possible virus?
Thread Starter
Join Date: Aug 2000
Location: formally Alamo battleground, now the crocodile with palm trees!
Posts: 965
Likes: 0
Received 0 Likes
on
0 Posts
possible virus?
I am puzzeled!
Starting a few days ago, I received various emails from friends and individuals unknown to me. Some email were titled "A special good tool" or "A excite game" or "Worm Klez.E Immunity" Most of those email are about 130k to 150k in size, with no attachments and carry one of the following messages:
or
Then, TODAY, I received an email from myself (my hotmail account) with the subject "Worm Klez.E ..."!!!
Has this occured to other ppruners, too? I am running (unfortunately) McAfee virus-scan. The database is up-to-date, according to the program.
Starting a few days ago, I received various emails from friends and individuals unknown to me. Some email were titled "A special good tool" or "A excite game" or "Worm Klez.E Immunity" Most of those email are about 130k to 150k in size, with no attachments and carry one of the following messages:
Klez.E is the most common world-wide spreading worm.It's very dangerous by corrupting your files.
Because of its very smart stealth and anti-anti-virus technic,most common AV software can't detect or clean it.
We developed this free immunity tool to defeat the malicious virus.
You only need to run this tool once,and then Klez will never come into your PC.
NOTE: Because this tool acts as a fake Klez to fool the real worm,some AV monitor maybe cry when you run it.
If so,Ignore the warning,and select 'continue'.
If you have any question,please mail to me.
Because of its very smart stealth and anti-anti-virus technic,most common AV software can't detect or clean it.
We developed this free immunity tool to defeat the malicious virus.
You only need to run this tool once,and then Klez will never come into your PC.
NOTE: Because this tool acts as a fake Klez to fool the real worm,some AV monitor maybe cry when you run it.
If so,Ignore the warning,and select 'continue'.
If you have any question,please mail to me.
This is a special excite game
This game is my first work.
You're the first player.
I hope you would enjoy it.
This game is my first work.
You're the first player.
I hope you would enjoy it.
Has this occured to other ppruners, too? I am running (unfortunately) McAfee virus-scan. The database is up-to-date, according to the program.
Join Date: Jun 2001
Location: Intentionally Left Blank
Posts: 382
Likes: 0
Received 0 Likes
on
0 Posts
Join Date: Oct 2001
Location: farrrr east
Posts: 263
Likes: 0
Received 0 Likes
on
0 Posts
A little more detailed
http://www.microsoft.com/technet/sec...n/ms01-020.asp
http://www3.ca.com/virus/virus.asp?ID=11779
Hope this is of some use...
http://www.microsoft.com/technet/sec...n/ms01-020.asp
http://www3.ca.com/virus/virus.asp?ID=11779
Hope this is of some use...
Join Date: Mar 2000
Location: Bothell WA
Posts: 2,809
Likes: 0
Received 0 Likes
on
0 Posts
I have had over a dozen of the klez.h viruses sent to me and Norton has caught them when I was downloading my mail. This virus is everywhere. One day I had five of them.
http://www.symantec.com/avcenter/[email protected]
http://www.symantec.com/avcenter/[email protected]
Join Date: May 2002
Location: Australia
Posts: 2,242
Likes: 0
Received 0 Likes
on
0 Posts
Curious
I have received a lot of emails from various people, many I don't know. They have no text or attachment and there is a message at the top which says, "This HTML message contained script which Outlook would not allow" (Outlook 2002, that is).
I am using Norton AV 2002 so does this message mean that Outlook has got to the message and disabled the harmfull parts before Norton, as Norton does not declare a virus being found?
I am using Norton AV 2002 so does this message mean that Outlook has got to the message and disabled the harmfull parts before Norton, as Norton does not declare a virus being found?
Aisleman
Just Binos
Join Date: Oct 2000
Location: Mackay, Australia
Age: 71
Posts: 1,397
Likes: 0
Received 0 Likes
on
0 Posts
If there's anybody out there using a Computer Associates anti-virus (I use Etrust EZ Antivirus) and is going through the Klez.H business, perhaps you can answer a question I can't get answered from the company or their website.
I get at least one, sometimes two emails a day with the Klez virus attached. The E-Trust warning notice finishes with "Not restored". I have taken this to mean the virus is not automatically disabled, and when I do a scan of the Windows Temp folder, sure enough, the virus is detected and deleted. Why doesn't the program just delete the bloody thing from my email instead of making me go and delete it? Am I misinterpreting this? Do Norton and McAfee delete it automatically?
