View Full Version : Is this a virus ?

26-03-2004, 10:57 PM
I have just received an email from someone I do not know called "Trish Degg" entitled "warning". I suspect a virus so have looked at properties which says -

Return-Path: <>
Received: from mta7-rme.xtra.co.nz ([])
by mta201-rme.xtra.co.nz with ESMTP
id <20040326094344.FFWU16475.mta201-rme.xtra.co.nz@mta7-rme.xtra.co.nz>
for <will shakespeare@xtra.co.nz>; Fri, 26 Mar 2004 21:43:44 +1200
Received: from JOYPXN79 ([]) by mta7-rme.xtra.co.nz
with SMTP
id <20040326094322.SLFL3706.mta7-rme.xtra.co.nz@JOYPXN79>
for <will shakespeare@xtra.co.nz>; Fri, 26 Mar 2004 21:43:22 +1200
Received: from by JOYPXN79 (InterScan E-Mail VirusWall NT); Fri, 26 Mar 2004 09:52:14 -0000
Return-path: <>
Received: from JOYUK01-Message_Server by joybst52
with Novell_GroupWise; Fri, 26 Mar 2004 09:27:01 +0000
Message-Id: <s063f765.025@joybst52>
X-Mailer: Novell GroupWise 5.5.4
Date: Fri, 26 Mar 2004 09:26:40 +0000
From: "Trish Degg" <TDegg@joy.co.uk>
Sender: Postmaster@joy.co.uk
Reply-To: TDegg@joy.co.uk
Errors-To: Postmaster@joy.co.uk
To: <will shakespeare@xtra.co.nz>
Subject: Re: warning
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
X-Guinevere: 1.0.14 ; Joy Mining Machinery

What do you think ? Did it originate in New Zealand and go to UK ?
(by the way I have substituted "will shakespeare" for our user name)

26-03-2004, 11:11 PM
Hi Misty,
Just delete it. Either way it will be no good.
I'm not sure though how in the return path it has <>. I have had an email like that too. What bothered me was that it went into our Clear address & not the Hotmail one which gets it's fair share of Spam.

Jim B
26-03-2004, 11:23 PM
If it is from someone you do not know and you suspect it is a virus why hesitate, just delete it.
If it has an attachment it will definately be a virus, either way you don't need it. Where it originated from is not important, don't dwell over irrevelant things like that, get rid of it.

27-03-2004, 09:00 AM
Misty, there are two possibilities.

1/ It is a virus
2/ It is from someone who thinks you just sent them a virus.

How the current big viruses work is that they might infect user A's machine and search through their address book and find two email addresses. To one of those addresses (user B) it'll send the email (with a copy of the virus), but instead of sending it from user A, it'll pretend that the email had come from the second email address (user C), so that there's no trace of user A (or his computer) being involved at all.

So in your case it is possible that someone who has both your address and the address of this "Trish Degg" in their email address book has been infected with one of the current big viruses, and the virus has sent you an email from "Trish Degg". Or possibly it sent "Trish Degg" an email from you (apparently) with the virus attached and this "Trish Degg" has emailed you to tell you that you're infected with a virus (which you most probably are not).

I hope this makes sense! :D


27-03-2004, 02:10 PM
Thanks Pauline, Jim and Mike
Yes, Mike what you say does make sense - you explained very well !

I have deleted the email without opening.

All this serves as a reminder to update my antivirus (which I am pretty good at doing anyway). I see that there is a fresh update from AVG of 1189.4 KB, and although have downloaded and rebooted it has not taken. Will therefore go to the site and do it manually. Hope Utopia in her/his thread decides to do the same. The automatic updates are too unreliable - must be too many hits on the site.
Thanks again
Misty :) :)