|
Author
|
Topic: Email virus going around?!?
|
Jim Smith
Member From: Plano, TX, USA
|
posted 23 April 2002 06:44 AM
profile
For the last few days, I've been getting empty emails from various Forum members with subjects such as "Specialty Web Network", "Hi,sos!", "A powful tool", etc. I've also received emails from members saying that I have sent similar empty emails.Complete virus scans on my computer and at least one other member's computer show no viruses, and my Sent folder doesn't show that I have sent any of these emails. Is anyone else having this problem or has anyone heard of this virus and what we can do to stop it? |
Mark Ardito
Member From: Chicago, IL, USA
|
posted 23 April 2002 07:21 AM
profile
Jim,This is the W32.klez.h@MM virus. I just spent 2 days at a company removing this virus from 30 machines. It is a real bear if the payload is executed. The most common side effect of this virus is it renames your .exe program files. For example at this company I went to, it renamed the .exe files for Norton Anti-Virus to a random named file, and also renamed their QuickBooks.exe file to a random name. If the virus is on your machine, more than likely you will not be able to open your virus scan, but that is not always the case. First and foremost...Download the latest virus definition file for your virus scanner. If you don't know how to do this please email me off the forum and I can walk you through it. Then do a scan and it should pick the virus. If you can't open your virus scan application, please view the following link for instructions on how to manually remove this virus.
http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.h@mm.html  WARNING* The manual removal of this virus is a little tricky and I would only recommend it if you are comfortable with the Operating System and have edited the Registry before. If anyone is having problems with this virus you can contact me via email and I will set something up to help you out, be it a phone call or a email. Thanks,
Mark
|
Jim Smith
Member From: Plano, TX, USA
|
posted 23 April 2002 08:25 AM
profile
Thanks Mark.  Luckily my virus definitions are up to date and the full system scan I performed this morning shows nothing. I don't have any of the registry values or renamed files that your link describes either.Hopefully this will be a wakeup call to all Forum members to update their virus definitions and run a full system scan. At a minimum, they should run the detection tool provided at your link. |
Jim Smith
Member From: Plano, TX, USA
|
posted 23 April 2002 08:46 AM
profile
Update: I just received an email from a Forum member with the subject "A humour game" containing the virus itself as an attachment. Norton caught it and I have sent an email referring him to this thread. |
Joe Delaronde
Member From: Selkirk, Manitoba, Canada
|
posted 23 April 2002 02:02 PM
profile
Mark
My virus detector, Norton, got it, but could only quaranteen it. Can I safely delete it from the quaranteen file????
Thanks
Joe
|
Jim Smith
Member From: Plano, TX, USA
|
posted 23 April 2002 02:06 PM
profile
I say yes, delete them. Now that I've posted about this virus, it seems that I'm getting more of them, I'd guess 5 or 6 today alone!  [This message was edited by Jim Smith on 23 April 2002 at 02:11 PM.] |
Gene Jones
Member From: Oklahoma City, OK USA
|
posted 23 April 2002 04:35 PM
profile
*[This message was edited by Gene Jones on 01 May 2002 at 04:28 PM.] |
Jim Smith
Member From: Plano, TX, USA
|
posted 23 April 2002 06:07 PM
profile
Once deleted, it's no longer on your computer so it can't do any harm. The only reason I can see to quarantine the virus would be so you could send it to Norton for analysis. Since their software detected it in the first place, I see no need for that. |
Mark Ardito
Member From: Chicago, IL, USA
|
posted 23 April 2002 06:49 PM
profile
Joe,Yes, go ahead and delete them that are in your quarentine. I recommend running all of your applications and see if all the .exe files run ok. If any of you guys are having issues with any application, give me a email and I can walk you through it. Mark
|
Mark Ardito
Member From: Chicago, IL, USA
|
posted 23 April 2002 06:50 PM
profile
I also recommend if you are using Outlook or Outlook Express as your email client to turn off the preview option and also turn off, 'Launch attachments in the preview window'.If you don't know how to do this, let me know. Mark
|
Bobby Boggs
Member From: Pendleton SC
|
posted 24 April 2002 05:23 PM
profile
I've received about ten in the last 2 hours. [This message was edited by Bobby Boggs on 24 April 2002 at 05:24 PM.] |
Bobby Boggs
Member From: Pendleton SC
|
posted 24 April 2002 05:30 PM
profile
Another thing.These E-mails take forever to down load yet are always empty.Whazup with that? |
Joe Delaronde
Member From: Selkirk, Manitoba, Canada
|
posted 24 April 2002 10:45 PM
profile
Mark
Your email don't work.
