Do I have a virus?

[Ed_L]

I received an e-mail from a longtime online acquaintance telling me that his virus protection caught a virus that I sent. I haven't sent this individual an e-mail for quite some time, but he is in my address book. I have NOT visited any questionable websites, and I only visit websites having to do with Photoshop or genealogy on a regular basis. The only other sites I might visit are Amazon.com or sites like bestbuy.com. I also have not downloaded anything for quite a while. About an hour ago I ran a virus check from Symantec.com, and it came up clean. My anti-virus runs each and every day, but nothing has been found. What are the chances Symantec and AVG are both missing a virus?

Ed

[Doug Nelson]

It's possible, but I suspect someone else that has you in their address book has a virus. Many of the new breed of worms/viruses ransack the user's address book for cover names, in the hope that someone will think it's really someone else they know and activate the attachment (or, slightly more benignly, just open it and read the spam advertisement).

I get email all the time from rachel@retouchpro.com, manager@retouchpro.com, etc., all aimed at fooling me into opening the email, thinking it's a co-worker. The insideous part of spam and virus emails is that the displayed "from" email address has nothing to do with the actual email sender.

[Ed_L]

Aha! Thanks very much for taking a worry off my shoulders.

Ed

[DannyRaphael]

Ed:

Just so you know re: "My anti-virus runs each and every day"

If you're merely doing a scan for virues everyday, this is false comfort -- but only slightly. New virus "definitions" are typically made available weekly by the major supplier, unless a really ugly virus comes up and starts messing everybody up, e.g, Melissa or Blaster in which new definitions are made available sooner than the normal weekly distribution.

If by slim chance you're among "the first ones" to be infected by a new virus before a corresponding virus definition is created and downloaded/installed on your computer, there's a chance, albeit a small one, you could get infected.

Taking the action you did pretty much assures all is well. But even with Norton or Symantic or whatever you've got, like condoms, you're only about 99% protected.

Keep practicing Safe Computing!

~Danny~

[BigAl]

Quote:

The insideous part of spam and virus emails is that the displayed "from" email address has nothing to do with the actual email sender.

The current jargon for this is spoofing. It's to make you think it's from someone you know. The horror of this is that often people often get very irate about you sending out viruses, when you actually had nothing to do with it.

[chris h]

You mention AVG Ed, is that a firewall?

[Paris]

Hi Ed,

There's a better chance that you have a Trojen or Data Miner sending info out of your system. Have you a good trojen checker. SpyBot 1.3 is good at getting rid of little extras like this. It's free - another added bonus.

Also, I may not have fully understood your mail... Do you have both Symantic & AVG on your system? Having two virus checkers on a system can cause serious conflicts and return false reports.

Do you have a Firewall? It's always an added security measure that can stop information and unauthorised programs contacting the net without your permission.

**Paris**

[Ed_L]

Thanks for all the replies. AVG is a virus protection software, and I keep it updated with the latest definitions. It has served me well in the past, catching two viruses (virii?). It is the only one I have on my computer, but when I thought it might have missed a virus, I went to Symantec.com and scanned for a virus again. The only firewall I have is the one that comes packaged with XP, and I use it. I do not have Spybot, but I guess this is a good time to get it. Thanks for passing that on.

Ed

[Gary Richardson]

Hi Ed,

Your problem does not really sound like spyware, however it's never a bad idea to protect yourself.

Spybot S&D is a good programme, however I would also add Adaware, and Spyware Blaster, as no one programme seems to give total protection. The latter is a blocker, and will stop Spyware downloading in the first place.

As with all such programmes it is essential that you keep them updated. By the way, all the above are freeware.

I would also upgrade your firewall, XP's inhouse firewall is very basic, and not too secure.

[Ed_L]

It seems as though I do have a virus! My daughter called me this morning to tell me I sent her a virus. It might be on my wife's computer since we have the two networked. Now I need to get rid of it. Does anyone know if a system restore would do the trick?

Thanks Gary. I am using AdAware now. I'll check out the other suggestions.

Ed

[DannyRaphael]

Quote:

Originally Posted by Ed_L

It seems as though I do have a virus! My daughter called me this morning to tell me I sent her a virus. It might be on my wife's computer since we have the two networked. Now I need to get rid of it. Does anyone know if a system restore would do the trick?

Thanks Gary. I am using AdAware now. I'll check out the other suggestions.

