Computing.Net > Forums > Security and Virus > Massmail worm leave trace in Sent ?

Computing.Net: Over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to sign up now, it's free!

Massmail worm leave trace in Sent ?

Reply to Message Icon
Original Message
Name: CyyberSpaceCowboy
Date: July 29, 2004 at 22:03:35 Pacific
Subject: Massmail worm leave trace in Sent ?
OS: 98 XP
CPU/Ram: N/A
Comment:

Would the typical mass mailing worm leave the outgoing messages in the Sent Items folder or would it clean up after itself? Symantec detected Beagle.X on one of our systems, but it looks like it cleaned it out of an incoming e-mail, not removing an installed virus. We had complaints of porn related mailings coming from it's mailbox, but I suspect it's an outside computer spoofing the address of our users (one of the mail accounts involved is on a PC that isn't plugged in).

How can you test your traffic to see if a virus has opened a back door into your system? I.E, the latest MyDoom drops Zindos.A and tells the virus creator that your system is open. Of course, AV software should remove both. For the sake of arguement, how would you detect an infection without AV software (short of verifying every process against sysinfo.org), remove it, and be assured it was gone. Is there anything one can do but but your fate in the hands of McAfee, Symantec, et all?


Report Offensive Message For Removal


Response Number 1
Name: Martin Crandall
Date: July 30, 2004 at 07:16:50 Pacific
Reply:

If you ever do get a virus, here is a list of 73 removal tools for different viruses. Each one will run from an A:\ disk. I keep them all on CD for customer housecalls.

http://securityresponse.symantec.com/avcenter/tools.list.html

The mass mailing worms will clean up after themselves very nicely.

As far as what you have already? TrendMicro has a good online scanner that can identify existing infections. Then DL the appropriate removal tool from Symantic.

If I had a system that was highly suspect:

1. Look at the Processes in your Task Manager and learn what they are.
2. TrendMicro online scanner.
3. Run HiJackThis and learn how to read the report.

_________________________
The internet is no longer a toy, it's a COMBAT ZONE!


Report Offensive Follow Up For Removal

Response Number 2
Name: bbqbeef
Date: July 30, 2004 at 17:10:45 Pacific
Reply:

beagle uses its own SMTP engine to send email. Outlook or OE never sees the email.

A good firewall should block beagle email. Personal firewalls should be set to prompt before allowing outbound access. Look at the log occasionally for unusual activity.

http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.b@mm.html


Report Offensive Follow Up For Removal

Response Number 3
Name: CyyberSpaceCowboy
Date: July 30, 2004 at 21:28:06 Pacific
Reply:


Thanks for the feedback, guys.


Report Offensive Follow Up For Removal







Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.


Go to Security and Virus Forum Home



Results for: Massmail worm leave trace in Sent ?
common name, bbb.exe, ....etc HELP!
    Summary: Every website you visit leaves traces in temp folders. The viruses seemto kick in after closing your browser. I always delete My cookis and Temp IE files before closing the browser. Tools, Internet O...
www.computing.net/answers/security/common-name-bbbexe-etc-help/8965.html

MSN Virus
    Summary: I have uninstalled Norton AV before i even had the virus. Doese it still show something containing Norton AV? I hate Norton AV because if you remove it it leave traces in the system. The only thing No...
www.computing.net/answers/security/msn-virus/19608.html

virus alert!!
    Summary: Weekly virus report - Virus Alerts, by Panda Software (http://www.pandasoftware.com) Madrid, October 10, 2003 - In this week's virus report we are going to focus on three Trojans -IRCBot.D, Ruled...
www.computing.net/answers/security/virus-alert/6836.html



Specialty Forums
Security and Virus
General Hardware
CPUs/Overclocking
Networking
Digital Photo/Video
Office Software
PC Gaming
Console Gaming
Programming
Database
Web Development
Digital Home

The Lounge

Drivers
Driver Scan
Driver Forum

Software
Automatic Updates

BIOS Updates

My Computing.Net

Howtos
General Forums
Windows XP
Windows Vista
Windows 95/98
Windows Me
Windows NT
Windows 2000
Win Server 2008
Win Server 2003
Windows 3.1
Linux
PDAs
BeOS
Novell Netware
OpenVMS
Solaris
Disk Op. System
Unix
Mac
OS/2

Site Search

Message Find

Data Recovery

About


Which MP3 player do you have?

iPod/iPhone
Zune
Something Else
None


View Results

Poll Finishes Today.
Discuss in The Lounge
Poll History


viewing HD space in Vista

Where to buy a touch screen?

Gbyte 45-DQ6 Mobo 1 long, 2 short?

graphic media acc. problem

formula in Crystal Report 8

All Awaiting Reply



CES 2009: PC Building Competition

Sony's Recession Friendly Walkman and Cybershot Phones

Palm Wants to Take Out the iPhone

Tom Hanks, Howard Stringer Show Prototype Movie Glasses

CES '09: Toshiba SCiB Battery Charges 4X Faster

More Tom's Guide News

Data Recovery Software