DO NOT open the "attached document" <<<<<<<

With a little bit of experience you'll learn to recognize these from the first line or so.

Until then, follow Jason's suggestion and look at the header. If the message supposedly comes from a U.S. company, but the originating domain is in China, France, Bulgaria, or any other country besides the U.S., then you know it's bogus immediately. This alone eliminates more than 90% of the bad messages.

Any e-mail from "the administrator of your own domain", saying your e-mail will be terminated if you don't click on the link below, is false.

Any message from your bank, some other bank, eBay, PayPal, or frankly anybody else, saying something like "your account has been compromised and you must log in below..." is false.

Never click on a link in an e-mail unless you are absolutely sure where it goes. The status bar catches the amateurs, but not the rest. A trusted friend may be a patsy, passing on somebody else's bad messages.

If something needs to be done on a login site, enter the URL yourself, don't click in the e-mail or even copy the address from an e-mail.

There are so many different scam types that a hefty book could be written about them.

Randy,

Several months ago, some idiot spammer sent out a bunch of spam that spoofed my domain name as the apparent sender. The spam filters at various ISP's caught this and have now filtered any e-mail with my domain name as unwanted spam. I have not been able to use MY OWN domain name for either outgoing or incoming e-mail and I have lost a significant amount of business and important messages as a result.

Of course, I had nothing to do with the spam, nor was my server or any of my computers used to send the spam. I've been trying to get my domain name off the spam filter lists, but it appears that this is going to be impossible. It's "guilty until proven innocent" and there is apparently no way to prove my innocence.

Should you do something about your situation? Yes. Can you do something about it? No.

I would LOVE to get my hands around the neck of the jerk spammer that did this.

John

Randy,
Run Regedit and tell me what values appear under the following subkeys:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\SharedAccess


Mytob trojans have been spreading like wildfire. Read this article.

Your e-mail account may have been compromised. Try running your virus scanner in "safe" mode as the virus will disable many firewalls and other safeguards.

I got rid of Panda. It actually contains it's own virus (try another virus scanner and see for yourself) and also slows a computer down as much or more than Symmantec software does.

But for now, do the above as some of the trojan may have to be removed manually. If you start getting "undelived mail" returned to your InBox that you didn't send, you may have to open another sub-account to your main one.

John

Also run this online port scanner. Wipe out the programs that are pre-authorized in your firewall first. You can always allow them again later, but I would set everything to "ask" and not automatically allow any processes, etc access.

panda might not have a virus in it. Some scanners get false positives, plus if you use the "backup" option (also known as a virus chest, or something along those lines) then it could say there's a virus there because it's put locked down.

are you accessing your mail via web based or through a client (outlook, thunderbird, etc).

if it's through web based you should be ok. If it's a client (hopefully not outlook) then you should turn off any auto-run stuff & turn off the preview pane in outlook. That will help keep things away (just so you know, if a file IS autodownloaded, just clicking on the file, not even running, will access it)

I'm a former Panda user, but had to dump it (several versions of it) because it caused so much trouble in my system.

I switched to Trend Micro which works A+, but your e-mail will be slowed down (which I find to be a very acceptable price to pay).

NAV2005 is also OK, I have this on two machines.

Turning off the preview pane is painful for those who get a lot of e-mail.

Outlook Express is totally brain dead for security, especially for the preview window.

If you use OE today, switch to Thunderbird immediately. With this, you can keep the preview window (because it won't run ActiveX, and it won't download images until you feel safe enough to click "View Images").

Outlooks is tricker to replace, at least if you use the advanced features.

I use thunderbird too & have pictures disabled. The lack of activeX is nice too. :)

I've been using AVast antivirus & I like it. I replaced another free one (forget which) when the new version made my system run crappy. I have avast run with slightly higher then default settings & I don't get dropped frames, slowdowns, etc. when editing. :)

This particular email is a common trojan. It is sent to every email address it can find, and it has a fake from line of administrator@whateverdomainname. I get them from administrator@chienworks.com. This in itself is completely harmless as anyone (or any virus) can make up any from address it chooses. I could easily send you an email from gwbush@whitehouse.gov if i wanted to, no hacking necessary. Of course, the reason this particular trojan does this is to try to trick you into thinking it's legitimate. Imagine if you were a hotmail user and you got one of these from administrator@hotmail.com. You might think it was real and should pay attention to it. The only people getting those emails from your domain name are users with your domain name as their email address. It's not being sent anywhere else.

