Welcome to the MacNN Forums.

petersmall · Aug 17, 2005, 06:20 AM

Recently, I've been receiving many emails each day appearing to tell me I have a worm.
Here are examples of the subject lines:

!ClamAV:VIRUS found:Worm.SomeFool.P! Re: bill
!ClamAV:VIRUS found:Worm.Mydoom.M! Mail System Error -
!ClamAV:VIRUS found:Worm.Mytob.S! Error

These emails come in various forms, each suggesting I click on an attached document for more information.

A typical content of these emails is:

---------------------
"Dear user anyname@petersmall.net,

We have received reports that your account has been used to send a huge amount of junk e-mail during this week.
Probably, your computer had been infected and now contains a trojan proxy server.

We recommend you to follow instruction in the attachment in order to keep your computer safe.

Sincerely yours,
petersmall.net support team.

Content-Type: application/octet-stream;
name="message.exe.VIRUS"
Content-Disposition: attachment;
filename="message.exe.VIRUS"

Attachment converted: Macintosh HD:message.exe.VIRUS 1 (????/----) (0023FD16)
"
------------------------

Are these emails genuine or are they tricks to get me infected?

If these are genuine warnings, how do I get rid of these many different worms from my system?

I'm using OS 9.2 on my iMac with Eudora and Internet Explorer 5.1

seanc · Aug 17, 2005, 06:27 AM

I would think they're fake.
There are no viruses for Mac so there's no way you could be sending them out.
The other thing that makes it look fake is the fact that it's a .exe which is a Windows executable file. They don't work on Mac.

Randman · Aug 17, 2005, 06:32 AM

You could have gotten an email virus passed on to you. It won't be anything other than a nuisance for you but it could be passed on from your email to any Windows-using people you email with.

siMac · Aug 17, 2005, 06:40 AM

Originally Posted by seanc

I would think they're fake.
There are no viruses for Mac so there's no way you could be sending them out.
The other thing that makes it look fake is the fact that it's a .exe which is a Windows executable file. They don't work on Mac.

Careful now - there are worms and viruses for OS9. This doesn't sound like one, but it's still not a good idea to tell OS9 users that they are immune - better to tell them to get OSX!

turtle777 · Aug 17, 2005, 12:42 PM

Originally Posted by siMac

Careful now - there are worms and viruses for OS9.

What is OS 9 ?

-t

dreilly1 · Aug 17, 2005, 12:55 PM

It's entirely possible that your Windows using friends are infected. There are some viruses with the cool feature that they comb through the address book on the infected computer and send copies of the virus to people using other people's addresses from the address book in the From: field of the E-mails.

So their computers are affected, and you're getting the "blame"...

ghporter · Aug 17, 2005, 05:12 PM

Receiving an email that contains a worm or virus, and being infected by same are two very different things. What ClamAV is helping you to do is be a good network neighbor. Those emails ARE infected, so you should delete them and then empty your deleted mail to make sure you don't accidentally pass anything on to your correspondents with susceptible computers.

Dreilly1 is right that someone you know (or who has your email address through some mechanism) is probably infected. Do your part for a cleaner Internet and just eradicate the emails-and maybe contact whomever they came from to let them know what you got.

Flip500 · Aug 17, 2005, 11:42 PM

whoa whoa whoa... if there are no viruses/worms for OS X, then why is there anti-virus software like Virex? Is this kind of thing even nessesary?

Ω · Aug 17, 2005, 11:53 PM

Originally Posted by Flip500

whoa whoa whoa... if there are no viruses/worms for OS X, then why is there anti-virus software like Virex? Is this kind of thing even nessesary?

Just because there are none now does not mean there will be none in the future.

It is also about being a good internet neighbour as well. You can still forward an attachment that is infected. It will not do anything to your mac, but to your windows peers.....

Flip500 · Aug 18, 2005, 12:17 AM

Ohhhhhhhh....

ghporter · Aug 18, 2005, 06:31 AM

Yup, yup, yup. If you wait until a virus is actively attacking Macs to get and install an antivirus product, you're up the proverbial creek without a paddle...and your canoe is leaking. Antivirus software is ALWAYS preventive in nature, particularly in the current-day Mac world. Even Windows AV software's first and most important job is to identify a possible infector before the infection.

