Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

How do I find originator of Klez worm?

Status
Not open for further replies.
mcm85

mcm85

Programmer
Jul 12, 2001
1
US
Since the KlezG worm spoofs the originators email address, is there any way to find out which pc on a network is infected without scanning every pc for the virus?
 
Sort by date Sort by votes
You can almost to do a trace by checking the message header. Even though Klez spoofs the sender address, the mail header will still contain the originator.

Also, having a mailserver-based AV program will help inform you who the actual sender was.

AVChap
 
Upvote 0 Downvote
I have a question on how to check the header. We are still plagued by the Klez virus, and have been unable to track down the infected machine (nearly 1000 machines to check). We are also running Trend Micro's Interscan Viruswall on an SMTP server. How do I go about viewing the email headers to find out the originator of the email as opposed to the sender?? Thank you in advance for any information.
 
Upvote 0 Downvote
Depends on which email system you're using. In Exchange/Outlook combo, you can open the email (don't run the attachment :)), and look at View/Options and see the Internet Headers information. In Yahoo Mail, you can just expand the headers.

Hope this helps.

AVChap
 
Upvote 0 Downvote
Did you get anywhere with this? I didn't. I downloaded something called emailtrackerpro which was supposed to track back. Load of nonsense. It told me the originator was in Sweden, and told me where Sweden is. Terrific. Peter Meachem
peter@accuflight.com

Support Joanna's Bikeathon
 
Upvote 0 Downvote
This didn't quite work for me. We run Trend Micro's Interscan Viruswall, which basically allows us to forward all outgoing mail thru it to be scanned, and any incoming mail goes thru it to be scanned also. We're running Exchg5.5, with a mixture of Outlook and Outlook Express clients. When I look at the options on the emails all I'm seeing is either the Interscan server as the "From" or the machine that the user read the email. I've checked all of these machines and it appears as though they do not have the virus. Norton Corporate Edition is running on the workstations.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

shivajiboss
  • Locked
  • Question
I am getting a problem while opening up my windows
Replies
1
Views
152
2ffat
2ffat
Mike Lewis
  • Locked
  • Question
MsMpEng.EXE in MSE: necessary? desirable?
Replies
3
Views
162
Mike Lewis
Mike Lewis
2ffat
  • Locked
  • News
Audacity is Spyware?
Replies
2
Views
138
2ffat
2ffat
ChrisOfOz
  • Locked
  • Question
Lenovo startup problem please any ideas? 2
Replies
10
Views
334
Yoko Littner
Yoko Littner
iambob
  • Locked
  • Question
Avast Anti-Virus is.. a virus?! 3
Replies
5
Views
175
Oorde
Oorde

Part and Inventory Search

Sponsor

Back
Top