Tom's Guide | Tom's Hardware | Tom's Games

Computing.Net > Forums > Security and Virus > Sober.i worm spam

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

Sober.i worm spam

Reply to Message Icon

Name: Victor (by vhaverkort)
Date: January 4, 2005 at 08:51:31 Pacific
OS: win 98se
CPU/Ram: p3 866, 128mb
Comment:

Hello,

I get a lot of automatic spam messages from different senders with attachments and text like the Sober.I worm creates. (for info:
http://www.viruslist.com/en/viruses/encyclopedia?virusid=66102)
For example:

"This mail was generated automatically.
More info about --PLANET-- under: http://www.planet.nl
-------
Occured_Errors:
100.237.165.118_failed_after_I_sent_the_message.
% 331: mailbox_unavailable
End
-------
The full mail is attached.
Auto_Mail.System: [planet]
*-*-* Mail_Scanner: No Virus
*-*-* ZONNET- Anti_Virus Service
*-*-* http://www.zonnet.nl"

and:

"I was surprised, too!
Who_could_suspect_something_like_that?s---yiiiii"

Properties of one of these mails:

X-Kaspersky: Checked
Return-Path: <re-mail_system@planet.nl>
Delivered-To: ...@zonnet.nl (my email adress)
Received: (qmail 7398 invoked by uid 0); 4 Jan 2005 15:19:43 -0000
Received: from unknown ([10.170.1.111])
(envelope-sender <>)
by qmail03.zonnet.nl (qmail-ldap-1.03) with QMQP
for < >; 4 Jan 2005 15:19:43 -0000
Delivered-To: CLUSTERHOST mail1.versatel.nl ...@zonnet.nl (my adress again)
Received: (qmail 5555 invoked by uid 10); 4 Jan 2005 15:19:43 -0000
Received: (vexira-qq 13980-3BC3A1CA invoked from network) 04 Jan 2005 16:17:08 +0100
Received: from h167086.upc-h.chello.nl (HELO vghmxodlb.nl) ([62.194.167.86])
(envelope-sender <re-mail_system@planet.nl>)
by mail1.versatel.nl (qmail-ldap-1.03) with SMTP
for < >; 4 Jan 2005 15:17:08 -0000
From: re-mail_system@planet.nl
To: Account@zonnet.nl
Date: Tue, 04 Jan 2005 15:02:03 UTC
Subject: Mail Error <SMTP:6836>
Importance: Normal
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
Message-ID: <8b33f.dbc458804da@planet.nl>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="=a79df5bf940c8e81ed8b790"
Content-Transfer-Encoding: 7bit
X-AntiVirus: checked by Vexira MailArmor (version: 2.0.1.16; VAE: 6.29.0.5; VDF: 6.29.0.48; host: postbus01.zonnet.nl)

I checked the properties of different e-mails and I found that they all came from 1 ip adress, which is probably the computer that has the virus.

'h167086.upc-h.chello.nl' ([62.194.167.86]) (different HELO logins) and 'unknown' ([10.170.1.111]) are in every message.

Questions:
How do I find out who this is so I can tell he has a virus?
Otherwise how can I block this ip adress?
Or is there an other way to fix it?


- Victor



Sponsored Link
Ads by Google
Reply to Message Icon

Related Posts

See More


Symantec Antivirus 8.1 Followup - M$ Giant Anti-...



Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.


Go to Security and Virus Forum Home


Sponsored links
Ads by Google


Results for: Sober.i worm spam
I-worm/Opas.a/e for W98 HELP!! www.computing.net/answers/security/iwormopasae-for-w98-help/3246.html

How do I rid I-worm/yaha.m? www.computing.net/answers/security/how-do-i-rid-iwormyaham/3836.html

I-WORM/Opas.A www.computing.net/answers/security/iwormopasa/3197.html