| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 19589 | 2002-05-19 04:38:00 | W32.KLEZ.H@mm Virus | Guest (0) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 49531 | 2002-05-19 04:38:00 | Someone keeps sending this virus to me. It appears at least once a day. Fortunately NAV finds it every time (so far) and renders it harmless. I have just done a complete virus check on my computer and Norton tells me it is clean. I have the latest NAV with automatic updates so it should be correct. What I want to find out is : is it possible to find out who is sending the virus so I could try to stop it from being sent? Any advice would be most welcome John Robb |
Guest (0) | ||
| 49532 | 2002-05-19 05:08:00 | How are you actually receiving it? Webmail? which ISP? attachment? other? | Guest (0) | ||
| 49533 | 2002-05-19 06:06:00 | klez finds random sender names & subjects, as i'm sure you now know. Look at the headers, and you should find that the return-path is what it should be To do this, select the message in outlook express then file > properties > details > message source. Here's one i got. You will see something similar. Return-Path: <XXXXXX@xtra.co.nz> Delivered-To: ****ME***@paradise.net.nz X-Envelope-To: ****ME****@paradise.net.nz Received: (qmail 89955 invoked by alias); 4 May 2002 07:33:56 -0000 Received: from ip210-55-105-82.interspeed.co.nz (HELO chronus.interspeed.co.nz) (210.55.105.82) by debbie.paradise.net.nz with SMTP; 4 May 2002 07:33:56 -0000 Received: from mta1-rme.xtra.co.nz (mta1-rme.xtra.co.nz [210.86.15.129]) by chronus.interspeed.co.nz (Postfix) with ESMTP id D6574AF2C4 for <chris@millerton.co.nz>; Sat, 4 May 2002 19:26:51 +1200 (NZST) Received: from Miz ([210.54.74.164]) by mta1-rme.xtra.co.nz with SMTP id <20020504073325.BYZW13342.mta1-rme.xtra.co.nz@Miz> for <****ME****@**REALLY*ME**.co.nz>; Sat, 4 May 2002 19:33:25 +1200 From: chris <****ME****@**REALLY*ME**.co.nz> To: ****ME****@**REALLY*ME**.co.nz Subject: A funny website Ok, i've changed the addys to protect privacy, but, in this example the true sender is the xtra customer at the top, even though the email appeared to come from myself, I was able to confirm it was 'xxx@xtra' with just one phone call, as the sender was a friend who just went online, and didn't think virus updates were important. He does now! |
Guest (0) | ||
| 49534 | 2002-05-19 09:49:00 | Thanks for the propmt reply. It comes in the form of an email and Norton immediately goes into spasm with about 4 warning messages that something is missing or it cant find something and then I simply delete the email. I am with xtra There is an attachmetn but I haven't ever opened it. Look forward to your comments Thanks John |
Guest (0) | ||
| 49535 | 2002-05-19 10:39:00 | Hi Chris Thanks for the propmt reply. The messages are coming at my wife's address and the details are are below. I have only one message that I can check on at present. I do know who ericliu is and will be talking to him tomorrow. Neither of us knows who 'cffan' is and I am rather loathe to email this address as I have heard of stories where one can get deluged with spam once they get hold of an address. I will send an email to xtra to see if they can help. Any further advice would be appreciated Many thanks John Return-Path: <ericliu@am990.co.nz> Received: from Qydih ([219.88.15.253]) by mta1-rme.xtra.co.nz with SMTP id <20020519022140.PGPA23704.mta1-rme.xtra.co.nz@Qydih> for <alison@robb.co.nz>; Sun, 19 May 2002 14:21:40 +1200 From: cffan <cffan@xtra.co.nz> To: alison@robb.co.nz Subject: Questionnaire MIME-Version: 1.0 Content-Type: multipart/alternative; boundary=P05dvmlUZh2127YUwILt3f95J2zwQ6N Message-Id: <20020519022140.PGPA23704.mta1-rme.xtra.co.nz@Qydih> Date: Sun, 19 May 2002 14:22:12 +1200 |
Guest (0) | ||
| 49536 | 2002-05-19 11:10:00 | You need not worry about the attached txt message. Nortons AV places this where the attachment was, it will say something to the effect of what the virus was, and that's about it. This virus shows us good reason not to give email address's to people who love forwarding whole emails of 'fun stuff'. my old @ihug address attracts spam and viri more than anything else, simply because it has been round the block too often. If i had no morals, and a lot more skill than i do, i would write a virus that not only spreads, but also harvests email addresses by sending them back to a central data base for later sale to spammers. If it hasn't already been done, it is only a matter of time. |
Guest (0) | ||
| 49537 | 2002-05-20 03:00:00 | From what I understand so far after reading up on the virus (plus I've received a few of them already!). 1. ericliu is the sender (correct me if I am wrong) because the return path is to his email address. 2. ccfan was probably an email address taken randomly from one of ericliu's email folder. This create confusion if you email to ccfan advising him/her of virus infection (when in fact he/she is not!). Hope this helps. |
Guest (0) | ||
| 1 | |||||