And of course the "good neighbor" thing is a very big plus; stopping your acquaintances from being hit by a nasty virus is good karma, gets you "good person" brownie points, and is a serious knock against the virus writers, too.

petersmall · Aug 18, 2005, 01:34 PM

Thanks for the many comments and suggestions. However, I still don't know whether I'm affected or nor.

How can I check my system for a worm? (iMac running OS 9.22 and using Eudora).

Is there any freeware or shareware source that will work with OS 9.22?

Thanks.

ogun · Aug 18, 2005, 01:51 PM

Originally Posted by petersmall

Thanks for the many comments and suggestions. However, I still don't know whether I'm affected or nor.

How can I check my system for a worm? (iMac running OS 9.22 and using Eudora).

Is there any freeware or shareware source that will work with OS 9.22?

Thanks.

the AV app is telling you that it picked up a Windows virus named 'My Doom'. The only Windows viruses which can run on a Mac (outside of VPC, that is) are Office macro viruses. My Doom is not a macro virus. Your Mac is not infected, unless you have VPC and have turned on a Windows email app inside VPC and got an infected email in it. My Doom is one of the viruses mentioned above which sends out copies of itself to everyone in the infected machine's email addressbook, and uses as the 'from' line in the emails an address in that addressbook. Someone who uses Windows and who has your email address in their addressbook has been infected with My Doom. A look at the headers of that email should tell you the IP from which it was sent, which should allow you to guess who's infected.

Eriamjh · Aug 19, 2005, 02:24 PM

There must be a computer spoofing your email address that is infected.

ghporter · Aug 19, 2005, 04:44 PM

Originally Posted by Eriamjh

There must be a computer spoofing your email address that is infected.

Nope. These emails are coming from infected computers that have petersmall's address, or the viruses have an address list that includes his address. Either way, they are TRYING to infect anyone they are sent to.

Peter, I see I wasn't as explicit as I should have been in my first post. I should have specifically stated that your computer was in no danger, and I'm sorry I didn't. Ogun is 100% correct. The only virus you can get directly from a Windows computer is a macro virus that attacks Office's macro language. Note that the 99.9999% majority of ALL viruses are aimed at and infect only Windows computers. There are very few macro viruses in the wild anymore because IT departments got smart and fixed the permissions issue that allowed them to do their dirty work. This is not to say that ANYONE should be complascent-not at all. But since you are using an antivirus program, you should at least know enough about viruses to understand what the program is saying.

I have a bunch of years of computer security experience, and a close friend does that for a living at a Major University. I pay a lot of attention to this sort of thing, even if I don't do it professionally anymore. Our iBook has Symantec's AV product running on it, and it has indeed found a bunch of potential infectors-all of which have been Windows infectors. Why worry about them on a Mac? Because if you don't, then you could help propagate them.

petersmall · Aug 20, 2005, 03:43 AM

Thank you Glenn and ogun. That clears up the position for me.

It is annoying though, as besides the !ClamAV notifications I get many emails telling me a post of "mine" has been rejected because it contains a virus.

BTW Turtle777 asked what OS 9 is. It's the operating system before OS 10. It is used by many people who have significant time and/or money investments in products or applications that do not run on system 10. I use it because I still think that Hypercard is a very useful and verstile program and have yet to find a better Mac alternative (for simplicity and versatility)

ghporter · Aug 20, 2005, 09:05 AM

Originally Posted by petersmall

It is annoying though, as besides the !ClamAV notifications I get many emails telling me a post of "mine" has been rejected because it contains a virus.

THOSE emails are caused by someone spoofing your address as the return address on virus email. You did NOTHING to cause these.

I once spent almost a week tracking down ISP after ISP to let them know that my address had been spoofed on spam. They almost all said they were used to it and considered the content of the email. None of them "blamed" the spam on me. I wouldn't worry about the reject notices.

kick52 · Aug 20, 2005, 09:17 AM

i hate spam.

i got sooo angry at my friend when i was round his house and he was checking his hotmail and he got a message from one of his contacts saying that this was a message from m$ and that they were running out of resources and that if anyone didnt use there hotmail for 1 week, they would delete their account. it also said that if you did not forward the msg to more than 25 contacts, your account would be deleted.

then, i told him it was crap, but he ignored me and sent it to all of his 100 contacts.

though, then again, he doesnt know anything about computers.