ANother Virus!!

[Chuck Leeper]

Just got a virus ID'D by NORTON.. The program could not fix it, but quarantened it.
It's called, like the last 1 we discussed "w32.klez.H@mm
Here's the screen i got when detailing the sender: Anybody recognize it?
Return-Path: <delly@interlog.com>
Received: from cmsoutbound.mx.net ([165.212.11.2])
by imf17bis.bellsouth.net
(InterMail vM.5.01.04.19 201-253-122-122-119-20020516) with SMTP
id <20020714073140.JUSU22515.imf17bis.bellsouth.net@cmsoutbound.mx.net>
for <codymspt@bellsouth.net>; Sun, 14 Jul 2002 03:31:40 -0400
Received: from cmsmail06.cms.usa.net (HELO cmsoutbound.mx.net) (165.212.10.6)
by cmsoutbound.mx.net with SMTP; 14 Jul 2002 07:29:47 -0000
Received: from cmsmail06.cms.usa.net [127.0.0.1] by cmsmail06.cms.usa.net via mtad (CM.0402.2.02C)
with ESMTP id 493ggNHED0908M06; Sun, 14 Jul 2002 07:30:05 GMT
Return-Path: <delly@interlog.com>
Received: from app6.nasc.inter.net [203.176.60.253] by cmsmail06.cms.usa.net via smtad (ES.0801);
Sun, 14 Jul 2002 07:30:03 GMT
Received: from ip7.ontario64.as5800.psi.ca ([154.5.231.7] helo=Fapp)
by app6.nasc.inter.net with smtp (Exim 3.34 #1)
id 17Tdon-0001E0-00
for codymotorsports@usa.net; Sun, 14 Jul 2002 03:29:22 -0400
From: tom <tom@performanceinstruments.com>
To: codymotorsports@usa.net

I have now deleted it.
BTW.. It had an attached file of 28kb.
Can anyone tell anything about this from the above??
TIA,

 

[tom h]

Although the infected email would appear to come from a delly@interlog.com, in fact this can be faked and it could've come from anyone who simply HAS delly@interlog.com on their Contact List or Address List. So this infected email could have come from friends or associates of delly@interlog.com.

See http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.h@mm.html for more info.

Email:
This worm searches the Windows address book, the ICQ database, and local files for email addresses. The worm sends an email message to these addresses with itself as an attachment. The worm contains its own SMTP engine and attempts to guess at available SMTP servers. For example, if the worm encounters the address user @abc123.com it will attempt to send email via the server smtp.abc123.com.

The subject line, message bodies, and attachment file names are random. The From address is randomly-chosen from email addresses that the worm finds on the infected computer.

If you have any concerns at all whether you have a Klez virus yourself, Symantec/Norton has a specialized removal tool for downlaod at: http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.removal.tool.html

Be sure to run the removal tool from within SAFE mode, as outlined in the instructions.

 

[The Radius Kid]

Chuck,that web address is for a friend of mine.You just got it?She probably doesn't realize she's got it.A couple of my friends up here have viruses and didn't even know it.Of course lately,I've received e-mails from people I haven't even heard of,and yup,they're infected.It's an e-mail virus thing you know.

 

[Joe 1320]

This Klez worm has been going around for at least 3 months that I know of. It took out our corporate office computers before anyone realized we had it.

 

[Sleeper]

Chuck
delly@interlog.com is my address. I got hit with the virus last week. It managed to get through my Antivirus software and infect my address book as well as mess up my hard drive. I just got back up running today. It looks like these virus attacks make it a need to constantly update your antivirus software. (Obviously for me, more than monthly )

Sorry for the inconvienience this has caused anybody. (I thought I was safe)

 

[Lee_Burough]

Chuck,

A fellow board member, in another thread, posted this website for a FREE, anonymous search of your computer and an automatic kill of the KLEZ variant: http://housecall.antivirus.com/housecall/start_corp.asp

Also, be advised that a Free e-mail account at hotmail may protect you from future virus infections via e-mail: Hotmail.com filters e-mail attachments (McAfee anitvirus) before they get to your computer, the attachment spreads the KLEZ variants.

Good Luck!

 

[Chuck Leeper]

VIRUS?/

My NORTON system is on 100% of the time that the puter is on. It looks at everything and asks for permission.. Even if I permit, it still checks. I get my mail at USA.net.. Don't know for sure if they filter it. NORTON caught it, so I didn't get had!
Sleeper, I agree!! once a month to scan AIN'T gonna get it!! like I said, NORTON WORKS!! Mine is automatic, same time everyday. It also has a bunch of other programs that check disc corruption, space allotment, shortcut errors, etc.. Go to www.symantec.com.
They have alot of stuff there and some good discount deals too.

 

[tom h]

Agree with Chuck--

The basic Symantec/Norton 2002 virus checker is $30-40, depending where you buy it. Its default setup is to automatically & periodically "phone home" to Symantec & keep it's Virus Definition files updated, and can also be set to atomatically run full PC scans on a schedule. The update service lasts for a year, and then can be renewed for about $10.

Not having a good up-to-date virus checker installed is playing with matches and gasoline ... it's WHEN, not IF, it will blow up on you ...

 

[Robert]

Gotta jump on the band wagon here with Tom H & Chuck. GET NORTON ANTIVIRUS!!!!! I've been getting hit with that damned virus 2/3 times a day!! Norton has caught'em all. TAZ

 

[The Radius Kid]

Oops,looks like I read my address book wrong.Oh well. My MacAfee does catch the viruses though[I delete the massages].To bad the darned program can't load itself at startup like the original version[I downloaded this one].

 

[FlyinGN]

yep me too. I get it about 5 times a day and Notron sends it to quatentine every time

 

[motorhead]

Originally posted by The Radius Kid
Oops,looks like I read my address book wrong.Oh well. My MacAfee does catch the viruses though[I delete the massages].To bad the darned program can't load itself at startup like the original version[I downloaded this one].

Yeah, Paul isn't much of a she.

Look in the lounge... there is a thread requesting help for Paul... Todd hooked us up with an FTPable file that killed the virus on Paul's computer.

HTH,