Printable View
In 3 days I have recieved 2 virii attachments to emails . Two seprate emails but the same virii. I email back the two people and they respond that it wasnt them, which of course they would. The question I have is how can I track email hops back to the original emailer? Or could someone at least send me too a site which infos me how to go about retrace'n the steps back to the original emailer if in case it was'nt those two emailers. If that all made sense too you.
Thanks for any help
Ferret
Well they didn't send those e-mails, their systems got infected and started sending infected e-mails to people in their address books. Some e-mail viruses are also intelligent enough to use remailers or infected mail servers.
Who says two hops back is were the virus originated. Could be 2, could be 1000. I'm not sure what you hope to accomplish by tracing back e-mails. I hope you’re not planning some kind of lame vigilante thing.
I had thought of that, and that was one of my questions too them if they had me on any of there email lists, or any messanger service and they didnt. So I was assume'n that someone just used there email addy name and emailed it. I wasnt on any of there lists nor did I know them from adam.
I didnt mean 2 hops literally I understand it could be several I was using that as an explanation. And just because I want to trace it back to the original source doesnt mean I want too do "some kind of lame vigilante thing." I just want to know where it originated from and from who, 2cd if Im asking how to do hops back to originating source obviously Im a semi noob and most likely wouldnt know what to do anyways. Maybe you should use your brain and think Maybe he wanted to see if he knew the person who was really sending these emails. Also most like to do this kind of stupid sh it of sending anonymous email virii anonymously. If i find the source email 9 times out of 10 he would most likely stop because I tracked it back to him and he wasnt anonymous anymore.
Like I said, even if it's 1 hop or 10 hops, it doesn't matter. Because whoever you trace, it's not his fault, got infected, e-mail virus spread to his address book.
There is no way in hell you can track down the originator.
Ok obviously Leviatan you have no clue what your talking about. Because I was'nt on either of there address book for it too spread to me that way. All they did was use there outlook and change there from address to there own, its not hard to do that. And I had a friend from work trace it back and it was actually quite easy. So next time Leviatan before you act like you know what your talking about when your giving advice, please know what your talking about for real.
Ferret, sending mails back doesn´t do any help.
It´s usually even contrapruducent (you can originate some kind of chain reaction... or somebody think it was you who originated it....)
The advice I can give you is: don´t mail back
Ferret> Obviously you have no idea what you are talking about. First off what was the virus? There is a good chance that someone in here has atleast battled the virus, if not examined it. Anyway, let me give you an example.
The Klez worm, which is probably the most prolific virus out right now...
When this virus infects a machine, it reads the outlook address book. It then choses any one name in the address book and uses that as the from address. It then emails itself to everyone else in the book. So If I was infected with klez, and both you and leviathian were in my address book, it may send you the message with leviathians return address, even though leviathian doesn't have you in his address book, and may not have any clue who you are. The from address is forged by the virus. It was probably sent to you by someone you know, most likely a close friend, and they just don't know that they are infected.
Like I said, we could give you more help if you gave us more information. Tracing an email message back to its original destination is normally a matter of reading the header file, but like I said, it depends on the virus....
And as I said in the previous , We did trace it back after a few said here it was impossible, and yes it was a friend that was infected and did not know it. Thats why I asked for alittle help in the first place but so far I was semi- flamed or told it was impossible. Well for the impossible Ive made a reality, I figured it out with a friend who wasnt looking just to start flaming. Traced it back to my friend and helped him remove the worm. alls good and alls done.
I believe what was said was that it could be impossible to trace a viri back, and yes those headers. Then again how about all the news on the Viri sites and media about Klez, those are impossible to find LOL NOT. Try keeping up on viri news or even current web events, read, read read and learn about all the new viri and their signatures (as in published reports) try to remember some of them so when your system (s) start to do funny things you have a direction to go in. One would have to be pretty out of touch not hear anything about Klez. So don;t go off on people here. First clue as to whom is lame is the lack of information from you and second is to say others here trying to help know nothing, third READ current news and viri site reports.
Thanks palemoon lol I wasnt going off on anyone lol i did what you said, started reading and more reading. What I asked was if there was a easy way of just tracing the email back to the source. That was going to be the easiest way of finding the infected friend. then basically the first post was me getting flamed lol "I hope you’re not planning some kind of lame vigilante thing". I can see that you have to baby your posts here on what you ask or your deemed a pain in the ass, like I was already from AO lol. So Ill find another forum because I asked a simple question on something I didnt know not intending to start a flame war which alot seemed to me, wanted to start right off the bat rather than explaining how to trace back a simple email so I could maybe help my friend (which I had an idea it was a friend infected with the worm emailed to me).
I'm not down on anyone here and I'm not on you. Some of my advice was to read, I spend at least two hours per day just reading about what is out here and new and how to filter for this and that mamy times I could spend that time in others ways but Reading is the only way to keep up. The other is I'd go to google install their tool bar because it is impossible to keep all the info in your head and error codes I don't recall, or symptons on program errors a google search is the first stop.
Ferret> From everything you posted, it appeard that you thought someone intentionally sent you the virus and you wanted to find out who did it. If you read your old posts from a third person perspective, what would you say your intentions were?
Anyway, am not sure but it could be the “JDBJMGR.EXE” virii
All u gat to do is this
If u are using windows
1-go to start, -search and place the jdbjmgr.exe for the ‘find and search program’, if any result then I guess u know what to do! DELETE with no 2nd thought
Also it could be stored under C:/windows or C:windows 32
And if u are using windows, then u should know where its stored.
