Please help - a colleague of mine noticed yesterday that e-mails were being generated from his machine to people in his address book with a dead link as the subject line:
Microsoft Outlook Web Access: http://DA-REALM-WMA01/Exchange/wmyers/Inbox/%20%20%20%20%20vv%20%20%20.%20%20%20%20bv.EML?cmd=open
The subject line of the e-mail is vv . bv
The colleague has received numerous e-mails from people saying they cannot open the link, and it appears that the e-mail is attempting to invite them to a meeting with a date in April. One person who received the e-mail actually received an invitation to join the meeting; everyone else has attempted to click on the link, but nothing happens.
The machine is running XP with Outlook 2003. I have scanned it with Symantec AV and Microsoft Spyware software, but nothing has been found. Any suggestions?

In addition to your Symantec scan, you should do a least two of the following free online virus/spyware scans; they may catch things that Symantec didn't:

http://www.kaspersky.com/scanforvirus.html
http://housecall.trendmicro.com/
http://www.pandasoftware.com/activescan/com/activescan_principal.htm
http://us.mcafee.com/root/mfs/default.asp?cid=9914
http://www.ravantivirus.com/scan/

Let us know what (if anything) those scans found, and if they were able to remove the mailer infection.

Thank you for the suggestion. I will try that and let you know.

OK; we'll be here...


If the online scans don't help, do the following:

Download the (free) HijackThis utility.

Once downloaded:

Create a folder outside of any Temp/Temporary folders for HJT and move it there. A folder such such as C:\HijackThis or C:\Spyware Tools\HijackThis will do.

Run HijackThis, but do not have HJT fix anything yet; only have it scan your system! Once the scan is complete, the "Scan" button will turn into an option to "Save log...". Save the log in the folder you created for HiajckThis, open the log in Windows Notepad, and cut-n-paste the entire contents of the log here.

The log contents can tell us a lot about what "nasties" have crept into your system, and once we analyse the log we can tell you what to do from there.

Thank you so much for the suggestion. Someone else took over the problem while I was at lunch and all appears to be well (the person was in a hurry and needed it NOW), so I have no more to report. I appreciate your responses and advice.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.