Yaha Virus
Results 1 to 6 of 6

Thread: Yaha Virus

  1. #1
    Junior Member
    Join Date
    Apr 2003
    Posts
    5

    Yaha Virus

    Okay, heres the deal. I know the Yaha virus I am recieving is pretty old and all, but my question is not about disinfecting. What I would like to know is, how do I stop the emails from flooding in???

    Obviously someone who has my email address is infected, BUT seeing as how the virus contains it's own SMTP protocols and therefore does not use a standard one, I have no way of tracking it...

    It appears to be comming in from HOTMAIL but it is not from there it is just being spoofed with that name...

    Any ideas on how to block it out would be very helpfull! Thanks.

    ~John~

  2. #2
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,884
    There are *many* ways to deal with this, however, you will have to provide a bit more NFO.

    1) Are you behind a firewall?
    2) Is this a home setup or a business?
    3) You can setup e-mail filters within your e-mail client (the quick and dirty way to deal with this) so if you tell us which one you use, we can assist you in setting up a filter.
    4) Do you have a virus scanner running? There are ways to deal with it using a AV scanner.

    If you give some more details Im sure people here will be happy to help you out. I know I will.
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  3. #3
    Junior Member
    Join Date
    Apr 2003
    Posts
    5
    1) Are you behind a firewall?

    Yes

    2) Is this a home setup or a business?

    It is a college e-mail address therefore I cannot change it and have limited access to the system.

    3) You can setup e-mail filters within your e-mail client (the quick and dirty way to deal with this) so if you tell us which one you use, we can assist you in setting up a filter.

    Yes the college uses a client called SquirrelMail, but I do not know what to filter. The From, subject, message, and all header info is changed each time. BUT the date is always DEC 31, 1969. That is the only thing I see that is always the same.

    4) Do you have a virus scanner running? There are ways to deal with it using a AV scanner.

    Yes I have Norton on the college computers.
    But limited access to it's options

    They run DeepFreeze on the computers here so If i do Anything, it all goes back to default the next time I log in. So most options are therefore pointless.

    _______________________________

    EXAMPLE EMAIL

    HEADER:

    Received: from falcon.tp.devry.edu (dialup-67.28.41.135.Dial1.Chicago1.Level3.net [67.28.41.135])
    by falcon.tp.devry.edu (8.12.9/8.12.9) with SMTP id h34KKTGF027332
    for <***MY EMAIL ADDY***>; Fri, 4 Apr 2003 14:20:30 -0600 (CST)
    Message-Id: <200304042020.h34KKTGF027332@falcon.tp.devry.edu>
    From: Mail Delivery System<MAILER-DAEMON@falcon.tp.devry.edu>
    To: ***MY EMAIL ADDY***
    Subject: Undelivered Mail Returned to Sender -dotj's ACN Internet Account Info
    Date: Fri,04 Apr 2003 14:31:14 PM
    X-Mailer: Microsoft Outlook Express 5.50.4133.2400
    MIME-Version: 1.0
    Content-Type: multipart/mixed;
    boundary=rskcsvc
    Content-Length: 41575

    BODY

    Content-Transfer-Encoding: quoted-printable

    This message was created automatically by mail delivery software (Exim).

    A message that you sent could not be delivered to one or more of its recipients.
    This is a permanent error. The following address(es) failed:***RANDOM EMAIL ADDY***

    For further assistance, please contact
    If you do so, please include this problem report. You can
    delete your own text from the message returned below.

    CAttachments:
    dotj's 40 k [ message/rfc822 ] download | view


    END EXAMPLE EMAIL

    Need more info please ask

  4. #4
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    The simplest way to trace an email is to cut 'n past it at http://www.spamcop.net.

    Then use the email address(es) found to write an abuse email to his/her provider. Supply them the full headers of the email and they (the isp) will contact the offending user.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  5. #5
    Junior Member
    Join Date
    Apr 2003
    Posts
    5
    Well, I do not want to get this person in trouble... They are infected with the virus and it is not their fault that they are sending this out unwillingly... am I right?

    I just want to stop getting the 5-7 emails a day that it sends to me.

    And earlier I said we use a firewall.. WE DO NOT, we use a NAT here.

  6. #6
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    Originally posted here by BiteMe4Fun
    Well, I do not want to get this person in trouble... They are infected with the virus and it is not their fault that they are sending this out unwillingly... am I right?
    Correct. But to find out who it is you will need to contact his/her ISP. And they are not going to give you the details of their customer(s) (privacy policy).

    btw it IS their fault they got infected. They should have updated their system on a regular basis and they should run a descent virusscanner. If you don't, you're just begging for an infection these days.


    I just want to stop getting the 5-7 emails a day that it sends to me.
    Like i said before contact his/her ISP. They will contact the offending user.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •