[Dshield] Yaha question

KeithTarrant@spamcop.net KeithTarrant at spamcop.net
Wed Nov 27 20:26:50 GMT 2002


Anthony -

Can you post a couple of the emails your system allegedly sent -- including the full headers.

Maybe your email address is being spoofed as the sender.

As for the virus sending itself to people not in your address book, check the technical description of the virus.  There are several places this virus goes to to get email addresses, not just the address book.

Another thing you can try to look for the virus is to use a web based virus scanner (free).  It is a simple way to double check that your regular virus scanner hasn't missed anything due to corruption or an oversight on the makers part.

http://housecall.trendmicro.com/housecall/start_corp.asp
http://security1.norton.com/

To fix your computer.  Disable any automatic mail pickup.  Make sure you have good passwords on any shared disks.  Use read only shares in preference to read-write shares.  Clean your computer, apply all critical updates using Windows Update (don't apply updates for languages you don't use or hardware you don't have).  If you don't have certain of those critical Windows fixes you can get infected before your virus monitor can prevent it.  

You might also want to re-install your AV and firewall software and re-update it.

- Keith
  ----- Original Message ----- 
  From: Anthony Bego 
  To: list at dshield.org 
  Sent: Tuesday, November 26, 2002 10:17 PM
  Subject: [Dshield] Yaha question


  Hi Grant,

   

  I noticed your Yaha fix on the web and I wanted to ask you for a little help.  Main problem is I cannot tell if I have the virus or not.  When I receive an infected mail with the   W32.Yaha.F at mm Norton recognizes it and says it put it in quarantine.  But I keep getting mails about 5-10 per day saying I have this infection.  I downloaded the fix/scan tool from Norton fixyaha.com and it says it's clean.  My exe files seem to work fine but people keep telling me I am sending then this virus?  I downloaded the latest office patches from Mircoshaft and that stopped it for a few days but it has started up again. Infected mails over and over.  I even get return mails form people whom I don't have their email address.  I don't understand how I could have sent them a virus when I didn't have their email address in my address book?  

   

  I do not have a mail server just the normal outlook .pst file.  But was wondering if you knew if I had the virus in my PC somewhere and possibly  it was undetectable by Norton?   And is there anyway to clean it?  

   

  http://www.dshield.org/pipermail/list/2002-September/000904.html 

   

   

  Anyway sorry to bother you just wondering if you knew anything that could help me.

   

  Anthony Bego

  ------------------------------

  Harton Reed Limited

  Phone:    (852) 3106-3034

  Main:     (852) 3106-3030

  Fax:      (852) 3106-3031

  Email:  abego at hartonreed.com

  http://www.hartonreed.com/ 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.dshield.org/pipermail/list/attachments/20021127/040784ea/attachment.htm


More information about the list mailing list