Aces High Bulletin Board

Help and Support Forums => Technical Support => Topic started by: minus on April 09, 2003, 02:39:06 PM

Title: skuzzy need some litle help please
Post by: minus on April 09, 2003, 02:39:06 PM

well is it litle of topic , but some buger realy anoying me vith virus ,es

 looks like  is it not some one  HTC BBS  but never know
\
and with all the the fake mails crap not realy  easy to know from where is it come , can you take a look at this 2 propriety files ?

please ?

Return-Path:
Received: from satanas.europeonline.net ([194.177.33.67] verified)
  by mail01.europeonline.com (CommuniGate Pro SMTP 3.5.4)
  with ESMTP id 8274376 for 10940496@cgate.europeonline.com; Mon, 07 Apr 2003 21:54:08 +0200
Received: (from root@localhost)
   by satanas.europeonline.net (8.12.9/8.12.9) id h37Js7tw008152
   for 10940496@cgate.europeonline.com; Mon, 7 Apr 2003 21:54:07 +0200
Received: from mwinf0304.wanadoo.fr (smtp4.wanadoo.fr [193.252.22.28])
   by satanas.europeonline.net (8.12.9/8.12.9) with ESMTP id h37Jr5eN006978
   for ; Mon, 7 Apr 2003 21:53:06 +0200
Received: from Qjzkxcu (ANice-106-1-5-57.abo.wanadoo.fr [80.14.106.57])
   by mwinf0304.wanadoo.fr (SMTP Server) with SMTP id 5B1D8A802648
   for ; Mon,  7 Apr 2003 21:52:46 +0200 (CEST)
From: "facture.clients"
To: lvf01@europeonline.com
Subject: Done.
MIME-Version: 1.0
Content-Type: multipart/alternative;
   boundary=W4VC7y9N87


and the second
Return-Path:
Received: from satanas.europeonline.net ([194.177.33.67] verified)
  by mail01.europeonline.com (CommuniGate Pro SMTP 3.5.4)
  with ESMTP id 8333129 for 10940496@cgate.europeonline.com; Wed, 09 Apr 2003 19:50:45 +0200
Received: (from root@localhost)
   by satanas.europeonline.net (8.12.9/8.12.9) id h39HoiZn016076
   for 10940496@cgate.europeonline.com; Wed, 9 Apr 2003 19:50:44 +0200
Received: from mwinf0302.wanadoo.fr (smtp4.wanadoo.fr [193.252.22.28])
   by satanas.europeonline.net (8.12.9/8.12.9) with ESMTP id h39HneeN015348
   for ; Wed, 9 Apr 2003 19:49:41 +0200
Received: from Hifzcufob (ANice-106-1-8-98.abo.wanadoo.fr [81.49.131.98])
   by mwinf0302.wanadoo.fr (SMTP Server) with SMTP id D49D7C00065F
   for ; Wed,  9 Apr 2003 19:49:20 +0200 (CEST)
From: webmaster
To: lvf01@europeonline.com
Subject: A special  powful tool
MIME-Version: 1.0
Content-Type: multipart/alternative;
   boundary=OI4M09c4nr6A46JU648bb8l
Message-Id: <20030409174920.D49D7C00065F@mwinf0302.wanadoo.fr>
Date: Wed,  9 Apr 2003 19:49:20 +0200 (CEST)
X-Loop: forward.europeonline.com

Title: skuzzy need some litle help please
Post by: Skuzzy on April 09, 2003, 02:44:52 PM

Both of thoise originated at wanadoo.fr.  This ISP is notorius for allowing SPAMMERS and hackers to reside on thier networks.

While running AppLink, I had at one time completely shut off access from wanadoo.fr, along with many other ISP's due to the problem.  They will not do anything about it either.

Send these headers to your ISP.  If they get enough complaints, maybe they will block wanadoo.fr as well.

Title: skuzzy need some litle help please
Post by: minus on April 09, 2003, 02:50:57 PM

thx scuzzy,  the damn files have same signature is it a same person who realy well  hiding there the first one is the  acount admin at wanadoo , hard to beleve hi wil try to spam or send me a virus

second place is some PC shop ,

and more crap the virus is a ,,W32.Klez.E@mm It is a mass-mailing email worm that also attempts to copy itself to network shares. The worm uses random subject lines, message bodies, and attachment file names.

Title: Re: skuzzy need some litle help please
Post by: Skuzzy on April 09, 2003, 02:54:59 PM

minus, they both originated at wanadoo.fr.

I marked the IP address they originated from in the email header.

Return-Path:
Received: from satanas.europeonline.net ([194.177.33.67] verified)
  by mail01.europeonline.com (CommuniGate Pro SMTP 3.5.4)
  with ESMTP id 8274376 for 10940496@cgate.europeonline.com; Mon, 07 Apr 2003 21:54:08 +0200
Received: (from root@localhost)
   by satanas.europeonline.net (8.12.9/8.12.9) id h37Js7tw008152
   for 10940496@cgate.europeonline.com; Mon, 7 Apr 2003 21:54:07 +0200
Received: from mwinf0304.wanadoo.fr (smtp4.wanadoo.fr [193.252.22.28])
   by satanas.europeonline.net (8.12.9/8.12.9) with ESMTP id h37Jr5eN006978
   for ; Mon, 7 Apr 2003 21:53:06 +0200
Received: from Qjzkxcu (ANice-106-1-5-57.abo.wanadoo.fr [80.14.106.57])
   by mwinf0304.wanadoo.fr (SMTP Server) with SMTP id 5B1D8A802648
   for ; Mon,  7 Apr 2003 21:52:46 +0200 (CEST)
From: "facture.clients"
To: lvf01@europeonline.com
Subject: Done.
MIME-Version: 1.0
Content-Type: multipart/alternative;
   boundary=W4VC7y9N87


and the second
Return-Path:
Received: from satanas.europeonline.net ([194.177.33.67] verified)
  by mail01.europeonline.com (CommuniGate Pro SMTP 3.5.4)
  with ESMTP id 8333129 for 10940496@cgate.europeonline.com; Wed, 09 Apr 2003 19:50:45 +0200
Received: (from root@localhost)
   by satanas.europeonline.net (8.12.9/8.12.9) id h39HoiZn016076
   for 10940496@cgate.europeonline.com; Wed, 9 Apr 2003 19:50:44 +0200
Received: from mwinf0302.wanadoo.fr (smtp4.wanadoo.fr [193.252.22.28])
   by satanas.europeonline.net (8.12.9/8.12.9) with ESMTP id h39HneeN015348
   for ; Wed, 9 Apr 2003 19:49:41 +0200
Received: from Hifzcufob (ANice-106-1-8-98.abo.wanadoo.fr [81.49.131.98])
   by mwinf0302.wanadoo.fr (SMTP Server) with SMTP id D49D7C00065F
   for ; Wed,  9 Apr 2003 19:49:20 +0200 (CEST)
From: webmaster
To: lvf01@europeonline.com
Subject: A special  powful tool
MIME-Version: 1.0
Content-Type: multipart/alternative;
   boundary=OI4M09c4nr6A46JU648bb8l
Message-Id: <20030409174920.D49D7C00065F@mwinf0302.wanadoo.fr>
Date: Wed,  9 Apr 2003 19:49:20 +0200 (CEST)
X-Loop: forward.europeonline.com

Title: skuzzy need some litle help please
Post by: minus on April 09, 2003, 03:11:49 PM

cleare !! now i copy, well must be some   frend who have it  :D  this  frekin masmailer worm