• Visitors can check out the Forum FAQ by clicking this link. You have to register before you can post: click the REGISTER link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. View our Forum Privacy Policy.
  • FREE webinar: What does a post IR35 reform CV look like? : Wed, Jul 28, 2021 7:15 PM - 8:15 PM BST More details here.

Klez macro virus I need help

  • Filter
  • Time
  • Show
Clear All
new posts

    Klez macro virus I need help

    Can anybody offer any help.

    As far as I can gather it looks like
    an account at btinternet.com is sending it to me.

    It may be spoofing and not from that guy.

    He is real enough, I have found his phone number on the internet.

    Ofcourse it might not be him.

    I have sent items to abuse@bt.com

    This is really starting to bug me as I am receiving,
    four of these a day in my prime business email account.

    Below is what I receive in the body of the message:

    ----- Original Message -----
    From: "urfriend" < loveshore@loverscreensaver.com >
    To: < andywid@btinternet.com >
    Sent: Thu,10 Oct 2002 22:03:05 PM
    Subject: Let's Laugh

    This e-mail is never sent unsolicited. If you need to unsubscribe,
    follow the instructions at the bottom of the message.
    ************************************************** *********

    Enjoy this friendship Screen Saver and Check ur friends circle...

    Send this screensaver from www.loverscreensaver.com to everyone you
    consider a FRIEND, even if it means sending it back to the person
    who sent it to you. If it comes back to you, then you'll know you
    have a circle of friends.

    * To remove yourself from this mailing list, point your browser to:
    * Enter your email address (andywid@btinternet.com) in the field provided and click "Unsubscribe".


    * Reply to this me


    You can take it as read that there is no such url as

    I have run FixKlez.com (100,472 bytes) on my machine
    I am using Outlook Express 6.00.2800.1106
    and between that and Norton I cannot even open
    the files even if I 'wanted' to.

    Desparate Darren .....

    we need to see the headers

    You can only identify the source if you see the full headers

    right click on the message, choose properties, then the details tab.

    cut and paste that lot. you will have something like this :

    Return-Path: <intbusiness@elsitio.com>
    Received: from mta03.local ([])
    &nbsp &nbsp &nbsp &nbsp by s1.uklinux.net (8.11.6/8.11.6) with SMTP id g9A2n1027507
    &nbsp &nbsp &nbsp &nbsp for <sales@arthington.com>; Thu, 10 Oct 2002 03:49:06 +0100
    Envelope-To: <sales@arthington.com>
    Date: Thu, 10 Oct 2002 03:49:06 +0100
    Message-Id: <200210100249.g9A2n1027507@s1.uklinux.net>
    Received: (qmail 4829 invoked from network); 10 Oct 2002 02:48:59 -0000
    Received: from unknown (HELO localhost) ([]) (envelope-sender <intbusiness@elsitio.com>)
    by mta03.local (qmail-ldap-1.03) with SMTP
    for <ceo@finance5andbuy5business.net>; 10 Oct 2002 02:48:59 -0000
    From: "venture finance" <intbusiness@elsitio.com>
    To: <ceo@finance5andbuy5business.net.uklinux.net>

    what you need is that first received from line.
    Received: from mta03.local ([])

    ignore the name but the ip address is the mail server that sent it to you. lookup who they are at www.ripe.net/perl/whois

    forward the mail to abuse@..... including a full copy of the headers and ask them to identify the user responsible.

    Most isps will close the account until their customer applies av.