Email indicates that you have sent out a virus, but scanning all files with current virus definitions does not detect anything

Article:TECH100033  |  Created: 2002-01-24  |  Updated: 2005-01-21  |  Article URL http://www.symantec.com/docs/TECH100033
Article Type
Technical Solution

Product(s)

Environment

Issue



You receive a notice that your email is undeliverable because of a virus, but you did not send the email. Scanning all files with Norton AntiVirus or Symantec AntiVirus with the latest virus definitions does not detect anything.


Solution



Some viruses spread by searching an email program's address book, instant messaging program databases, or local files for email addresses. The virus then chooses one of the harvested email addresses for the sender's address and another for the recipient. This can make it appear that another person's computer is infected when in fact it is virus-free.

For example, Alex uses a computer that is infected with the W32.Klez.H@mm virus. Alex either does not use an antivirus program or does not have current virus definitions. Both Beth and Chris have sent email to Alex in the past. When W32.Klez.H@mm performs its emailing routine, it finds the email addresses of Beth and Chris. It inserts Beth's email address into the "From" field of an infected message. It adds Chris's name to the "To" field and then sends the infected email to Chris. Chris receives the message, which appears to have been sent by Beth. Chris then contacts Beth and complains that she sent him an infected message, but when Beth scans her computer, her antivirus program does not find anything—as would be expected—because her computer is not infected.


Note: Because these worms do not use the email address of the infected computer in the email that they send, there is no way to track which computer sent the infected email.



If you are using a currently supported Symantec antivirus program with the most recent virus definitions, and no threats are detected by a full system scan, then it is unlikely that your computer is infected with any known virus.

Here is a partial list of common viruses that spread in this manner:

W32.Bugbear@mm
W32.Klez.gen@mm
W32.Klez.E@mm
W32.Klez.H@mm
W32.Yaha@mm
W32.Yaha.C@mm
W32.Yaha.E@mm
W32.Yaha.F@mm
W32.HLLW.Fizzer@mm
W32.Sobig

For further information about a specific virus, please consult our online Virus Encyclopedia.






Legacy ID



2002102416271448


Article URL http://www.symantec.com/docs/TECH100033


Terms of use for this information are found in Legal Notices