Need A Little Help

KingCobra · #1 18th Sep 04, 03:21 AM

I just got a virus and I think it came from this email. W32/Fyga.A@dro

See email header:

Quote:

-Apparently-To: proverbs26verse11@yahoo.com via 216.136.174.229; Fri, 17 Sep 2004 16:14:49 -0700
X-Originating-IP: [200.170.118.209]
Return-Path: <turinaphelion94146@charter.net>
Received: from 200.170.118.209 (HELO 67.28.113.11) (200.170.118.209) by mta159.mail.re2.yahoo.com with SMTP; Fri, 17 Sep 2004 16:14:48 -0700
Received: from Z5G-oJGv (200.170.118.209) by smtp4.rogers.com (Postfix) with ESMTP id 79FB3D2858F for <proverbs25v25@yahoo.com>; Fri, 17 Sep 2004 18:14:33 -0600
From: "Daugherty" <turinaphelion94146@charter.net>  Add to Address Book
To:  proverbs25v25@yahoo.com
Subject: Application, Fri, 17 Sep 2004 18:14:33 -0600
Date: Fri, 17 Sep 2004 18:14:33 -0600
MIME-Version: 1.0
Content-Type: multipart/related; type="multipart/alternative"; boundary="----=_b609_000_0017_01C49B1A.244B5BF0"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2180
X-mimeole: Produced By Microsoft MimeOLE V6.00.2900.2180
Content-Length: 24126

Any ideas on what I can do to figure this out?

tubebuoy · #2 18th Sep 04, 03:46 AM

Your qoute is above my pay scale. What 'symptoms' are you experiencing?

}---:?

KingCobra · #3 18th Sep 04, 04:06 AM

F-Prot Realtime Protector is showing me all the files that are getting infected. NAV found nothing, housecall found nothing and thankfully f-prot is finding them and I'm deleting the files. Glad I don't just trust one anti-virus. I think I know the guy that gave me this virus and what I need to know is how can I use the header info to prove it?

~*McoreD*~ · #4 18th Sep 04, 06:14 AM

Too bad F-Prot doesn't scan incoming mails and its attachments.

Otherwise you wouldn't have gotten this virus in the first place.

Good luck on recovering the files, KC.

All the Best,
McoreD

KingCobra · #5 18th Sep 04, 02:11 PM

~*McoreD*~ - Your right, but I'm just thankful the realtime scanner seen them so I was aware to take action. It infected several .exe files but everything seems fine now. I sent a copy of the email header to my ISP which is the same ISP where the email came from. I even sent the name of the guy I think it was, which in this area would have the same IPS as me. The guy I'm speaking of is the local school districts network ADMIN. I posted one of his emails to me on the PTO website for all the parents to see. He later sent me an email saying if I didn't take it down, he would file legal action.

I took it down, but if I could only prove that he sent this virus to me it would be sweet justice.

war59312 · #6 18th Sep 04, 08:44 PM

Yea I got this crap too. Still cant find any info on the virus though.

KingCobra · #7 26th Sep 04, 02:06 PM

I recently found that my ISP allows two reports of passing a virus from the same account before they shut you down. They said is safe to assume that the virus was sent by mistake. Oh well, I cleaned my system without a reformat so everything ok now.