Bellon “HUMAN KNOWLEGDE BELONGS TO THE WORLD”
sorry, dail-up failure,,,
And if u are using LINUX, then u should know where its stored
Well considering Im a cop and 30 yrs old, and reading my posts from a third person perspective Id say I was trying to find the source of who sent the emails. Like I said if it was from someone I didnt know 9 times out of 10 they would stop once you find the source because they were not anonymous anymore and if it was a friend that didnt know he had a worm and was sending it too people on his email list then i could inform him. I wasnt on here saying I want to find the ***** and take down his system or any derogatory comments like that. I wasnt even saying like a real noob and "Could someone hack this guy" I explained what happened and when and I didnt want to spend days reading about how to trace an email back to a source if it was something easy like I thought it could be. I even commented back when the first post was "some lame vigilate thing" so obviously I wasnt out to cause damage or harm to anyone but just to find the source and go from there. So that is what I got from a third person perspective when rereading my posts. But it seems to me even thou Im a noob to the forum that everyone here is on a high alert to start a flame or mini flame war rather than explain things or help.
thanks bello, thing is nortons caught it on email download what I was trying to do was find the source because the email header wasnt where it originated from but "spoofed another email heading" term is prob incorrect but it didnt use the real header from origin what I was trying to find was where the email really came from, which a friend did for me and it was a friend of mine that had a worm slo.zo he downloaded nortons and removed it off his sys and now hes trying to find which email he got it from. but thanks bello for trying to help appr8t it much.
bello, do your homework before you post. This is a Hoax, DO NOT DELETE this file, it's is a Microsoft systems file (Java Debug Manager).Quote:
Originally posted here by bello
Anyway, am not sure but it could be the “JDBJMGR.EXE” virii
All u gat to do is this
If u are using windows
1-go to start, -search and place the jdbjmgr.exe for the ‘find and search program’, if any result then I guess u know what to do! DELETE with no 2nd thought
Also it could be stored under C:/windows or C:windows 32
And if u are using windows, then u should know where its stored.
Bellon “HUMAN KNOWLEGDE BELONGS TO THE WORLD”
Information can be found HERE
Ok, first off, JDBJMGR.EXE is NOT a virus. This is a hoax. Do NOT delete this file. It is a system file rarely used by Window, but still a system file.
Ferret> I may have been a little rude in my first post, but I did answer your question. It was after you had already traced the message back to your friend, but it was the first time I looked at the thread. You said Leviatian had no idea what he was talking about. What he said was that you couldn't track down the person who originated the virus. He wasn't saying that you couldn't track down who sent you the virus. Also, you got very defensive with cwk9. He didn't flame you. He simply stated that he hoped you were not going to try something stupid if you found the source. If you look at the archives, 90% of all people asking how to trace email or ips or something are asking so they can get revenge.
DJM thanks but Im sure bello is just trying to see if he can pop this noobie into doing something stupid like that. Im sure he's just trying to welcome the noob to AO. Im a noob but not a stupid noob..
If that's the case, I hope he ducks. There was a thread posted yesterday about an IRC chat in which a 'noob' was taking 'advise' from so called experts. I won't go into detail but one of the things they told the noob to do was to use the "deltree" command to solve the problem. That thread was not viewed very 'positive' around here.Quote:
Originally posted here by Ferret
DJM thanks but Im sure bello is just trying to see if he can pop this noobie into doing something stupid like that. Im sure he's just trying to welcome the noob to AO. Im a noob but not a stupid noob..
Cheers:
HeyFerret:
When I can identify someone whose computer sent me a virus, I telephone the owner of the infected PC. Being cheap, I will send an email if it involves a long distance call. :hello:
Yea it was a friend who had a worm and his email address list got hijacked by it and sent it too everyone, that was one of the reasons why I wanted to track it down because I have a semi working knowledge of how they operate. And souleman remember me cuz if I ever ask about something im in the 10% of wanting too know why and how rather than revenge. Im here to learn, read, read somemore, ask questions and answer what I know. Im not out to hunt people on the internet or damage other peoples things. Just like the knowledge, next time I ask thou I will make sure I explain in more detail so you all know im not trying to get revenge rather than trying to find the knowledge and answers. so thanks to who helped and too those lamers like bello try your own advice...
i had this problem with msn messanger but the problem was that there was a file being sent around but it was kinda easy to tell because alot of ppl messaged me wit the same font and color asking me to accept a file, plus they repeated everything, but didnt know they were doing it because it didnt appear on their screen but yea when guys message u in PINK bold new york times font u kinda get suspicious haha but the virus spead like urs, one person sent it to person #1 on their contact list, person number one without recognition sent it to EVERYONE on their contact list who was online (however not all may have accepted) , from person # 2 say uuummm 16 people got infected those 16 ppl will send the virus to the ppl on their contact list , so do u see how hard that can be to track down? most ppl have the skills , just not the patience :)
-JAN
HeyFerret:
Last week, I received several emails containing Klez. The sender was easily located by examination of the "Reply To" portion of the email header. On Tuesday, another Klez-bearing email appeeared in my Inbox. Examination of the IP address indicates the ISP. The "Reply To" test doesn't seem to reveal the sender machine.
Tracking down the infected computer seems to be at best a hit or miss proposition.
:grr:
Yea it does bucket luckily this time it was a "hit" for me lol the reply too didnt help me at all this time, the isp is what did it luckily i knew which isp my buddy was using.
On the latest one, the infected computer has my email address in the Windows Address Book.
The ISP is Comcast.net. Somewhere in the infected PC lies the following email address : [email protected] - whoever that it.
I don't have a clue as to the identity of the owner of the infected PC. <grumble>