I am very careful with who I give my my personal email address to, and I don't know whether I'm getting it from somebody in whose address book I reside or whether it's from an infected site I visited (?). Either way, am I correct in assuming the only way I will stop receiving these irritations is to change my email address?
Signed,
Frustrated.
I get at least one, sometimes two emails a day with the Klez virus attached. The E-Trust warning notice finishes with "Not restored". I have taken this to mean the virus is not automatically disabled, and when I do a scan of the Windows Temp folder, sure enough, the virus is detected and deleted. Why doesn't the program just delete the bloody thing from my email instead of making me go and delete it? Am I misinterpreting this? Do Norton and McAfee delete it automatically?
I am very careful with who I give my my personal email address to, and I don't know whether I'm getting it from somebody in whose address book I reside or whether it's from an infected site I visited (?). Either way, am I correct in assuming the only way I will stop receiving these irritations is to change my email address?
Signed,
Frustrated.
Per Ardua ad Astraeus
Join Date: Mar 2000
Location: UK
Posts: 18,579
Likes: 0
Received 0 Likes
on
0 Posts
I use CA EZAntivirus, bino. It catches them all! As a fairly 'public' email address, I, along with most of the moderators, average about 5-10 a day!
Have a look through the Options Wizard and make sure you have set the right actions.
After it has cleaned the Klez files it leaves a 'klez dropper' file in the temp directory. I have checked with CA and this is OK.
Even changing your email address will not help. The virus scans the infected machine for anything with an @, assumes it is an email address and sends itself to that. Unless NO-ONE has your address on their machine(!) you will not avoid it.
Have a look through the Options Wizard and make sure you have set the right actions.
After it has cleaned the Klez files it leaves a 'klez dropper' file in the temp directory. I have checked with CA and this is OK.
Even changing your email address will not help. The virus scans the infected machine for anything with an @, assumes it is an email address and sends itself to that. Unless NO-ONE has your address on their machine(!) you will not avoid it.
Moderator
Join Date: Feb 1998
Location: Europe
Posts: 3,051
Likes: 0
Received 0 Likes
on
0 Posts
Hesitant to post among the PC-literati, but if you're not sure if your system is infected, have a look at this page. Near the bottom of the page there is a link to a free online virus scanner.
I run PC-cillin always, and it often springs into action while I'm on the net.
Their scanner has detected the KLEZ nasty in the PCs of many of my friends; it also declared our PC virus free.
I currently recieve about 10 mails a day to my Outlook Express containing the KLEZ, but Norton dutifully warns and I dutifully delete.
So far so good.
I run PC-cillin always, and it often springs into action while I'm on the net.
Their scanner has detected the KLEZ nasty in the PCs of many of my friends; it also declared our PC virus free.
I currently recieve about 10 mails a day to my Outlook Express containing the KLEZ, but Norton dutifully warns and I dutifully delete.
So far so good.
Join Date: Mar 2001
Location: Florida, USA
Posts: 632
Likes: 0
Received 0 Likes
on
0 Posts
I received the critter twice today (first time, for me).
Both times, Norton stopped it at the gates, but couldn't fix it.
Flagged it to me as "unrepairable" and stuffed it into quarantine - from where it was deleted.
Both e-mails came with "national helicopters.com" address. The e-mail title said "*****, Try again" (***** was my own e-mail name). I have never written to this company, nor had anything esle from them.
Both times, Norton stopped it at the gates, but couldn't fix it.
Flagged it to me as "unrepairable" and stuffed it into quarantine - from where it was deleted.
Both e-mails came with "national helicopters.com" address. The e-mail title said "*****, Try again" (***** was my own e-mail name). I have never written to this company, nor had anything esle from them.
Thread Starter
Join Date: Aug 2000
Location: formally Alamo battleground, now the crocodile with palm trees!
Posts: 965
Likes: 0
Received 0 Likes
on
0 Posts
Thank you all for your replies. It might be interesting to point out that McAfee doesn't display any notice whenever I open Klez-suspected emails. Thinking that my system had to be hopelessly infected, I ran the Norton Klez removal tool, but nothing could be found. I guess it's ...
... to be continued!
7 7 7 7
... to be continued!
7 7 7 7