Ed

Ed:

Unless you already have automatic system backup/mirroring/restore-like software installed, e.g., "GoBack" or the like, your course of action may be reduced to find it and kill it.

"House call" is a nifty (free) virus finder/fixer. I've used it to kill viruses that Norton missed.

http://housecall.trendmicro.com/hous...start_corp.asp

It's from Trend Micro. (It takes a while to load... be patient). When it does you can specify on which drives to run it (all would be good in your case) + the option to kill anything it finds (also good).

They have a standalone (pay for it) product, too. The download is like a "free sample" to promote their other products.

HTH...

~Danny~

[Gary Richardson]

Hi Ed,

If you're convinced you have a virus and your anti-virus programme does not seem to find it, try doing an online scan at one of these websites.

Trend Micro Housecall
http://housecall.antivirus.com/pc_housecall/

Panda Active Scan
www.pandasoftware.com/products/activescan/

RAV Antivirus Online Virus Scan
www.ravantivirus.com/scan/

BitDefender Free Online Virus Scan
www.bitdefender.com/scan/license.php

Run scan and note name of virus, if programme cannot delete it go to vendors website and search with the name of the virus, they usually have instructions for how to remove it.

Hope this helps.

[BigAl]

You can try a standalone virus remover such as Stinger from McAfee.

Remember, just because your daughter sees the email as coming from you, doesn't necessarily mean it came from you. It could be a spoof coming from someone who has both you and your daughter in their email address book (such as one of your other children!)

[Ed_L]

This has me dumbfounded! The first guy who told me I sent a virus is one that I'm almost positive does not share an online acquaintance with me. My daughter actually told me that she received a tainted e-mail from my wife's address. We're on a network, so I thought for sure one of us had a virus. But after scanning with AVG *and* four online scans, nothing shows up! Maybe I need to wait until new updates come in for the online software?

Ed

[T Paul]

From the web (ask-leo.com):

"You're minding your own business, and one day you get email from someone you've never heard of, and they're asking you to stop sending them email. Or worse, they're angry. Or worse yet, they accuse you of sending them a virus! But you don't know them, you've never heard of them, and you know you've never sent them email.

Welcome to the world of viruses, where you can get the blame for someone else's infection. And there's worse news to come.

Before I get to that, though, there is always a small possibility that your email account has been compromised. The solution there is simple: change your password, immediately. That should prevent someone who's using your account for malicious purposes from continuing, assuming you've chosen a good password.

But these days that's not the most common cause for the situation I've described. Viruses are. And what's worse, there's almost nothing you can do.

The MyDoom/Novarg virus currently running rampant is a great example. The virus infects someone's machine, and then looks in the email address book on that machine, and emails a copy of itself to everyone it finds. What it also does is forge the "From:" address for the email that it sends. What does it use to forge the address? Why the addresses in the address book, of course. So infected machine will send email to everyone in the address book, looking as if it was sent by other people in that address book, even though it was not.

Let's use a concrete example: Peter's machine gets infected with the MyDoom virus. In his address book are entries for friends Paul, and Mary. Paul and Mary have never met, have never exchanged email, and do not know each other - they each just know Peter. The virus on Peter's machine will send email with the virus to Paul looking like it came from Mary. Paul may wonder who the heck this Mary person is and why she's sending him a virus, but she was never involved.

If you're in Mary's place, you can see that it would be frustrating to be accused of something that you had nothing to do with and have no control over.

For the record, your email address may end up in the address books of people you don't know as well. Various email programs will automatically hold on to additional email addresses that were included on email you received, or possibly from email that was forwarded. Viruses have also been known to use other sources of email addresses, or even forward them around as the virus spreads. What that means is that the simple "friend of a friend" example I used with Peter, Paul and Mary, while simple and certainly possible, is not the only way your email could show up as a forged "from" line.

What's important here is simply this: one way or another, email viruses lie about who sent them.

If someone accuses you of sending a virus-laden email, and you are positive you did not, then you have very little recourse other than trying to educate them about how viruses work. Point them at this article if you like. But be clear: you're not necessarily infected, nor is the person who received the mail claiming to be from you. It's some third party who is. (And identifying that third party is difficult - this is why virus writers use this technique.)

And of course be sure that you're not going to get infected yourself: don't open attachments from people you don't know, and make sure you have an up-to-date virus checker and virus definitions file."