Need Advice Bad!

Discussion in 'Windows Desktop Systems' started by Jdstuhler, Nov 26, 2002.

  1. Jdstuhler

    Jdstuhler Guest

    OK to make a real long story short.....Someone is sending e-mails to a bunch of friends with my e-mail address as the sender. ANd this is happening to them to i am getting e-mails from them and its a big circle and its happening to everyone. We know who the person is who is doing it. But my questions is Does he have our passwords or is there such a program that would spoof the e-mail address to make it look like its coming from me? Thanks for any advice
     
  2. Jewelzz

    Jewelzz OSNN Godlike Veteran

    Messages:
    10,977
    Location:
    California
    Sounds more like a virus to me. Have you asked this person if he/she has scanned his/her computer for virus'?
     
  3. Jdstuhler

    Jdstuhler Guest

    No i haven't this person is for lack of a better word and Enemy...major conflicts....But i am findin out more.... We are all getting E-mails with subjects and blank messages i got one a while ago and MSN gave me a warning. This e-mail message contains FRAMEs that could contain content that may be harmful to your computer. To protect you and your computer, it will not be displayed by default.

    If you're sure that you trust the sender of this message, click the button below and the original message, with FRAMEs, will be displayed.

    and an attachment that says Href.bat
     
  4. Nickp

    Nickp Guest

    While there are programs to spoof email adresses, the email address that the message appears to come from can be set to whatever you want even within outlook, so they are more likely to be spoofing your email address, rather than having access to your passwords, although it is a possibility.
     
  5. Jdstuhler

    Jdstuhler Guest

    any idea on this Href.bat file and command[5].htm?
     
  6. Nickp

    Nickp Guest

    The file "href.bat" is a batch file. Basically it is a list of DOS commands which can do anything from rename files to try to format your drive. The other file is a webpage and could contain malicious code. Better leaving them alone if you don't know what they are really.
     
  7. Jdstuhler

    Jdstuhler Guest

    The Klez Virus this is what we are getting....any info?
     
  8. Nickp

    Nickp Guest

    Best thing you can do is get decent antivirus software installed and don't open attachments where you don't know what they are.
     
  9. Jdstuhler

    Jdstuhler Guest

    Yea i think i'm pretty safe. i got Norton running fulltime and blackice. My only issue is how is this person sending e-mail with my address. is there a way to tell if its a spoof or actually coming from me?
     
  10. Nickp

    Nickp Guest

    If you view the headers of the email you can see where it has come from and what servers it has come through, this might give you a clue as to who it has come from but there is no sure way of telling who it came from.

    If you get one you know is not from the who it says it is you could forward it to your ISP and ask them to track down the culprit. Usually the senders ISP will warn them or even ban them.
     
  11. djmgyx

    djmgyx Guest

    If the emails all are Klez Infected the person likely does not know he is sending them, and stands a good chance that he is not sending them after all. Once infected with the Klez virus it will copy all adrress in the email client to do 2 things, email it itself to all of them, and to rename the email header to appear as if from another person. I work a t a Univiersity that has yet to block the virus on the mian servers so studnet who get infected are constantly spreading it unknowingly. Just becasue you have a anti virus program installed does not help, for in order for it to be effective you have to keep it up to date, weekly if not daily. Most viruses are out for weeks even months before anti virus companies are made aware of them, and able to disinfect them.

    With your situation, anyone with that person in their address book, could be the infected computer, yes this includes yourself. I say this simply ebcasue on a dialy absis I have to delete over 30 infected emails, with usualy 3-5 syaing they are from me in the headers. I know I'm not infected, simply because the attachemnts inlcude can't be opened.

    Send and email his way jsut to give him a heqads up, otherwise not only him but everyone else is you 2 have in common become the vivitms in this case
     
  12. egghead

    egghead Double O Egghead

    Messages:
    504
    hi:

    your email address cannot be spoofed

    if it could we would not need anominizer websites

    we could be anyone

    ask your friend for the ip of the email sender

    it should match yours

    if not
    well... who knows?

    goto
    http://housecall.antivirus.com/housecall/start_corp.asp
    free online virus scan
    no regestiring
    norton misses alot of stuff and this is up to date

    if nothing is found try a full trojan scanner

    i doubt its a trojan

    sounds like a virus

    especially with the no subject lines etc...

    every bit helps

    cheers
    egghead
     
  13. jawshoouh

    jawshoouh Guest

    sounds like you got Klez, like a few other posters said already. go to symantec's virus tool removal downloads page (http://securityresponse.symantec.com/avcenter/tools.list.html) and snag the klez removal one. you need to do it in safe mode, i think...ran it on 50+ PCs at work a few months ago, was a major PITA, but it got rid of the klez virus.
     
  14. Nickp

    Nickp Guest

    Email adresses are easy to spoof and if your not on a static IP its damn hard to trace without the co-operation of the ISP involved.
     
  15. djmgyx

    djmgyx Guest

    The Klez Virus will spoof any email address it has picked up, therefore, if you are clean and you till receive them it doesn't mean you are infected, it simply means someone, who has you on their address book has been infected and thus your name is now free reign for the virus to use, whether to show as the send or to be recipient