Ok so I see a email that says in the subject : welcome@paypal.com Re: 45443-343556
Well last night I used pay pal a lot for bids at auctions and so I opened my virus protecter, let it update and then opened the email (what if you are NEW to the internet and you just got pay pal???> you would think thei was legit and what if you dont know about the forum? I feel sorry for those people!) So heres the headers:

X-Apparently-To: (edited)@yahoo.com via 66.218.78.82; 04 Jun 2003 03:31:08 -0700 (PDT)
X-YahooFilteredBulk: 80.142.24.225
Return-Path: <welcome@paypal.com>
Received: from 80.142.24.225 (EHLO FANNY) (80.142.24.225) by mta112.mail.sc5.yahoo.com with SMTP; 04 Jun 2003 03:31:02 -0700 (PDT)
From: welcome@paypal.com | This is spam | Add to Address Book
To: (edited)@yahoo.com
Subject: Re: 45443-343556
Date: Wed, 4 Jun 2003 12:27:54 +0200
Importance: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MSMail-Priority: Normal
X-Priority: 3 (Normal)
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="CSmtpMsgPart123X456_000_011F9229"
Content-Length: 57734




Please see the attached file.




Attachment




UNKNOWN_PARAMETER_VALUE
file Scan with Norton AntiVirus
Save to my Yahoo! Briefcase
Download Without Scan



and heres what the yahoo virus protecter says of the download (didnt have to use mine, cause it was a download and yahoo does it for me): Scan Results [Original Message]
File name: UNKNOWN_PARAMETER_VALUE
File type: application/octet-stream
Scan result: Virus W32.Sobig.C@mm found. File not cleaned.

ok do I bother pay pal with this?
hugssss everyone, hope your day is going well

i think i'd contact them. you have to supply bank account and/or credit card info for paypal.

I contected them and same as before got the auto responce, I hope they actually look into these things. I knew it wasnt really from them but how many people dont? there are many people who dont read the faqs , ect. sighs, I feel sorry for those people I have belonged to pay pal for so long and know the rules and stuff and I dont think they have ever contacted me other then to tell me I sent or recieved money. Also know not to follow any links in a email but to just go directly to my account and see if there is a message.

have a great week hugssss to all

Here is the phone number for PAYPAL

Call them you will get a human not one of those crazy computers telling you to push 1 for this and 2 for that



Customer Service Center

PayPal Customer Service Agents are available to help you 7 days a week, from 6 A.M. to midnight CST.

Call us at: 402.935.2050

We may only discuss an account with the account-holder. Please have the following information available when you call:
Your telephone number
Your email address
The last 4 digits of your credit card or bank account registered with PayPal
For security reasons, we must verify the above details before discussing any account-specific information.





Hope this helps


ET - and don't tell me to phone home!

i did a check at the sending ip: 80.142.24.225 It's an ip from ripe wich is a big europian broadcastpoint.
I checked it at the whois at ripe.net and it is comming from germany:





Query the RIPE Whois Database
Search for




% This is the RIPE Whois server.
% The objects are in RPSL format.
%
% Rights restricted by copyright.
% See http://www.ripe.net/ripencc/pub-services/d.../copyright.html

inetnum: 80.128.0.0 - 80.146.159.255
netname: DTAG-DIAL16
descr: Deutsche Telekom AG
country: DE
admin-c: DTIP
tech-c: DTST
status: ASSIGNED PA
remarks: ************************************************************
remarks: * ABUSE CONTACT: abuse@t-ipnet.de IN CASE OF HACK ATTACKS, *
remarks: * ILLEGAL ACTIVITY, VIOLATION, SCANS, PROBES, SPAM, ETC. *
remarks: ************************************************************
mnt-by: DTAG-NIC
changed: ripe.dtip@telekom.de 20010807
changed: ripe.dtip@telekom.de 20030211
source: RIPE

route: 80.128.0.0/11
descr: Deutsche Telekom AG, Internet service provider
origin: AS3320
mnt-by: DTAG-RR
changed: bp@nic.dtag.de 20010807
source: RIPE

person: DTAG Global IP-Addressing
address: Deutsche Telekom AG
address: D-90449 Nuernberg
address: Germany
phone: +49 180 5334332
fax-no: +49 180 5334252
e-mail: ripe.dtip@telekom.de
nic-hdl: DTIP
mnt-by: DTAG-NIC
changed: ripe.dtip@telekom.de 20030210
source: RIPE

person: Security Team
address: Deutsche Telekom AG
address: Germany
phone: +49 180 5334332
fax-no: +49 180 5334252
e-mail: abuse@t-ipnet.de
nic-hdl: DTST
mnt-by: DTAG-NIC
changed: abuse@t-ipnet.de 20030210
source: RIPE

Bold: Object type.
Underlined: Primary key(s).
Hyperlinks: Searchable Attributes.

4 records found for '80.142.24.225 '
Further Information
The RIPE Whois Database Reference Manual
RIPE-181 to RPSL Migration Information


I think you should forward the message to abuse@t-ipnet.de also so they can look into that also and maybe find the sender and report him/her to the police!

all this help[ but I was quik to jump the gun and as soon as I sent it to paypal I deleted the email, I hate having a virus in my email, scared when the ferrets are jumping on my bed they could hit somehting and it could download (yes I know I am wierd, haing ferrets jumping on my bed LOL) They are always deleting things on me when they are in a playful mood Am I able to just send them this page and they can read it here ? Or would that not be good enough? The original email is gone. thanks

Hey ruhappy, I thought you had ferrets because it says "carpet shark" in your sig...my best friend is a Ferret Fanatic...let me know if you want the URL of the board she frequents
sorry for off-topic all

ruhappytoseeme... Don't be mad at PayPal LOL.... I've received the same attachment in my Yahoo account from 10 different email addresses, none of them from PayPal, most of them coming from (or disguised as) Yahoo and MSN email accounts, so I don't think PayPal is to blame.

kglaser, is it the ferret store forum? It is absolutely one of the best ones I belong to like 5 LOL I have 7 ferrets, wanted to put their pics in my signature but guess that isnt possible but on the forum my babys are there LOL (gotta love the carpet sharks )'' dont get me started talkin about them cause I will never shut up LOL

SwissNyfe, I know pay pal didnt send it and I am not mad at them I am a little upset with the jerks that keep sending out these fake emails cause I feel bad for new people who dont know about this forum and they get hacked or get a virus gfrom these jerks (I hope that word is allowed if not please delete it mods, thanks ) so nope I am not mad at pay pal I use them all the time

Just copy the emailinfo from this post and send it to them i don't think they would expect someone saving a virus on their computer. Btw they keep logs off all emails send.

its a done deal thanks