I'm a bit thick when it comes to this sort of thing, I've been getting mail saying that things I have never sent to people I've never heard of are returned and contain the KLEZ virus. I got the stuff from Symantec, ran it through twice and it said my computer didn't have it. I never open attachments.

I always check my mail on the server website before downoading and get a few on there that are dated "1 Jan 1970" yeah right, usually with an attachment of about 250kb. Is this Klez? I always delete these and other spam at the server.

Am I missing something?

Sounds like your procedures are good and you've nothing to reproach yourself for. It's likely that these e-mails coming in are themselves Spam and can happily be disregarded.

But be careful if you're on ME or XP. I had a bug in the Restore cache that was detected by McAfee but I couldn't figure out how to delete the corrupted files because they were protected. I went the long way round in the end and booted with the recovery disk to a Command prompt and got rid of them that way.

What seems certain is that your address has been "harvested" (like mine) and is now being circulated amonst the low-life who like to waste their lives thinking up new ways to send Spam.

Klez is much smaller than 250 KB normally. But I suppose that it can be packaged in any size the perpetrators want. The minimum size of those I've received would be in the 10-20KB region.

Well sort of, fobotsco. The Klez virus does indeed harvest email adresses from the infected system. But it then uses them as spoofed 'from' addresses while trying to propagate itself. In other words, CFI just happened to be in the address book of someone else who IS infected.

To unitiated recipients, it appears that CFI has sent them the virus attachment when in fact it came from the (other) infected system. These complaints are not spam, just people reacting without knowing what's going on. You'll probably get some 'undeliverable mail' messages too. There's nothing you can do, the good news being that this is likely a one-shot and the 'noise' should go away in a couple of days.

As a courtesy you might want to reply to those who complained, explaining what Klez is and what it does (assuming you only got a few complaints - most folks nowadays protect themselves and/or recognize dodgy attachments). Point them to Symantec's Klez page.

Indeed PT, I wasn't implying that it was Klez that did the "harvesting". As you say, ones' e-mail address can be gathered from many sources and one of the favourites is other folks' address books.

I also get spammed a lot by senders using the scattergun approach using incremental alphabetical variations. They're fiendishly cunning these Chinese (and Taiwanese, and Koreans and Ukranians and...)

My son and I both potentially had the klez virus sent to us. Both were spotted by Norton, even when we were just deleting them from the server, without having downloaded them, using mailwasher - which is pretty good.

As a heads-up, they were both in mail supposedly from big'at'boss.com

fobotsco - you have to disable the restore function I think before you can scan and clean up the restore files, or had you done that?

Charlie Foxtrot India,

Some viruses as part of their payload, they disable the virus scanner on your computer. If you ever have any doubt your virus scanner is working, run one of the free online scans. The one I usually use is:

Trend Micro's free online virus scanner Housecall (http://housecall.trendmicro.com/)

If you need a program to get rid of the spam, I personally recommend:

Fire Trust's Mailwasher Pro (http://www.firetrust.com/products/mailwasherpro/?PHPSESSID=507795adfaf76d87ad5b784d088e937d)

Not only does it block the spam on your server before you download it, but it even bounces the mail back to them as undeliverable. You will get great joy out of sending their junk right back to them. ;) [One word of caution, if you try the program you will get addicted to it!]

Take Care,

Capt. Richard J. Gentil, Pres.
Naples Air Center, Inc.
Custom Computers of Naples, Inc.

Thanks everyone for your words of wisdom.

Got another one dated "1 Jan 1970" today, pretending to be some sort of anti-klez thing, a .scr file, saying download this and it will clean Klez up, yeah right!!:=