Joe |
erik
Member From:
|
posted 25 April 2002 03:09 AM
profile
My Outlook Express doesn't allow me to deselect the preview pane. Anyone know why this is? I really thought at one time i could. I have reistalled my O.S. many times. Is it possible this option did not load during the last install? |
Mark Ardito
Member From: Chicago, IL, USA
|
posted 25 April 2002 09:26 AM
profile
Hey guys,Sorry, when @home went under I got a new email address and forgot to change my profile on the forum.  Send all emails to markardito@attbi.com Thanks!
Mark
|
Mark Ardito
Member From: Chicago, IL, USA
|
posted 25 April 2002 09:30 AM
profile
Erik,In Outlook Express, go to the 'View' menu and then scroll down to 'Layout'. Then select 'Layout' and take the check mark out of "Show Preview Pane". Click 'Apply' and then 'OK'. Done! Mark
|
erik
Member From:
|
posted 25 April 2002 02:56 PM
profile
Mark, what i'm saying is, when i go to layout the area for the preview pane is shaded, not active. I can neither check or uncheck. |
Wayne Brown
Member From: Strathmore, Alberta, Canada
|
posted 25 April 2002 04:00 PM
profile
TO LATE i got hit and hard....anybody from the forum i now have a different email for me as i went down hard ...still repairing...if anybody got a virus from me ...i'm sorry ....joe...keep the addy you got that is my private one now i'm updated and fixed but still installing
thanks
wayne brown
c/o out west pac-seats[This message was edited by Wayne Brown on 25 April 2002 at 04:01 PM.]
|
Wayne Brown
Member From: Strathmore, Alberta, Canada
|
posted 25 April 2002 07:46 PM
profile
all fixed  |
Jim Smith
Member From: Plano, TX, USA
|
posted 26 April 2002 09:53 AM
profile
I got this in my work email today: Klez worm rating upgraded as spread continues The W32.Klez worm and its variants are still loose in the wild more than a week after the latest variant was discovered, moving antivirus software vendor Symantec Corp. to upgrade it to a "level 4 virus threat" on its danger scale of five.
http://computerworld.com/nlt/1%2C3590%2CNAV47_STO70574_NLTAM%2C00.html [This message was edited by Jim Smith on 26 April 2002 at 09:55 AM.] |
Janice Brooks
Moderator From: Pleasant Gap Pa
|
posted 26 April 2002 05:25 PM
profile
Message received through Joey Ace with subject LanguagesReturn-Path:
Received: from rly-xd05.mx.aol.com (rly-xd05.mail.aol.com [172.20.105.170]) by air-xd03.mail.aol.com (v84.16) with ESMTP id MAILINXD34-0426124108; Fri, 26 Apr 2002 12:41:08 -0400
Received: from out016.verizon.net (out016pub.verizon.net [206.46.170.92]) by rly-xd05.mx.aol.com (v84.10) with ESMTP id MAILRELAYINXD57-0426124037; Fri, 26 Apr 2002 12:40:37 -0400
Received: from Vsosofue ([24.55.174.97]) by out016.verizon.net
(InterMail vM.5.01.04.05 201-253-122-122-105-20011231) with SMTP
id <20020426164023.IYXZ8115.out016.verizon.net@Vsosofue>
for ; Fri, 26 Apr 2002 11:40:23 -0500
From: joeyace
To: busgal58jb@aol.com
Subject: Language
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary=Zi0B1iyX9O1u
Message-Id: <20020426164023.IYXZ8115.out016.verizon.net@Vsosofue>
Date: Fri, 26 Apr 2002 11:40:32 -0500
------------------
Janice "Busgal" Brooks
ICQ 44729047
|
Joey Ace
Sysop From: Southern Ontario, Canada
|
posted 26 April 2002 05:42 PM
profile
My computer did not send you that message, Janice. I suspect my email address was "spoofed".
That means someone else had my name and email address in their Addr Book. They got infected and it sent emails out with my name.There's a free removal tool for this virus at Symantec http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.removal.tool.html I keep protected with Norton AV and DO NOT open attachments. Just to be sure, I downloaded and ran the tool in the above link. After about 30 min of examining my system it reported I had no infected files. Per their instructions, I ran it again. Still OK.
