> Netters,
> My Norton Virus scan just nailed an e-mail from what appears to be Bob
> Farmer, that had the bugbear virus as an attachment. Just thought everyone
> might want to know...
As Mark has stated MANY times the virus uses a return address from the
address book of the infected computer not the computer that has the virus.
The same virus was caught by my ISP and the results are shown below.
Perhaps this will help the person that has the virus.
"This e-mail is generated by the horace.ls.net mail server to warn you
that the e-mail
sent by <not disclosed> to <not disclosed> is infected with virus:
Win32/Bugbear.B.dam.
Please contact your system administrator for further information.
If you are the sender:
-------------------
The scanned e-mail has your address in the <From> header field. Either your
computer is infected or someone's computer having your e-mail address in
the address book has been infected.
(Please note that some viruses are sending e-mails directly from your
computer.
Our advise is to check your computer using an up-to-date antivirus product).
If you are the receiver:
---------------------
Please contact the sender: most likely he/she doesn't know he/she has a
computer virus.
Actions taken for the infected files:
-------------------------------------
The infected file was saved to quarantine with name: 1057083238-RAV1735.
The file (part0001:- Getting Started Tips -.DOC.scr) attached to mail
(with subject:
Re: KR> fuel tank leaks) sent by <not disclosed> to <not disclosed>
is infected with virus: Win32/Bugbear.B.dam.
Cannot clean this file.
The file was successfully deleted by RAV AntiVirus.
------------------------
this is a copy of the e-mail header:
THIS IS NOT MY ISP (BOB)(Received: from epic.mail.pas.earthlink.net
(epic.mail.pas.earthlink.net
[207.217.120.181]))IF THIS IS THE PATH OF YOUR E-MAIL CHECK YOUR COMPUTER
FOR VIRUS (BOB)I AM USING ALL CAPS TO SHOW WHERE I HAVE INSERTED TEXT SO
DON'T JUMP ON ME FOR SHOUTING.(BOB)
by horace.ls.net (Postfix) with ESMTP id 108E07BDF8
for <foamh...@ls.net>; Tue, 1 Jul 2003 14:13:58 -0400 (EDT)
Received: from 216-40-164-175.flint.tir.com ([216.40.164.175]
helo=company-8qcoo8w)
by epic.mail.pas.earthlink.net with smtp (Exim 3.33 #1)
id 19XPfB-0000fC-00; Tue, 01 Jul 2003 11:15:34 -0700
RAV AntiVirus for Linux i386 version: 8.4.2 (snapshot-20030212)
Scan engine 8.11 for i386.
Last update: Tue, 01 Jul 2003 08:14:50 -04
Scanning for 79570 malwares (viruses, trojans and worms).
>
> Colin Rainey KR2(td)
> crain...@cfl.rr.com
> Sanford, Florida
> FLY SAFE!!!!_______________________________________________
> see KRnet list details at http://www.krnet.org/instructions.html
>
>
