OT: Inundated with bogus(?) warnings I'm infected

[Mike McCarty]

Paul Howarth wrote:
> Mike McCarty wrote:
> 
>> Paul Howarth wrote:
>>
>>>
>>> It's probably just clueless anti-virus software sending mail to the 
>>> forged sender address used by the virus.
>>
>>
>> Quite possibly. But some of it has the virus in it as well.
>> I'd like some help reading the forged headers and trying
>> to clean or shut down whoever is doing this.
> 
> 
> How about posting the headers from one of the mails and we can take a 
> look at them?
> 
> Paul.
> 

Ok, here's an example. I turned on all headers. The actual message
in this case is one that my ISP caught, and clobbered the attachment
which the ISP claims contains a copy of a virus. In cases like this,
the attachment is 0 bytes long. The message sent to me purports
to be a delivery failure. I know for a fact that I did not send
any such message. As pointed out by others, this may be the results
of yet another party who is infected, and who is unknowingly spoofing my
e-mail address. It has been more than a year since I last booted
Windows XP on my machine, and when I do boot it I am never connected
to the net. I have never set up XP on this machine to be able to
send or receive email.

-M-E-S-S-A-G-E---B-E-G-I-N-S-
Your AT&T Yahoo! Mail Virus Protection detected the virus 
'W32.Mydoom.M at mm' in the file 'Document.pif', attached to the enclosed 
email message. We scanned the file using Norton AntiVirus but were 
unable to clean it. Therefore, we removed the content of the attachment 
from the message. Please contact the message sender if you want to 
receive the attachment. They must clean the file and resend it before we 
can deliver it to you safely.



AT&T Yahoo! Mail successfully cleans most infected attachments, which 
protects you from viruses.




Subject: Delivery reports about your e-mail
From: "Mail Administrator" <MAILER-DAEMON at sbcglobal.net>
Date: Wed, 13 Sep 2006 14:23:40 +0000
To: mike.mccarty at sbcglobal.net
X-Apparently-To: mike.mccarty at sbcglobal.net via 216.252.101.37; Wed, 13 
Sep 2006 11:07:33 -0700
X-Originating-IP: [162.39.117.147]
Authentication-Results:
mta101.sbc.mail.mud.yahoo.com from=sbcglobal.net; domainkeys=neutral (no 
sig)
Received: from 207.115.57.79 (EHLO ylpvm48.prodigy.net) (207.115.57.79) 
by mta101.sbc.mail.mud.yahoo.com with SMTP; Wed, 13 Sep 2006 11:07:33 -0700
X-Originating-IP: [162.39.117.147]
Received: from sbcglobal.net (h147.117.39.162.ip.alltel.net 
[162.39.117.147]) by ylpvm48.prodigy.net (8.13.6 inb/8.13.6) with ESMTP 
id k8DI7NKK019802 for <mike.mccarty at sbcglobal.net>; Wed, 13 Sep 2006 
14:07:31 -0400
Message-ID: <200609131807.k8DI7NKK019802 at ylpvm48.prodigy.net>
MIME-Version: 1.0
Content-Type: multipart/mixed; 
boundary="----=_NextPart_000_0006_7AAB0288.C52F82A9"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000

This message was undeliverable due to the following reason(s):

Your message could not be delivered because the destination server was
not reachable within the allowed queue period. The amount of time
a message is queued before it is returned depends on local configura-
tion parameters.

Most likely there is a network problem that prevented delivery, but
it is also possible that the computer is turned off, or does not
have a mail system running right now.

Your message could not be delivered within 8 days:
Host 130.19.41.21 is not responding.

The following recipients could not receive this message:
<mike.mccarty at sbcglobal.net>

Please reply to postmaster at sbcglobal.net
if you feel this message to be in error.
-M-E-S-S-A-G-E---E-N-D-S-

Thanks for any help.

Mike
-- 
p="p=%c%s%c;main(){printf(p,34,p,34);}";main(){printf(p,34,p,34);}
This message made from 100% recycled bits.
You have found the bank of Larn.
I can explain it for you, but I can't understand it for you.
I speak only for myself, and I am unanimous in that!