I suggest you do the same. I regularly get attachments from suspicious addresses. The best advice is
Do Not Open Any Attachments. Hope you're OK.
-j0ey-[This message was edited by Joey Ace on 26 April 2002 at 05:47 PM.]
|
Colin Goss
Member From: St.Brelade, Island of Jersey, Channel Islands, UK
|
posted 27 April 2002 12:37 AM
profile
I recommend that you consider using Zonealarm, a free firewall program that automatically renames all attachments before giving you the option of whether to run them or not. This prevents the nasties getting through.Then use AVG virus checker from Grisoft - also free, Finally use Mailwasher (mailwasher.net) also free to get rid of spam. |
Joey Ace
Sysop From: Southern Ontario, Canada
|
posted 27 April 2002 04:11 AM
profile
What's the advantage of renaming attachments, Colin?Isn't a bug by any other name still a bug? |
KENNY FORBESS
Member From: peckerwood point, w. tn.
|
posted 27 April 2002 08:45 AM
profile
I recieved an e-mail this morning from an unidentified source,"a very Humorous Game", with an attachment.
I ran Norton,and no virus was found.I did not recognize the addressee.
I deleted the e-mail immediately.
could this have been one of the ones everyone is getting ?
kf
|
Jon Light
Member From: Brooklyn, NY
|
posted 27 April 2002 09:59 AM
profile
I believe that I read that one of the features of this virus is its adaptability and its ability to change names. So beware of more than just the familiar, listed names. Yes, it is wise to nix anything unfamiliar, anything unexpected, and frankly, anything even from familiar sources unless you were expecting them to send you an attachment. |
Erv Niehaus
Member From: Litchfield, MN, USA
|
posted 27 April 2002 11:30 AM
profile
My computer was infected a while ago. Whenever I tried to click on an icon, they started to dance all over the monitor. I checked around and was advised to install PC-cillin. You can access the program at www.antivirus.com. It found 27 files on my computer that had viruses in them and then quarantined them. The people at PC-cillin are constantly updating their program over the internet and downloading their virus protection to my computer. I feel quite secure now!
Uff-Da! |
Ron Whitworth
Member From: Yuma,Ariz. USA
|
posted 30 April 2002 06:09 PM
profile
Hi All;
I found out yesterday that i was also infected with this terrible virus on my computer..If anyone got this virus from me i am VERY SORRY.As we all know usually once you are hit with a virus it goes theu your address book & gets everyone you have had email contact with.
I went to my local Staples store to purchase The Norton Anti-Virus program..Went over to ask the store manager a few questions about a computer-he saw the program in my hand i was fixing to buy..He asked why so i told him my computer was infected with a virus.He said put it back on the shelf & he gave me a website to download a "trial" version of a program that would take care of the problem.I got back home & downloaded this program & ran it on my 'puter.It found & said it had fixed all the problems.I noticed my 'puter was still running very slow on the internet.So after reading this post; i went to symtac.com & downloaded the virus fix & ran it.Guess what??-it found 28 more infected files on my 'puter & deleted them automatically.I am now back up to normal cruising speed.
THANKS guys for all your help!!!!! Ron |
Wayne Brown
Member From: Strathmore, Alberta, Canada
|
posted 01 May 2002 04:08 AM
profile
i just want 10 min. in a locked room with the person who invented this virus...just 10 min....thats all  that virus cost me over 1000 dollars [This message was edited by Wayne Brown on 01 May 2002 at 04:10 AM.] |
Jim Phelps
Member From: just out of Mexico City
|
posted 01 May 2002 07:43 AM
profile
Ron, I'm sure that Staples employee thought he was doing you a favor by saving you the 20 bucks or so from buying Norton, BUT - remember that trial version is going to expire very quickly and viruses keep coming out every day. If you'd just gone ahead and bought it, you'd have free online updates and they update the virus data files about every 3 days. My bandleader had Norton anti-virus too and thought she was safe. Of course she never got the updated virus .dat files. When I ran (updated) Norton antivirus on her computer, it had 4 different viruses, infecting 394 files! Now she gets the updates once a week.All of you who are using a trial version or any kind of anti-virus software that isn't constantly updated are having a false sense of security. It may have done a great job of cleaning the virus off your computer, but what about the next new virus? C'mon guys, this is not the time to be cheap! Isn't your computer and all your data stored in it worth 20 bucks? After spending $1000 I'm sure Wayne thinks so! If I may make a suggestion, whatever anti-virus method you're using, be sure you get the updates at least once a week. If you're not, then you're setting yourself up for another virus attack.[This message was edited by Jim Phelps on 01 May 2002 at 07:50 AM.] |
Jeff Agnew
Member From: Dallas, TX
|
posted 01 May 2002 07:49 AM
profile
quote:
What's the advantage of renaming attachments, Colin?Isn't a bug by any other name still a bug?
