yeah i am getting a few hundred from comcast as well, as well as from pacbell. I have gotten into a few emails back and forth from people thinking I have the damned thing... which is pretty much impossible with web mail-based.
haha, looks like this dickhead has both of us in his address book, although the SoBig.F also can retrieve from web sites...

Received: from JR02 (pcp01037184pcs.frtprk01.fl.comcast.net [68.59.154.144])
X-MailScanner: Found to be clean
Importance: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MSMail-Priority: Normal
X-Priority: 3 (Normal)
MIME-Version: 1.0
Content-Type: multipart/mixed;


I put up a countdown for SoBig.G which is less than two weeks

come to think of it, I recall the feds saying that most spammers come from FL... who knows what they know...

I say again...use Pine. You can't go wrong with Pine (not that it would stop some dipshit with you in his address book from opening the attachment, but at least you can know without a shadow of a doubt that YOU aren't infected...no "pretty much impossible" about it).

Well as soon as hushmail offers Pine for a secure interface I will hop on that... as for now, no Pine option, just a java-based web client.

These things would have to happen for me to be infected.
. i would have to download the .pif/.scr file
. i would have to execute it
. i would have to allow an outgoing connection
. it would probably help if I had any type of address book

... this is what I mean by "pretty much impossible"... since nothing is impossible. :D

its webbased mail for me using mozilla. Thats hard to get infected from.

Well...just based on the number of times I have mistyped hushmail as hushamil and had my email to you bounce I think we both know that the words Address Book aren't in my vocabulary;)

Just an FYI, no one with that ip or partial 68.59.154.* has ever logged on to these forums...

Ok, smack me now... apparently, I got infected. Two people have sent me emails with my IP and computer name in the headers. I was in XP for a while, and I guess I must have picked it up. I remember clicking on one attachment absentmindedly one day in my webmail (yes, I know... just shoot me...), but I ran my virus scanner right away, and it didn't find anything.

Now, here's the kicker... I rebooted into Safe Mode and turned off the recovery tool, as everything said to do. I scanned with Norton, MacAfee, and Trend Micro's free online tool... nothing. I used Network Associate's Stinger cleanup tool... again, nothing. I got out of Windows so that it would stop sending this damn thing all over creation, but nothing is picking it up! Even stranger is that I've only used OE to send two e-mails, and I don't have an address book in it... it apparently sent to the two that I had sent things to, and then grabbed more addresses from my Inbox when I checked my mail with it.

If anyone has any ideas on how to get rid of this damned thing, please share. I'm not an idiot... I've updated my virus definitions, I've followed the cleanup tips to a "T", and NOTHING is picking up whatever it is I have. I'm about to just wipe out the partition, which wouldn't be too terrible since it's pretty new and doesn't have much, but I'd rather clean it if I can.

If you are infected, follow the removal instructions at http://www.symantec.com/avcenter/ven...obig.f@mm.html. I've found that the manual steps are very effective. (A few of my customers opened it.)

Did they ever log into www.defcon.org? (It would be in the web logs.) I have lots of account names. My account for the forums is different from my account listed at www.defcon.org? (Actually, I really suspect BugTraq since I used that account there too.)

Every release of SoBig (except for Sobig-A) had an expiration date, when it would delete itself. (http://www.zdnet.com.au/newstech/sec...0277672,00.htm and http://www.lurhq.com/sobig-e.html) SoBig-F expires on Sept. 10 (more than a week away). If the author follows his pattern, then SoBig-G may overlap, but probably is slated for no later than Sept 10. I'm betting it will be released on Sept. 8.

:-)
You're probably talking about the DHS Club. (http://www.theclubbuiltonspam.com/)


Pine is for losers. I use elm and mutt, with the occasional OpenWebMail (only because I hate FTP'ing files from Windows to Linux for making attachments).

Wow... funny... those instructions are EXACTLY what I detailed in my message as things I've already done. Now why didn't I think of that before?

In that case... Are you SURE you have Sobig-F? There are minor variations between Sobig-A/B/C/D/E/F, and the removal steps are slightly different. You could have A or E (both are still active today), or if your system clock is way off, B/C/D could also be active (unlikely).

my forums pals are all infected!

like SARS in canada! its out of control!

(kelvin continues to check all mail through palm...... ahhh, the win virus safe palm....)

d00d.. it isn't about what os or client you are running... it is about being on a list... once you are on that list the all the shit starts to come to you... regardless of what you are running...

No, I'm not sure. I don't know what it is, because none of my virus scanners are picking it up. The e-mails it is sending out have subjects of "help" and something about "baby $2000 USD play this game".