Yesterday, my system defended against a NewTear attack, and I received an email with a virus in it, detected as one of the "bear" viruses. My system also shutdown once, citing a fatal error.

My system has apparently been generating auto-emails because I am getting numerous bounce-backs from Postmasters with unknown email addresses in them. Can anyone please help me determine what is causing this and help me to rectify it? I am afraid my system is sending out viruses.

Thanks in advance,
Echoe

The "bouncebacks" are most likely not from your system. It is another social engineering trick.

People see the "returned" email, and think "what did I send?" They open it to see and BAM! - get infected with a virus.

The email you are receiving most likely came from someone who did open the email. Their machine is infected and sending out the infected emails.

If you think you may have been infected, try an online virus scan (trend-micro or panda soft).

Thanks, Efabes, I'm not sure I'm following, but will try your online scan suggestions. I run McAffee and just ran Trojan Remover, I also have Ad Aware and Spybot.

On these bouncebacks, I'd have to open the files to be infected, right? Or is just opening the email enough?

It could be an attached file or just a link within the email. Click on it, and you get the virus (unless your av stops it).

There are some scripts that can hurt you by just opening the email (without opening an attachment/link)- especially if you do not have all the windows updates. There are bound to be more of these in the future, which is why it is good to have the "preview" off.

What I was saying is that you probably do not have the virus. Someone else who does (who as you in their address book) is sending you the email with the subject of "undeliverable." It is just a trick to get you to open it. The person most likely does not even know their machine is emailing the virus.

Sorry if I was not clear.

Thanks again, Efabes. You were clear, I was not. :) I do have all the updates, and do not use preview, but I did click to see one or two bounceback contents, (not the file attachments.)

Should I send out an alert to my email contacts that they may be infected?

Thanks so much for your help.

I've had the false bounceback with viruses too, but lately I seem to be getting legitimate ones. No attachments or links to click. Based on the response to a question I posted on here earlier regarding the Norvag (MyDoom) virus, it appears an infected computer will send out mail using the sender name of someone in the infected user's address book.

For instance, Infected Joe has me in his address book. The virus sends an email to Joe's sister Sue but uses my address as the sender. Sue's mail account blocks the infected email and sends me a return mail notification even though I never sent the email.

That's my take on it.

RAF

That is possible.

I think what normally happens is Joe has you in his address book. Joe gets a virus. The virus generates emails to everyone in Joes address book, including yours (your address is placed in the header and it is sent to you like it came from you).

It may also be from admin (or whatever) with the the subject of "undeliverable email." Again, this is to trick you into opening it.

If your isp removes the virus, the email will still come through to you, but without the virus attached. It may also come through with the virus still attached. You may not get the email at all.

I had started getting the MS update virus (I forget which it was). I got an email from my isp stating these would all be blocked - and they were.

Welp, I've received two MyDooma viruses in email, in the last two days. McAfee caught it. I also recieved, two or three weeks ago, an email from an anonymous source, that had a friend's email encoded in the header, in the From section. My friend didn't send that email. So I obviously have something going on...as well as a lot of other people. MS has posted a critical virus advisory, there's a leak in the Windows Media Player, and they are offering a patch. Hope you all will get it, (the patch that is). :)

Thanks again!