help stopping ???klez??? PLEASE

hi
i have had this problem before however when i found the originating domain and sent A message to spamCop's suggested address they stopped
HOWEVER not this time
(i use nn 4.77 and save > 50 kb messages on the server so these are not being dLoaded...)
(it is klezE as one of the message subjects were its removal tools -- lol)
have submitted the fullHeader info MANY times now to spamCop sent F.O.U.R. requests to their suggested address, had them report it and the only response is an increase (5 per day)
1. is it ok to post the full header info (only) in this forum b/c i have a question re: ip addresses not correlating (i.e. the lowerMost received lines very first ip address is NOT the domain suggested by spam cop also trace, xwhoIs, Lookup have another domain...)
2. also is there anything else i should be doing (or can do)?
3. should i be posting this in the nn forum?
thank you

 

First "received ", your provider.

In the full header, look at the second "received line ". Look at the IP address within the quotes. That is the offender.

SamSpade

GeekTools

 

Is it possible that this is where the repeats are coming from ?

Also I would like to suggest a Program called MailWasher.

With it you can EXAMINE ONLY e-mail right on the server.

If anything looks undesireable you can then delete it right off of the server.

It will also notify you if it does contain possible Virus.

I would also check with your Friends etc. that have your e-mail address and make sure they have good AV protection.

Also have then run a reliable on-Line AV check.

Have them also check to make sure their AV software has not been disable. I believe that the mentioned Virus is one that will do that. And then use that machine and Random address from the Address book to FORWARD the NASTY Virus. And all of this without the owners knowledge.

BillyBob

 

hello aleekat and BillyBob,
thank you for replying!
(sorry cannot see a way to reply to seperate msgs...)
so...
aleekat,
there are no quotes AT ALL in the full header data...
just for the lowerMost received states from <letters> ([ipAddress]) by anotherDomain...
Thank you so much for the links! they look excellent!
**************************************************
BilyBob,
By repeats you mean that the same msg is being sent like occasionally spam will do?
the msgs are different; the forged senders are different; the subjects are different and i deleted all mail from the server yesterday but still getting them today...

i appreciate your suggestions re: mailWasher; contacts etc... and thank you!

a major reason i am trying to notify the originating domain is to warn whoever's computer is sending these...

again, aleekat and BillyBob, i really appreciate your answering; suggestions; links and advice
sincerely
Tanya

 

tanya
Your heart is in the right place, but I wouldn't bother trying to warn whoever for this reason. One of klez's email messages is telling someone that they have a virus and here is a tool to fix it. The "tool" to fix it is the virus. See what I mean?
Another thing is that klez has it's own email program built in, it scans the address book for addresses, puts a fake address as the sender, puts in a stolen address and away the email goes. The only legit thing about it is the sending IP. So, you would have to convince the ISP about what you are doing.

 

hello markp62,
many thanks for the reply!
i also got that(helpful / thoughtFul message telling me how dangerous klez is with its attached removal tools lol...
at this moment i have not received any of the daily 5 or so messages so far...
the last thing i did was write to the ip number at the very start of the bottomMost received abuse@ipNumber
perhaps this had an effect -- likely not
i appreciate your reply and thank you again!
sincerely
Tanya