To the point, Zone Alarm doesn't rename the file titles, it renames the file extension. On Windoze and UNIX boxes, this prevents a file from launching the associated executable or script action. For example, a file named "BadBoy.wsh" would normally launch the Windows Scripting Host. Renaming it to "BadBoy.xxx" would prevent it from launching by double-clicking. This is the technique Zone Alarm employs. I'm not on Windoze at the moment and I can't remember the actual extension ZA uses, but it starts with "z" and contains a number. ZA doesn't rename all attachments, just those meeting its guidelines for suspicious files. Also, as an aside, you should delete Windows Scripting Host from your machine. Unless you're coding in Visual Basic, you don't need it. And if for some reason you find out later you do need it, you can restore it easily. WSH is a security hole large enough to drive a truck through. To delete it: - Select Start/Control Panels.
- Double-click Add/Remove Programs.
- Click the Windows Setup tab. A list of installed components displays.
- Click Accessories to highlight it.
- Click the Details... button.
- Scroll down to locate Windows Scripting Host.
- Click the checkbox to de-select WSH.
- Click OK to save your change and close the window.
- Click OK again to apply the change and close the control panel.
To restore WSH, simply reverse the procedure by enabling its checkbox in the Add/Remove Programs control panel.[This message was edited by Jeff Agnew on 01 May 2002 at 07:49 AM.] |
Mark Ardito
Member From: Chicago, IL, USA
|
posted 01 May 2002 08:26 AM
profile
Ron,Run, don't walk, back to Staples and purchase that copy of Norton Antivirus version 2002. It will be the best $20 you spent on your computer. Mark
|
Ron Whitworth
Member From: Yuma,Ariz. USA
|
posted 01 May 2002 08:00 PM
profile
Hi Jim & Mark;
I appreciate your advice very much but i do have a problem with it.A little over a year ago(maybe 1&1/2yrs ago) i purchased the
Norton Systemworks(was expensive when it 1st came out too).I installed it on my computer & my computer crashed more in the next 2 months than in all the years i have owned home computers!!!..It absolutely drove me crazy!!.I finally just took the whole program completely off & my computer has NOT crashed since..I have asked some guys i know who are much more computer savvy than myself what happened & they all told me you need to "throttle the Norton program back some"..
Whatever that means you got me..So it is not an issue of money for an anti-virus program for me-it is ALL of the headaches that were created when i installed that program-it was a NIGHTMARE!!..I thought of selling the program but i can't do that to anyone else..Also; the anti-virus program that i saw on the shelf at Staples were in the price range of $49 & up..Tell me which is the BEST anti-virus program out there that will do the job & NOT mess my computer up & i will go buy it..Let me hear from you folks.
Thanks ....Ron |
Jim Phelps
Member From: just out of Mexico City
|
posted 01 May 2002 10:53 PM
profile
Well Ron, I'm pretty sure I don't have the credentials that Mark has, but I did have some training and did tech-support for Dell for a while and I've never heard of anyone having a problem with Norton Antivirus. That was the one recommended (unofficially, of course) by all the most knowledgable guys there, I've used it for years, recommended it to many friends and family who've yet to tell me of any problems. As for Norton SystemWorks, I've never used it and can't tell you why you had the problems you had. Is the computer you're using now the same one as the one that had all the problems with it? Most often the problematic software is just mis-configured, or may be conflicting with other software installed in the computer. Sometimes there are some computers that for some reason no one can figure, will have all kinds of problems with certain software, maybe conflicting with a device driver. In that case, all you can do is live with it, or uninstall the problematic software, or start uninstalling software and/or devices until the problem is gone, and of course this is really not practical unless you really MUST use that problem-causing software. Anyway, I'd strongly suspect that your Norton SystemWorks was either misconfigured or possibly conflicting with other software. Maybe Mark can shed more light on it. |
Jon Light
Member From: Brooklyn, NY
|
posted 02 May 2002 02:48 AM
profile
If your program included Crash Guard (I think it was called), I pretty quickly ditched that part of it. It caused more crashes than it prevented--consistent with many things I read about it. I would suggest re-installing just the AV part of the package. Unless, of course, you are convinced that it was the AV itself that was the problem. |
Jeff Agnew
Member From: Dallas, TX
|
posted 02 May 2002 06:15 AM
profile
quote:
they all told me you need to "throttle the Norton program back some"..
