I appear to hae a worm called Worm.SomeFool.Z. every day I get at
least a dozen messages filled with scripts, pif files, zip files with
some payload or other and many other things. Most of the messages have
subject lines like "Mail Failure" or "Details", but ther are many
others. My Outlook is up to date and blocks these, but there are so
many of them and they are annoying. I know that at least once I will
inadvertantly open one of these.

---

Request for Question Clarification by aceresearcher-ga on 04 Jun 2004 14:31 PDT

Greetings, wixsmith!

It may be that you have the worm, or it may be that someone who knows
you has the worm and it is using your e-mail address from their
Contact List / Address Book to do its dirty work.

Would you be willing to accept as an Answer a solution for determining
whether you have the worm, and then eradicating it?

If so:
- what Operating System are you running?
- what anti-virus program are you running?
- what steps, if any, have you already taken to rid yourself of any nuisances?

Regards,

aceresearcher

---

Clarification of Question by wixmith-ga on 04 Jun 2004 17:11 PDT

Thank you. If you think you can help with this, I am happy to part with the $10.

The answers to your questions are:

Windows XP
Norton Antivirus (detects nothing amiss)
I simply delete completely all mail that is not clearly familiar to me
as being legitimate.

One final thing you might need to know. I use a service called
mailshell.com as my mail server. I set it up as an imap server and I
own the domain. The infected messages appear to be addressed to two or
three of the disposable addresses I use. Unfortunately, they are the
ones I use most often, and so disposing of them , while simple, will
require a lot of notifying of friends and business associates.

-wixmith

Wixmith,

While you're waiting for some of the following steps to run, I
encourage you to think about where you might have used the offending
e-mail addresses. Did you just use them for family and friends, or
have you used them to purchase goods or services on the Internet, used
them on eBay or other auction services, posted them on a webpage
somewhere, or posted to Usenet Groups or User Forums or Bulletin
Boards using them? Try running a Google search with each e-mail
address inside parentheses, such as

"badname@mydomain.com"
and see if you get any hits out there on the Internet.

What many people do, and what I recommend you do, is decommission the
offending e-mail addresses. Set up one e-mail address that you give
strictly to family and friends. For *each* User Group/Forum or
Bulletin Board in which you participate, set up an e-mail address
traceable directly to that Forum. For each site from which you
purchase goods, set up an e-mail address directly identifiable with
that site. If you do this, you should be able to determine the guilty
party(ies) -- not just for this issue, but for any issues that may
crop up in the future.

You may even want to consider assigning each family member and friend
their own special address for you. If the spam is coming from the
infected machine of one of them, you will be able to figure out who it
is and help them get their system decontaminated. If this is the case,
it's possible that they don't even know that they've come down with
some nasty bug.

Let's start with some basic diagnostic tools.

Make sure you have backed up all of your important document files.

Disable System Restore, following these instructions from
Symantec:(http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039?OpenDocument&src=sec_doc_nam

Then, open up your Norton Anti-Virus dialog box and select
"LiveUpdate" in the upper left-hand corner to download any needed
additions to the program and its virus definitions. If NAV wants you
to restart your system, let it do so. Then, from the NAV dialog box,
click "Full System Scan" and "Scan Now".

Then, please download, install, and run the following free utilities:

Spybot Search & Destroy
http://www.security.kolla.de

AdAware
http://www.lavasoft.de

*** IMPORTANT ***
The first time you run them, or if you already have Spybot and/or
AdAware installed on your PC, be sure to download the latest updates
first **each time you run them**.
*****************

Something to keep in mind is that even if these programs give your
system a "clean bill of health", it does *not* mean that you can be
absolutely sure that your system is clean. It is only a *reasonable
assurance* that it is clean.


Please let me know whether these steps resolve your problem, or
whether you need more assistance.

Before Rating my Answer, if you have any Questions about the above
information, please post a Request for Clarification, and I will be
glad to see what I can do for you.


Regards,

aceresearcher