Got Email From Cutomercare@relianceinfo.com With Virus

[rakesh5295 0]

i got about 10 mails on 18th from cutomercare@relainceinfo.com which contained subject as fw: or fw: image etc and when i opend it had attachemnt names min , i tried to find on net and came to k now winzip opens it so donwladed it and opened and to my surprise there was a file with extension .scr type it was showing screensaver and suddenly my antivirus falshed virus meesage... has anyone expericned it..

Edited January 18, 2006 by rakesh5295

[adwait 0]

It probably wasn't an email from reliance, but just some email with a spoofed email ID. Its pretty to spoof the sender ID.

[ani_meher 42]

i got about 10 mails on 18th from cutomercare@relainceinfo.com which contained subject as fw: or fw: image etc and when i opend it had attachemnt names min , i tried to find on net and came to k now winzip opens it so donwladed it and opened and to my surprise there was a file with extension .scr type it was showing screensaver and suddenly my antivirus falshed virus meesage... has anyone expericned it..

If this is the exact id, and not any typo mistake, then it's obviously fake.

Look at

c u s t o m e r c a r e @ r e l i a n c e i n f o . c o m

and your given id

c u t o m e r c a r e @ r e l a i n c e i n f o . c o m

[REY619 0]

It probably wasn't an email from reliance, but just some email with a spoofed email ID. Its pretty to spoof the sender ID.

yup i agree, it could be a spoofed email ID...

[rakesh5295 0]

well may be i typed wrongly here the spelling of email address and i didint give spelling that much importace at that time. the email has 3 jpg files which hotmail didint show me and if i donwload it would donwload safe.gif and is just grey clour square. the email contained .mim and .hq. extntions files as attachment . somthing like this which r very rare to be seen in india and when serched it was somthing aol people use it. i got about 10 mails with subject fw or fw sexy or fw funny. i just got scared that may be some pron site was surfed by me or someone using my computer and may be relaince has come up with it legally. so scared a bit. dowenlaoded winzip tried to open but it came to be a screesaver file sextentin i.e. .scr and i could not donloawd it inspite of giving ignore to antivrus program. if it was soof how come the same email id from relaince and also one thiing is how come the person came to know i was linked to relaince as i have left relaince since 9 months now, curently use prepaid but rarely i charge it. so why willl someone send it liek that! comments r awaited on this...

Edited January 19, 2006 by rakesh5295

[ani_meher 42]

Don't worry, I don't think Reliance is at all related to this, and nothing like you are being watched or anything is happening, ok? Chillax, just one of those spam mails.

[Puneet 0]

Its a new virus. I also received a few mails yesterday with the same extension from variety of sources (and to top it one of themials was supposedly sent by me and bouced back by a virus checker). Its Win32/VB.NEI worm. The first mail I received was from adlabsmultiplex.com, and I presume they have my email address on their computers as most of the itmes I purchase my movie tickets online.

Most of the worms look for email addresses on infected computers and use one as a "From" address and "one as "To" address. What this means is someone who had your email address as well as customercare@reliance in his address book/inbox/mails etc etc got his computer infected, and the worm sent the mail to you. If you still have the mail saved with you, you could look at the headers and find out the source of the email.

[rakesh5295 0]

well i have delted it right now. but can anyone help me in how to see the header and how to make out its real or spoof.

[Puneet 0]

DO not worry Rakesh, Relianceinfo didn't send you a virus. it must be an infected computer of the friend of yours somewhere, who is also a Reliance customer and has received mails from both of you.

To see the headers, you have to enable complete headers in the options of most of the free-email services (Hotmail, Yahoo). In case of G-Mail you get a link just near the short headers (which are from, to, subject and date) to see the fulll headers. Inc ase you use Outlook/Outlook express you can see the headers in the properties of the email message. To check the originating IP, just follow the trail of "received by server 1 from server 2" from top to bottom.

[spdf 0]

For sure, it is some new virus. I am receiving many mails from known contacts with .jpg files(image was not displayed in yahoo) from the past 3 days. When contacted the sender, he said he never send any message. All these are automatically generated.

All these mails had ann attachment with extension .mim and also Re: in the subject.

This is really a threat to our PC.

[Chirag 5]

One of my office computers have been infected severely with this virus. We are not able to run antivirus programs on this. You cant unistall Norton, nor install any fresh antivirus softwares. Neither can i open any antivirus websites on that PC!! Thats how irritating it is. Guys... keep ur virus definitions updated!! High Alert!

[StaticElectricity 8]

Chirag, generally such worms hijack IE and scan the url for antivirus web pages, which are then redirected to some other site or blank.

Its quite easy to circumvent this , use Firefox, if that dosent work,

instead of typing the url of the antivirus site, use the IP address instead, like...

www.McAfee.com

is 216.49.88.12

just type in http://216.49.88.12

www.symantec.com

is 206.65.174.89