[AMRadio] Frank Shields (W5TJ)

Geoff geoff at w5omr.shacknet.nu
Sat Jul 17 11:21:51 EDT 2004

Does anyone here know Frank Shields/W5TJ?

I don't.

I don't ever remember meeting him, or talking with
him, nor do I remember my dad ever mentioning
his name (I took my dad's callsign back in 1999.)

According to Frank's bio on QRZ.com, he claims
to have worked at the same broadcast station as
my dad did, at the same time

If you know Frank, and know how to contact him,
could you please call him on the telephone and alert
him that it's possible he's got a nasty virus.

Knowing how Virii work, I know that this particular
strain could be spoofing the 'from' address, and it's
possible it's not Franks computer that's infected,
rather one that has both of our e-mail addresses in it.
However, this has been going on for more than 30
days, and each and every message is from
w5tj at midsouth.net.

I've checked everywhere I know how to check, on-line
and can't come up with a phone number on him.

Here's the message header

Return-Path: <w5tj at midsouth.com>
Received: from w5omr.shacknet.nu ([]*)(NOTE!)
 by w5omr.shacknet.nu (8.12.10/8.12.10) with SMTP id i6HEkTfx028790
 for <runu at w5omr.shacknet.nu>; Sat, 17 Jul 2004 09:46:35 -0500
Message-ID: <x847733104.8936838589648044826 at qjthorsoj>
From: Shields <w5tj at midsouth.com>
To: <runu at w5omr.shacknet.nu>
Subject: You`ve got 1 VoiceMessage!
Date: Sat, 17 Jul 2004
MIME-Version: 1.0
Content-Type: multipart/mixed;
X-Priority: 3
X-RAVMilter-Version: 8.4.4(snapshot 20030410) (w5omr)
X-UIDL: 6UA!!H#[!!HY8"!B4J!!

(obviously, there's no "runu" as a user here, at w5omr.shacknet.nu)

* A "whois" on the ip address that is supposed to be w5omr.shacknet.nu
comes back to:

Qwest Communications NET-QWEST-BLKS-4 (NET-65-112-0-0-1)
MID SOUTH COMPUTERS Q0402-65-124-236-0 (NET-65-124-236-0-1)

# ARIN WHOIS database, last updated 2004-07-16 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.

RAV is the Antivirus agent on my mailserver, and always reports the

This e-mail is generated by the w5omr.shacknet.nu mail server to warn you that
the e-mail
sent by w5tj at midsouth.net to runu at w5omr.shacknet.nu is infected with virus:
Win32/Zafi.B at mm.

Please contact your system administrator for further information.

If you are the sender:
The scanned e-mail has your address in the <From> header field. Either your
computer is infected or someone's computer having your e-mail address in
the address book has been infected.

(Please note that some viruses are sending e-mails directly from your computer.
Our advise is to check your computer using an up-to-date antivirus product).

If you are the receiver:
Please contact the sender: most likely he/she doesn't know he/she has a computer

Actions taken for the infected files:

The infected file was saved to quarantine with name:
The file (part0002:www.ecard.com.funny.picture.index.nude.php356.pif) attached
to mail (with subject:Don`t worry, be happy!) sent by w5tj at midsouth.net to
runu at w5omr.shacknet.nu
is infected with virus: Win32/Zafi.B at mm.
Cannot clean this file.
The file was successfully deleted by RAV AntiVirus.

this is a copy of the e-mail header from the Anti-Virus scanner:

RAV AntiVirus for Linux i386 version: 8.4.2 (snapshot-20030312)
Copyright (c) since 1995 GeCAD The Software Company. All rights reserved.
Running on host: w5omr.shacknet.nu

Scan engine 8.11 for i386.
Last update: Thu, 15 Jul 2004 22:19:48 -05
Scanning for 102540 malwares (viruses, trojans and worms).

You can download a free 30-day fully functional trial version of RAV AntiVirus
for Mail Servers from: http://www.ravantivirus.com

Thanks, to anyone who can help with this situation.

Let's help a fellow ham overcome the tortures of
other mis-guided individuals, and perhaps educate
him on the proper usage of an Anti-Virus product.

73 = Best Regards,

More information about the AMRadio mailing list

This page last updated 18 Dec 2017.