Of course, all they're trying to do is get you to open the attached file which will infect your computer.

A spammer using your email address as a return address is known as a "joe job", and is of course, illegal.

This happened to me too. You will know you are a victim of a joe job when thousands of bounced emails for undeliverable addresses flood your mailbox, with the occasional nasty note from someone to stop spamming them.

This has nothing to do with being infected by a virus. Due to flaws in the current Internet mail system any spammer can forge your address as a return address.

I was extremely annoyed. I noticed that all the spam were advertising for the same drug sites, so I set up a mail filter on the ISP server to forward anything regarding these spam bounces to the owner of the drug site domains. Eventually though, my ISP removed the filter because eventually the offending sites started rejecting the messages and they again bounced back towards me.

There is really not much you can do except report it to the FTC and wait for the offending spammers to move on to the next victim. It took about two weeks before the spam bounces started to subside for me.

Good luck!

Randy G.

Lots of good advice has been given about what is probably really happening with these emails.

If you want a tool to help with understanding what information can be dug out of the email headers, you could try downloading and installing Sam Spade for Windows . Been a while since I installed but I think you may need to give it the IP address of you name server for a lot of the good stuff to work. RTM.

After installing it, the program can be used to help analyse the meaning of email headers (plus a lot more). The way I use it is to display the email in my reader including the headers. I seclect all that text and copy it (Ctrl-C). I open Sam Spade and select EDIT / Paste. The mails message shows up in Sam Spade window and now has extra text interspersed in the email to give best guess explanation of what the parts of the header mean.

Its not 100% on all its interpretations, but is a big leap in understanding the headers if you aren't already an expert. Has lots of tools for looking up information about IP addresses or domain names.

You can read more details on the web pages of the link above.

As a virus scanner, I like NOD32 It has a very good history of virus detection and is one of the most efficient scanners -- it is fast and light on system resources.

A spyware and trojan scanner like AdAware (this version is free) is a good thing to run from time to time too.

Just a simple suggestion and it will not stop nasties getting to you via email but we've found a hardware firewall / router pretty effective at stopping a lot of the other nasties.
Bob.

You know, a real pet peave of mine is when someone posts and people reply trying to help and the original poster doesn't bother to come back!
Sorry guys and thanks for the overwhelming response. I had some things come up and have to deal with more today. I will try some of the suggestions and get back asap.
Thanks again,
Randy

John_Cline,

Chances are, your domain and/or mail server IP address information has made it on one or more "blacklists". A dirty little secret that some ISPs withold from you is that they use these blacklists to automatically reject email that comes from them without even notifying you. If you have a website and correspond with a decent number of "strangers", there's a good chance that you're going to have your domain name spoofed at some point, due to someone else's ignorance or carelessness in not maintaining a secure system. This can result in mail from your domain going into a black hole and legitmate mail from others also being discarded before you have a chance to see it and decide for yourself it it's spam. The bottom line is, you simply can't depend on email.

This infuriates me to no end, and I'm having to switch hosting services because the one I've used and liked for a long time has begun to rely on these blacklist services. I have a correspondent with whom I exchange mail on a near-daily basis, and his messages to me have begun to bounce, because his mail server IP address wound up on a blacklist.

Here are a few of addresses you can look up to check if your domain is on their list. You may be able to contact some of them and request that your domain be de-listed. I know at least one of them will try to CHARGE YOU to have your domain name removed.

Good luck. May your video be well-lit and your blood pressure go down...



LIST.DSBL.ORG (http://dsbl.org/main)
RELAYS.ORDB.ORG (http://ordb.org/lookup/)
DNSBL.SORBS.NET (http://www.dnsbl.au.sorbs.net/lookup.shtml)
BL.SPAMCOP.NET (http://www.spamcop.net/bl.shtml)
SBL-XBL.SPAMHAUS.ORG (http://www.spamhaus.org/lookup.lasso)

One site of note is www.ordb.org. You can perform lookups of any IP
address against various 3rd party RBL lists.