
> but i'd appreciate any comments from anyone on this.

** If your old machine has not got this adresses, a virus can not do that !
If you thing, the virus has verified that addresses it might have been sent
the message at that time and it is not a usual way to forward them some one
to send the messages later.

Quote:

> additionally, the message itself was simply some technical appearing info
> about not being able to ping microsoft from the C:\osr2 directory.

> plus one additional thing.
> i got an email returned that had been sent to an address of one of my
> friends who changed their server over a year ago...
> so i too got the message...
> and when i looked to the source it was from
> an apparenlty phony source differing from my own email
> address by one letter

** if the source belongs to your current address, you do have a virus. If it
belongs to nither your old one nor the current one, some one has been trying
to show himself / herself as you.
Quote:

> still puzzled here

> Philo



Wed, 05 Nov 2003 23:48:03 GMT  
 yes i'm stumped
Don't you think that this is probably just a case of the OP's email address having been harvested
from public sources and used to forge the from address?

I have on a few occasions gotten {*filter*} replies from people I don't even know claiming that I had
sent them virus infected email attachments.  Unless this is an ongoing problem, I don't think it's
worth the OP's time to investigate.

--
Michael Harris
Microsoft.MVP.Scripting
--

Please do not email questions - post them to the newsgroup instead.
--



Thu, 06 Nov 2003 01:48:00 GMT  
 yes i'm stumped
thanks for the reply, Michael

this seems to have been a one time occurrence...so i suppose i won't worry
too much...
but i just think it odd that some entries from my address book from
almost 2 years ago have just recently gotten the email.
in your case, someone had forged your address
but the recipients were people you did not know.
in my case, they were people i do know and in a former
address book.

these addresses must have been taken off my machine at one time
i'd think???

--

Philo

website : www.plazaearth.com/philo

dos win lin os/2 cp/m nde beos



Thu, 06 Nov 2003 02:47:07 GMT  
 yes i'm stumped
thanks for the reply...but i ****formatted**** the machine and reloaded it
before i gave it to them!!!!
i am, absolutely positive the address book was no longer there and i am
positive
the person would not have attempted a data recovery etc...
that is simply not a possibility.!!!!!
plus ,even tho the mechinism was similar to magistr, there were
certain code phrases that differed...

...now that i've had a few days to think about this, i'm sure
my old machine did have a virus over a year ago...
which was evidently passed on to someone else and recently re-released

one of the few people who got the virus sent to them
was someone who does a lot of world traveling and may
go for months or much longer with no contact...
so i think it might have been dormant in their account...

the thing is... they do not own a computer but have a hotmail account...
so i'm now wondering if i had sent them an infected email
a year ago...
and when they checked their mail for the first time in
maybe a year for all i know,,,
it got re-released???

but this would have been from a hotmail account

this is kind of far fetched i suppose...but there are no too many
more scenarios i can come up with

Philo

--

Philo

website : www.plazaearth.com/philo

dos win lin os/2 cp/m nde beos



Mon, 17 Nov 2003 04:47:41 GMT  
 
 [ 7 post ] 

 Relevant Pages 

1. yes yes yes

2. An AWK poser that's stumped a novice

3. Okay, I'm stumped.

4. error 19 - i'm stumped - snip [1/1]

5. I'm Stumped ...

6. I'm stumped on threads

7. Problems installing pythonwin - I'm stumped

8. [Fwd: Re: I'm stumped on threads]

9. proc global problem - I'm completely stumped

10. I'm stumped, need help

11. expect u question - i'm stumped - completely...

12. Yes, I'm writing a book

 

 
Powered by phpBB® Forum Software