Results 1 to 5 of 5
  1. #1

    Need Help: Virus spreading via mail server

    I have a virus e-mail spreading around inside a server and I was wondering if this is a new issue. I am seeking for technical assistance for those experiencing this before..

    It keep sending in using [email protected], [email protected], [email protected]

    * is just an example of my actual domain name hosted in the server.

    From: [email protected]
    To: [email protected]
    Subject: Warning Message: Your services near to be closed.

    Dear Mydomainname Member,

    We have temporarily suspended your email account [email protected].

    This might be due to either of the following reasons:

    1. A recent change in your personal information (i.e. change of address).
    2. Submiting invalid information during the initial sign up process.
    3. An innability to accurately verify your selected option of subscription due to an internal error within our processors.
    See the details to reactivate your Hive account.

    Sincerely,The Mydomainname Support Team

    +++ Attachment: No Virus (Clean)
    +++ Mydomainname Antivirus -
    From: [email protected]
    To: [email protected]
    Subject: Your new account password is approved

    Dear user popaddress,

    You have successfully updated the password of your Mydomainname account.

    If you did not authorize this change or if you need assistance with your account, please contact Hive customer service at: [email protected]

    Thank you for using Mydomainname!
    The Mydomainname Support Team

    +++ Attachment: No Virus (Clean)
    +++ Mydomainname Antivirus -
    My AVG antivirus has scan and report as follows.

    Viruses found in the attached files.
    The file Virus identified I-Worm/Mytob.HM. The attachment was moved to the virus vault.

    Checked by AVG Anti-Virus.
    Version: 7.0.323 / Virus Database: 267.8.11/45 - Release Date: 7/9/2005

    Where & how do I get started to remove this issue from my server? I have sent a ticket to The Orbit (where my server is with ThePlanet) and they aren't aware of it at all..

    Anything I must know or websites I can read, please post up a reference. Thanks!

  2. #2
    Join Date
    Feb 2002
    Vestal, NY
    Your server is not infected with a virus. However, other PCs that ARE infected with the virus are sending it to common addresses @yourdomain and your user's domains. You can setup a server-side filter with anti-virus mail software such as ClamAV. This worm has been spreading very quickly around the net lately. It should die down like any other as it starts to get removed from infected PCs.

  3. #3
    i can tell you it's strange but it knows my e-mail address added inside the cpanel which i don't give out. this problem are also affecting my clients hosted in the server.

    anyhow, i am now on a new rig and i don't believe my new pc is infected with this virus.

    just hours ago i saw few exim process in viewing top process. server load was high and i receive another 3 similiar more emails.

    if this is spreading from my PC, i am using AVG free and i have scanned by whole PC system on this new rig -- no virus found. what's your suggestion?

  4. #4
    Join Date
    Jan 2005
    Baghdad, Iraq
    Well ... I have exactly the same problem, I updated the ClamAV & made a manual scan for 3 sites & ClamAV found the Virus.
    Is there a command to do a scan mail for the Whole server emails??
    The Dream is the blueprint of success, the hope is the budget and hard working is the achievement

  5. #5
    Join Date
    Nov 2005
    Maidstone, Kent
    My advice would be (if you have access to do so) add SPF records to your DNS (if you dont have access then ask your provider if they will.

    Its a txt record in the DNS entry and should (probably) be: "v=spf1 a mx ptr -all" (without the quotes)

    This basically says to your email server... your domain will Only send emails from spesific server ips. The IPs it will allow are any that are referenced in your DNS as A or MX records (this will be your server and your mail server)

    That will stop you (and anyone else) from recieving emails from your domain that you didnt send !

    Hope that helps
    TME Solutions - eCommerce Web Designers - Visit our Web Design Portfolio

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts