Exceeded Internet Timeout Virus?

Exceeded Internet Timeout Virus?
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Microsoft Antivirus Discussions    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
Exceeded Internet Timeout Virus? Aragorn29 11-07-2006
Posted by =?Utf-8?B?QXJhZ29ybjI5?= on November 7, 2006, 5:16 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
We have an Exchange 2k3 box running Antigen 9.0 that is finding this :
Microsoft Antigen for Exchange found a file infected with a virus. The file
is currently Removed.
File name: "CODE_.gif"
Virus name: "Exceeded Internet Timeout"

I can not seem to find anything on the net about this virus. I am starting
to notice a large amount of internet mail SMTP Connectors with
postmaster@mydomain.com in our exchange queues and since we do not have an
account with that name i am assuming something is spoofing that name.

We have Symantec 10. as the AV. I have scanned all 3 servers we have with
Symantec, Microtrend's System Cleaner, SpyBot , and the "free" version of
Ad-Aware from Lavasoft and all are clean. I also used Process Explorer to
see if we had any rouge processes. We even went so far as to turn off all the
workstations over a weekend period to see if there was something we missed
when scanning them. We still found the same amount of notifications in
Antigen and in the exchange queue.

Does anyone have any experience with this supposed virus ?


Posted by David H. Lipman on November 7, 2006, 5:36 pm
If you were  Registered and logged in, you could reply and use other advanced thread options

| We have an Exchange 2k3 box running Antigen 9.0 that is finding this :
| Microsoft Antigen for Exchange found a file infected with a virus. The file
| is currently Removed.
| File name: "CODE_.gif"
| Virus name: "Exceeded Internet Timeout"
|
| I can not seem to find anything on the net about this virus. I am starting
| to notice a large amount of internet mail SMTP Connectors with
| postmaster@mydomain.com in our exchange queues and since we do not have an
| account with that name i am assuming something is spoofing that name.
|
| We have Symantec 10. as the AV. I have scanned all 3 servers we have with
| Symantec, Microtrend's System Cleaner, SpyBot , and the "free" version of
| Ad-Aware from Lavasoft and all are clean. I also used Process Explorer to
| see if we had any rouge processes. We even went so far as to turn off all the
| workstations over a weekend period to see if there was something we missed
| when scanning them. We still found the same amount of notifications in
| Antigen and in the exchange queue.
|
| Does anyone have any experience with this supposed virus ?

Wheere does ANYTHING say that this GIF file was a virus ?

You stated "Antigen for Exchange found a file infected with a virus". Ok,
please provide
an extract of the AntiGen log file indicating what was found.

Was this GIF file completely deleted ?

If not...


Please submit a sample to Virus Total --
http://www.virustotal.com/flash/index_en.html
The submission will then be tested against many different AV vendor's scanners.
That will give you an idea what it is and who recognizes it. In addition,
unless told
otherwise, Virus Total will provide the sample to all participating vendors.

You can also submit a suspect, one at a time, via the following email URL...
mailto:scan@virustotal.com?subject=SCAN

When you get the report, please post back the exact results.


--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Posted by =?Utf-8?B?QXJhZ29ybjI5?= on November 7, 2006, 6:15 pm
If you were  Registered and logged in, you could reply and use other advanced thread options


"David H. Lipman" wrote:

>
> | We have an Exchange 2k3 box running Antigen 9.0 that is finding this :
> | Microsoft Antigen for Exchange found a file infected with a virus. The file
> | is currently Removed.
> | File name: "CODE_.gif"
> | Virus name: "Exceeded Internet Timeout"
> |
> | I can not seem to find anything on the net about this virus. I am starting
> | to notice a large amount of internet mail SMTP Connectors with
> | postmaster@mydomain.com in our exchange queues and since we do not have an
> | account with that name i am assuming something is spoofing that name.
> |
> | We have Symantec 10. as the AV. I have scanned all 3 servers we have with
> | Symantec, Microtrend's System Cleaner, SpyBot , and the "free" version of
> | Ad-Aware from Lavasoft and all are clean. I also used Process Explorer to
> | see if we had any rouge processes. We even went so far as to turn off all the
> | workstations over a weekend period to see if there was something we missed
> | when scanning them. We still found the same amount of notifications in
> | Antigen and in the exchange queue.
> |
> | Does anyone have any experience with this supposed virus ?
>
> Wheere does ANYTHING say that this GIF file was a virus ?
>
> You stated "Antigen for Exchange found a file infected with a virus". Ok,
please provide
> an extract of the AntiGen log file indicating what was found.
>
> Was this GIF file completely deleted ?
>
> If not...
>
>
> Please submit a sample to Virus Total --
> http://www.virustotal.com/flash/index_en.html
> The submission will then be tested against many different AV vendor's scanners.
> That will give you an idea what it is and who recognizes it. In addition,
unless told
> otherwise, Virus Total will provide the sample to all participating vendors.
>
> You can also submit a suspect, one at a time, via the following email URL...
> mailto:scan@virustotal.com?subject=SCAN
>
> When you get the report, please post back the exact results.
>
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>
>
>
I just copied the notification directly from Antigen on the above post,
they were using the virus verbiage. Here is the latest one from the log
files.

Tue Nov 07 16:57:55 2006 (2596-7028), "INFORMATION: Internet scan found virus:
Folder: SMTP Messages\Outbound
Message: Delivery Status Notification (Failure)
File: helpful_.gif
Incident: Exceeded Internet Timeout
State: Removed"

Posted by David H. Lipman on November 7, 2006, 6:28 pm
If you were  Registered and logged in, you could reply and use other advanced thread options


| I just copied the notification directly from Antigen on the above post,
| they were using the virus verbiage. Here is the latest one from the log
| files.
|
| Tue Nov 07 16:57:55 2006 (2596-7028), "INFORMATION: Internet scan found virus:
| Folder: SMTP Messages\Outbound
| Message: Delivery Status Notification (Failure)
| File: helpful_.gif
| Incident: Exceeded Internet Timeout
| State: Removed"

Pretty lousy log !

All that can be gleamed from this is a outbound message with attached file;
"helpful_.gif"
exceeded a timout and was ultimately removed.

It says "Internet scan found virus:".
What virus ?
What is the name of this virus and which AV software cdtected this ?

All you can do is find out who the sender is and find the file "helpful_.gif"
and then
submit it to Virus Total as a prescribed earlier in this thread.

In your original post, described the file name: "CODE_.gif" not "helpful_.gif".
Were there
TWO or more incidents ?

You mention "We have Symantec 10. as the AV". Is that on the client PC or are
you running a
symantec AV version for MS Exchange Server ?
If you are NOT, I suggest junking AntiGen for Symantec AV for MS Exchange Server
or McAfee
Anti Virus for Exchange Server.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Posted by =?Utf-8?B?QXJhZ29ybjI5?= on November 7, 2006, 7:13 pm
If you were  Registered and logged in, you could reply and use other advanced thread options


"David H. Lipman" wrote:

>
>
> | I just copied the notification directly from Antigen on the above post,
> | they were using the virus verbiage. Here is the latest one from the log
> | files.
> |
> | Tue Nov 07 16:57:55 2006 (2596-7028), "INFORMATION: Internet scan found
virus:
> | Folder: SMTP Messages\Outbound
> | Message: Delivery Status Notification (Failure)
> | File: helpful_.gif
> | Incident: Exceeded Internet Timeout
> | State: Removed"
>
> Pretty lousy log !
>
> All that can be gleamed from this is a outbound message with attached file;
"helpful_.gif"
> exceeded a timout and was ultimately removed.
>
> It says "Internet scan found virus:".
> What virus ?
> What is the name of this virus and which AV software cdtected this ?
>
> All you can do is find out who the sender is and find the file "helpful_.gif"
and then
> submit it to Virus Total as a prescribed earlier in this thread.
>
> In your original post, described the file name: "CODE_.gif" not
"helpful_.gif". Were there
> TWO or more incidents ?
>
> You mention "We have Symantec 10. as the AV". Is that on the client PC or are
you running a
> symantec AV version for MS Exchange Server ?
> If you are NOT, I suggest junking AntiGen for Symantec AV for MS Exchange
Server or McAfee
> Anti Virus for Exchange Server.
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>
>
>
Yeah, I am not impressed with Antigen logs either. My problem on the
sender is the notification I get from Antigen is the sender is
postmaster@mydomain.com. Here is the exact notification I receive:
Microsoft Antigen for Exchange found a file infected with a virus. The file
is currently Removed.
File name: "helpful_.gif"
Virus name: "Exceeded Internet Timeout"
Message subject: "Delivery Status Notification _Failure_"
Sent from: "postmaster@mydomain.com"
Folder: "SMTP Messages\Outbound"

I don't have a postmaster account in our environment and all the
notifcations refer to that account as sender.

As far as file names and more than one incident , yes, it keeps changing
names of the gif file, I also am receiving notification of the file being :
body of message : instead of a gif file on some notifications.

On the AV question. unfortunatly I inherited this office recently and they
are not using the Symantec for Exchange version, I belive my predecessor
thought that Antigen would be enough for the exchange scan. They have the
same version of Symantec on the workstations as they do the server. Not sure
I can talk them into upgrading at this time.....


Similar ThreadsPosted
Antigen - Exceeded Internet Timeout July 24, 2007, 2:20 pm
Internet virus May 17, 2006, 9:34 am
Virus- launches Internet Explorer September 27, 2008, 1:30 pm
internet address box won't work. Possibly I got a virus. October 9, 2005, 6:17 pm
Anti-Virus Software without Internet Connection February 26, 2008, 11:03 am
Virus: w32/behavior/self starter/internet/trojan!/maximus September 6, 2006, 11:18 pm
Re: "Internet Gateway: Disconnected" icon showing next to the system clock. What is this? Spyware, Virus or other? June 26, 2005, 9:16 am
Re: "Internet Gateway: Disconnected" icon showing next to the system clock. What is this? Spyware, Virus or other? June 29, 2005, 1:09 pm
OT: ? internet security :-) February 2, 2006, 5:42 pm
Internet Access October 5, 2006, 11:14 pm

The site map in XML format XML site map

Contact Us | Privacy Policy