Have I acquired the klez virus?
Thread Starter
Join Date: Jan 2000
Location: Australia
Posts: 543
Likes: 0
Received 0 Likes
on
0 Posts
Have I acquired the klez virus?
I run Win 2000 and OE6. Yesterday I got two emails, both from the same address in Japan, advising me that Lotus Notes had detected that I had sent two individuals emails containing the KLEZ virus. Neither of the two individuals are in my address book, and both are also in Japan.
I run the free version of AVG6 antivirus, and the latest update available for that is 21 Aug. It doesn't find any viruses on my system. I've logged onto Symantec and downloaded both their fixklez tool and done a complete on-line scan - neither found any visuses.
However, if I go Start/Search/Files and Folders and write "klez" in the "containing text" field, every one of my directories in Outlook Express comes up as containing the offending word.
Question: do I have a new version of klez, or it it normal to find this word in every directory of OE?
Thanks in advance.
I run the free version of AVG6 antivirus, and the latest update available for that is 21 Aug. It doesn't find any viruses on my system. I've logged onto Symantec and downloaded both their fixklez tool and done a complete on-line scan - neither found any visuses.
However, if I go Start/Search/Files and Folders and write "klez" in the "containing text" field, every one of my directories in Outlook Express comes up as containing the offending word.
Question: do I have a new version of klez, or it it normal to find this word in every directory of OE?
Thanks in advance.
Join Date: Feb 2000
Location: [edited by PPRuNe Admin]
Posts: 776
Likes: 0
Received 0 Likes
on
0 Posts
This is the text from symantec.com/avcenter
this is the link
Due to a decreased rate of submissions, Symantec Security Response has downgraded the threat level for W32.Klez.E@mm from Category 3 to Category 2 as of July 23, 2002.
W32.Klez.E@mm is similar to W32.Klez.A@mm. It is a mass-mailing email worm that also attempts to copy itself to network shares. The worm uses random subject lines, message bodies, and attachment file names.
The worm exploits a vulnerability in Microsoft Outlook and Outlook Express in an attempt to execute itself when you open or even preview the message in which it is contained. Information and a patch for the vulnerability are available at http://www.microsoft.com/technet/sec.../MS01-020.asp.
The worm overwrites files and creates hidden copies of the originals. In addition, the worm drops the virus W32.Elkern.3587, which is similar to W32.ElKern.3326.
The worm attempts to disable some common antivirus products and has a payload which fills files with all zeroes.
Removal tool
Symantec has provided a tool to remove infections of all known variants of W32.Klez and W32.ElKern. Click here to obtain the tool.
This is the easiest way to remove these threats and should be tried first.
W32.Klez.E@mm is similar to W32.Klez.A@mm. It is a mass-mailing email worm that also attempts to copy itself to network shares. The worm uses random subject lines, message bodies, and attachment file names.
The worm exploits a vulnerability in Microsoft Outlook and Outlook Express in an attempt to execute itself when you open or even preview the message in which it is contained. Information and a patch for the vulnerability are available at http://www.microsoft.com/technet/sec.../MS01-020.asp.
The worm overwrites files and creates hidden copies of the originals. In addition, the worm drops the virus W32.Elkern.3587, which is similar to W32.ElKern.3326.
The worm attempts to disable some common antivirus products and has a payload which fills files with all zeroes.
Removal tool
Symantec has provided a tool to remove infections of all known variants of W32.Klez and W32.ElKern. Click here to obtain the tool.
This is the easiest way to remove these threats and should be tried first.