Norton products usually attempt to be all things to all people. As such, they are widely considered in the industry to be bloated and resource hogs. As Jon noted, Crash Guard is a notoriously unstable component and most techies suggest uninstalling it. When they speak of "throttling Norton back" they are referring to removing all but the most stable and necessary components. You can do this with your installation CD. You really only need Disk Doctor. Others can run from CD, such as Speed Disk. The problem with SystemWorks is that if you also use Norton AntiVirus it tries to integrate that under the same common controls, as well. One of the best-performing AV programs available is Kaspersky Antivirus. It updates your virus definitions *daily*. My only complaint is that renewing the license annually is expensive. Also, the interface is a bit obtuse. You might give AVG a try on your system. It's reasonably lean on system resources, has an intuitive, simple interface, is updated with definitions regularly, and the company will optionally send you a warning e-mail when a nasty virus is making the rounds (like Klez recently). Best of all, it's free. |
Mark Ardito
Member From: Chicago, IL, USA
|
posted 02 May 2002 07:26 AM
profile
Hey guys,I have tried those Norton System products and have not liked them very much. I have come to the conclusion that sometimes they do more harm than good. I still use good old "Disk Defrag" and "Scan Disk" from windows. For machines that I have Win98/95 and Me I use a program called spinrite from Steve Gibson. http://www.grc.com The only downfall about spinrite is that on a 20GB hard drive it will take around 28 hours!!!! Yep that's right, 28 hours!!! Here are the pro's and con's of the Antivirus Software I have found. McAfee - You purchase version 6.x and as long as you register your copy, you get a lifetime subscription of updates. It also AUTOMATICALLY updates while you are connected to the internet. You don't even know it is happening. Norton Antivirus - You purchase version 2002 and if you register your copy you only get a 1 year subscription to updates. You will have to submit a credit card to renew your subscription. PLEASE NOTE - I am not sure that Norton 2002 has this 1 year subscription thing. I know 2001 did. Maybe some Norton 2002 users can step in here. Norton 2002 is VERY user friendly. McAfee is not so 'nice' looking and sometimes leaves you guessing what you should do. Where as Norton pretty much holds you by the hand. Both of them are very reputable companies who have excellent products. Steve Feldmen has brought to my attention a product called "PC - Cillin" I am not familiar with it, but he likes their AntiVirus program. I use McAfee, but I would recommend Norton for someone who feels uneasy with some computer decissions. Mark |
Erv Niehaus
Member From: Litchfield, MN, USA
|
posted 02 May 2002 07:59 AM
profile
PC-cillin came highly recommended to me. I bought it and have not been disappointed in the least. If you care to check it out go to www.antivirus.com
Uff-Da! |
b0b
Sysop From: Cloverdale, California, USA
|
posted 02 May 2002 08:14 AM
profile
One feature of the worm confuses a lot of people: quote:
The subject line, message bodies, and attachment file names are random. The From address is randomly-chosen from email addresses that the worm finds on the infected computer.
In other words, the "From" address is a lie.I've been getting emails from people saying that they couldn't run the attachment I sent them. I am not infected, and I never sent them anything! Lately about 20% of my inbox is this virus. I'm in a lot of address books! ------------------
 Bobby Lee
-b0b- quasar@b0b.com
-System Administrator[This message was edited by b0b on 02 May 2002 at 08:15 AM.] |
Dan Dowd
Member From: Paducah,KY
|
posted 02 May 2002 03:29 PM
profile
I have got the k virus every day for the pasr week. The last one said: From canada411[This message was edited by Dan Dowd on 02 May 2002 at 03:30 PM.] |
The Steel Guitar Forum
