Viruses, Trojans and SPAM/Scam watch [Archived].
- Thread starter Xerxes
- Start date
- Status
The usual method of dealing with spam is get the IP address of the person that generated the spam. This means getting hold of an e-mail header which is difficult to explain "how to get" because there are so many different mail programs and online mail settings that might need to be clicked to get one, so this assumes you've got their IP from this.
You can then do a lookup on the IP address, so you know the canonical name and other data.
(Those that computer lit. will find this easy, but for the rest of you either use:
http://www.info-x.co.uk/netools/netools.asp?tool=13
http://sunny.nic.com/cgi-bin/whois)
When you know which domain name they are from (note your after an ISP domain if it's a DSL/CABLE connection outputting the spam) Get the domain output which might be dsl44-55-66-77.anisp.net, and generate an abuse e-mail address. i.e. abuse@anisp.net
FWD: the e-mail you recieved (INCLUDING FULL HEADERS) to the abuse e-mail address, if the e-mail included attachments, then don't bother sending the attachments.
Just type something in the top of the FWD: like:
Thats pretty much all you can do, the ISP's usually are pretty good, when they have mails sent to abuse that contain the offending e-mail containing header they can deal with the ISP and even packetscan to work out which ports are infected. (Sometimes they pull the plug on the whole IP until the system is made safe again).
Don't go silly though trying to get revenge on someone that you think is attacking your e-mail address, most of the time it's because the person is using an unpatched OS with an out of date anti-virus program running, so it's just those points that caused the outbreak rather than spitefulness.
You can then do a lookup on the IP address, so you know the canonical name and other data.
(Those that computer lit. will find this easy, but for the rest of you either use:
http://www.info-x.co.uk/netools/netools.asp?tool=13
http://sunny.nic.com/cgi-bin/whois)
When you know which domain name they are from (note your after an ISP domain if it's a DSL/CABLE connection outputting the spam) Get the domain output which might be dsl44-55-66-77.anisp.net, and generate an abuse e-mail address. i.e. abuse@anisp.net
FWD: the e-mail you recieved (INCLUDING FULL HEADERS) to the abuse e-mail address, if the e-mail included attachments, then don't bother sending the attachments.
Just type something in the top of the FWD: like:
Thats pretty much all you can do, the ISP's usually are pretty good, when they have mails sent to abuse that contain the offending e-mail containing header they can deal with the ISP and even packetscan to work out which ports are infected. (Sometimes they pull the plug on the whole IP until the system is made safe again).
Don't go silly though trying to get revenge on someone that you think is attacking your e-mail address, most of the time it's because the person is using an unpatched OS with an out of date anti-virus program running, so it's just those points that caused the outbreak rather than spitefulness.
Dumb_Marklar
Registered Member
I'm sorry, I guess I wasn't very clear. I already did those things a week ago. The IP provider said they would do something.
I'm just still getting the virus emailed to me. No harm I suppose; just an annoyance.
I'd never do anything to anyone. It just seems silly that I know their IP but yet I can't email them to let them know they have a virus.
I'm just still getting the virus emailed to me. No harm I suppose; just an annoyance.
I'd never do anything to anyone. It just seems silly that I know their IP but yet I can't email them to let them know they have a virus.
Most likely that will only kill your own IP, since it's masquarading with that:
the virus actually sends those mails from YOUR IP, sneaky ééj?
the thing to to is: format your drive completely, re-install your operating sys and install AVAST! it's a virus scanner and cleaner: it has an email client protection and several other functions:
A virus messed up my PC too, before I installed AVAST! now: all a virus does is getting discarded and deleted toroughly by my virus protection!
I even have several choices what I want to do with it,..delete, put in the chest with the rest of the virusses or discard, altough I'm not sure of that last functionallity,...
I'm happy now,...they won't get to me, those cretins! I wish for them to be ripped their hearts out of their chest!
the virus actually sends those mails from YOUR IP, sneaky ééj?
the thing to to is: format your drive completely, re-install your operating sys and install AVAST! it's a virus scanner and cleaner: it has an email client protection and several other functions:
A virus messed up my PC too, before I installed AVAST! now: all a virus does is getting discarded and deleted toroughly by my virus protection!
I even have several choices what I want to do with it,..delete, put in the chest with the rest of the virusses or discard, altough I'm not sure of that last functionallity,...I'm happy now,...they won't get to me, those cretins! I wish for them to be ripped their hearts out of their chest!
Last edited by a moderator:
Just updating the thread due to the increase in some virii:
Sasser.A
http://www3.ca.com/threatinfo/virusinfo/virus.aspx?id=39012
Netsky.A to Netsky.Z
This particular worm is difficult to place a link, because the people responsible for the worm apparently have been using Worms similar to how street gangs graffitti their territory. All the varients seem to try and run their server to look like it's anti-virus or a firewall, and generally delete some keys associated with some other viruses (of the other gang no less) and open backdoors to exploit a system further.
Sasser.A
http://www3.ca.com/threatinfo/virusinfo/virus.aspx?id=39012
Netsky.A to Netsky.Z
This particular worm is difficult to place a link, because the people responsible for the worm apparently have been using Worms similar to how street gangs graffitti their territory. All the varients seem to try and run their server to look like it's anti-virus or a firewall, and generally delete some keys associated with some other viruses (of the other gang no less) and open backdoors to exploit a system further.
Alert: Dabber worm.
This worm exploits systems infected with sasser worm. It cleans up evidence of the sasser worm and installs a back door. If you haven't run the latest critical updates yet, you're a fool.
http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=125300
This worm exploits systems infected with sasser worm. It cleans up evidence of the sasser worm and installs a back door. If you haven't run the latest critical updates yet, you're a fool.
http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=125300
How annoying, I got e-mails with Netsky.Z. Did not know that they arrived at the letter Z yet. But so badly placed, who would open an e-mail that is labeled "Hi" and contains an important file?
I used a program to find out of there was anything, and it kills what it finds, luckily - nothing. Going to www.mcafee.com and download a freebie called stinger.
I haven't been able to find it with a google search, maybe Stryder can point you to a website. From what I've seen, dropper viruses are not trojans themselves, but they "drop" trojans on your system. You might just have a hacker on the other end laughing his ass off. And if dropper is as old as Stryder thinks, maybe an old out-of-date hacker at that.
Why do you think it's dropper.liba.a? Are you running an antivirus? If you are, it can't handle the virus? Did you try the stinger? Sure don't sound fun.
Why do you think it's dropper.liba.a? Are you running an antivirus? If you are, it can't handle the virus? Did you try the stinger? Sure don't sound fun.
yes my antivirus alerts that D.L.A was found and needs to run antivirus to remove it. but then it says it cant remove the file (win/sys32/inb5-somethingorother.. ) so i have to rename it an manually delete it... but its back an hour later... once i tried to ignore it and i started getting all kinds of alerts, so i ran the antivirus and it removed 5 viruses but couldnt remove the D.L.A
i cant find any info on it either. but i dont know much about viruses. I havnt tried the stinger, ill do that tonight.
i cant find any info on it either. but i dont know much about viruses. I havnt tried the stinger, ill do that tonight.
You might try Pest Patrol. A link is in the FAQ thread. If dropper is as I described, you might have a trojan which is letting the viruses in. Pest Patrol is dedicated to trojan removal.
Coulda sworn it was added in there. Guess not. It's www.pestpatrol.com. Good luck.
what was i supposed to get from pest patrol? im not going to buy it lol. alsothats for adware. and i wont touch adware. last time i tried to remove all the ads etc from my computer windows crumbled and i had to reformat. lol.
going to try stinger now.
going to try stinger now.
- Status