No virus : Repeated Emails

[chuaby]

Hi

a user1 has been receiving tonnes of repeated emails from multiple
sender in her outlook.
one of the senders is another person (user2) sitting next to this
user1. I have checked both their computers using Norton Anti-virus and
found nothing.

User2 does not have email anomaly that could "spoof" from her account.

It so happens that our VPN link to our corporate office is slowed down
too.
I do not know if these 2 problems are related.

May i know is there any virus that could not be detected that is
causing this problem ?

I have made sure user1 outlook does not store any copy in the server.

For some hint on how to resolve this problem please.
Thank you
Boon Yiang

 

[Lanwench [MVP - Exchange]]

Hi

a user1 has been receiving tonnes of repeated emails from multiple
sender in her outlook.
one of the senders is another person (user2) sitting next to this
user1. I have checked both their computers using Norton Anti-virus and
found nothing.

If you want a second opinion, try http://housecall.antivirus.com

User2 does not have email anomaly that could "spoof" from her account.

Anyone can spoof a sender in e-mail - and viruses do this all the time. So
do spammers. Take a look at the full Internet headers of one of the messages
& you'll see it's probably not really from the person/domain/server it
purports to be from.

It so happens that our VPN link to our corporate office is slowed down
too.
I do not know if these 2 problems are related.

Probably not, but more info might help. Do you connect to a corporate e-mail
server across this connection, or are you all using Internet mail?

May i know is there any virus that could not be detected that is
causing this problem ?

Does your Norton scan mail as well? Is it of recent vintage, and do you keep
it updated regularly?

 

[chuaby]

Anyone can spoof a sender in e-mail - and viruses do this all the time. So

do spammers. Take a look at the full Internet headers of one of the messages
& you'll see it's probably not really from the person/domain/server it
purports to be from.

the strange thing is that the email headers are the same. Only the
"Time" is different.

eg :

"X-MIMETrack: Serialize by POP3 Server on <My corporate
server>(Release 5.0.10 |March 22, 2002) at
05/21/2004 06:44:51 AM,
Serialize complete at 05/21/2004 06:44:51 AM
"

and

"X-MIMETrack: Serialize by POP3 Server on <My corporate
server>(Release 5.0.10 |March 22, 2002) at
05/21/2004 03:14:44 AM,
Serialize complete at 05/21/2004 03:14:44 AM
Content-Type: multipart/alternative; boundary="=_alternative
000B464148256E99_="
"

Probably not, but more info might help. Do you connect to a corporate e-mail
server across this connection, or are you all using Internet mail?

Yes, the email server refers to an internal Private IP address via
this VPN link. That's why i was suspecting that this could be
affecting the performance on this link.

Does your Norton scan mail as well? Is it of recent vintage, and do you keep
it updated regularly?

i remember whenever i install Norton, i will reach a screen that asks
me if i want to scan OUTLOOK or Lotus Notes. I did select that option.
I believe it will. So far, i have not really detected virus from email
though.

for your further advice please.
Thank you
Boon Yiang

 

[Lanwench [MVP - Exchange]]

the strange thing is that the email headers are the same. Only the
"Time" is different.

eg :

"X-MIMETrack: Serialize by POP3 Server on <My corporate
server>(Release 5.0.10 |March 22, 2002) at
05/21/2004 06:44:51 AM,
Serialize complete at 05/21/2004 06:44:51 AM

The full, unedited email headers would be helpful for you to look at..
should tell you the sending server's IP address, etc.

"

and

"X-MIMETrack: Serialize by POP3 Server on <My corporate
server>(Release 5.0.10 |March 22, 2002) at
05/21/2004 03:14:44 AM,
Serialize complete at 05/21/2004 03:14:44 AM
Content-Type: multipart/alternative; boundary="=_alternative
000B464148256E99_="
"


Yes, the email server refers to an internal Private IP address via
this VPN link. That's why i was suspecting that this could be
affecting the performance on this link.

Well, pulling mail across from your server will, but it shouldn't be too
much.

 

[chuaby]

If you want a second opinion, try http://housecall.antivirus.com

Hi Lanwench,

I have some reservation using AV scanner via browser initially. And it
really happened.

I was scanning half way, and my Norton gave a warning saying this file

"C:\Documents and Settings\t\Tempuser\Local Settings\Temporary
Internet Files\Content.IE5\M9MHWHQX\download.mp3[1].exe"

is a trojan.

this sounds scary. I am quite worried that
http://housecall.antivirus.com
open up some ports that allows trojan to come into my computer.

Have you encountered that before ?

Thank you
Boon Yiang

 

[Lanwench [MVP - Exchange]]

If you want a second opinion, try http://housecall.antivirus.com

Hi Lanwench,

I have some reservation using AV scanner via browser initially. And it
really happened.

I was scanning half way, and my Norton gave a warning saying this file

"C:\Documents and Settings\t\Tempuser\Local Settings\Temporary
Internet Files\Content.IE5\M9MHWHQX\download.mp3[1].exe"

is a trojan.

this sounds scary. I am quite worried that
http://housecall.antivirus.com
open up some ports that allows trojan to come into my computer.

No - it's a webpage with Java. IT can't open up anything. Delete your
temporary internet files in IE. This is something that came in before....