Virus/W32.Klez.H@mm
12-21-2002, 05:04 PM
#1
Team Owner
Thread Starter
Virus/W32.Klez.H@mm
Has anyone picked this up? I received it by e-mail once from NCRS and several times also in the two weeks or so. I wonder if some spam agency is picking up e-mail addresses from here at the Forum. Norton quarantines it but it is annoying.
12-21-2002, 05:09 PM
#2
Le Mans Master
Member Since: Aug 2000
Location: Semper ubi, sub ubi
Posts: 9,662
Likes: 0
Received 6 Likes
on
6 Posts
Cruise-In VI Veteran
Cruise-In VII Veteran
Re: Virus/W32.Klez.H@mm (paul79)
Yeah Paul, I got it a couple of different times last year, once from another forum member. It took me several mailings to him to convince him that he actually had a CTD. :D Norton handles it well, but you are right it is a PITA.
12-21-2002, 05:10 PM
#3
Burning Brakes
Member Since: May 2001
Location: spring city pa
Posts: 1,102
Likes: 0
Received 0 Likes
on
0 Posts
Re: Virus/W32.Klez.H@mm (paul79)
My norton has isolated 28 infected items over the last 4 weeks . I think it is a pretty common occurence anymore . And a bit annoying !
Geo :iagree:
Geo :iagree:
12-21-2002, 05:53 PM
#7
Race Director
Re: Virus/W32.Klez.H@mm (patsnitrovette)
I just recently changed email addys. This has stopped alot of the junk email I was getting. So far so good with the new email addy.
12-21-2002, 06:12 PM
#8
Re: Virus/W32.Klez.H@mm (Eddie 96)
Klez doesn't come from whom it says it does. It chooses another entry from the infected computer's address book and says that's where it came from.
Very clever......very devious.......very difficult to backtrack. :mad
Very clever......very devious.......very difficult to backtrack. :mad
12-21-2002, 11:05 PM
#10
Instructor
Member Since: Mar 2001
Location: Waynesville/Fort Leonard Wood, MO MO
Posts: 119
Likes: 0
Received 0 Likes
on
0 Posts
Re: Virus/W32.Klez.H@mm (paul79)
Please do not take "KLEZ" lightly! It's a pain in the A-- and it will keep your virus protection software from working and prevents most other maintenence action on your computer. The best cure is to down load the free "stinger setup" removal tool from McAfee! It works stand alone to remove 16 specific worms (trojans) I am pretty sure you can get it here! http://www.mcafee.com/anti-virus/virus_removal/klez.asp
[Modified by madmaxgt, 10:06 PM 12/21/2002]
[Modified by madmaxgt, 10:06 PM 12/21/2002]
12-22-2002, 12:36 AM
#12
Melting Slicks
Re: Virus/W32.Klez.H@mm (paul79)
Once you get it it sends your ISP address to the web and keeps coming back until you change your ISP. I finally gave up and installed a firewall that protects from the port attacks that this virii actually uses once it has gotten on your computer and broadcasted your address. It actually disables earlier versions of Norton and is a MAJOR PIA. It uses both email and port attacks once you have it.
I can log on using my wifes ISP and not get hit, but if I use my own ISP it takes about 3 min and Norton (2003) catches an incomming attack (And not using an email message).
Tyler
I can log on using my wifes ISP and not get hit, but if I use my own ISP it takes about 3 min and Norton (2003) catches an incomming attack (And not using an email message).
Tyler
12-22-2002, 12:49 PM
#13
Le Mans Master
Re: Virus/W32.Klez.H@mm (Tyler Townsley)
if anybody recieves email from me disreguard it ,i checked for virus and i dont have anyshowing up but forum members are recieveing email from my address that im not sending out,so sorry for any inconvience,people have nothing else better to do. :mad
12-22-2002, 01:17 PM
#15
Re: Virus/W32.Klez.H@mm (patsnitrovette)
if anybody recieves email from me disreguard it ,i checked for virus and i dont have anyshowing up but forum members are recieveing email from my address that im not sending out,so sorry for any inconvience,people have nothing else better to do. :mad
Email spoofing
Some variants of this worm use a technique known as "spoofing." If so, the worm randomly selects an address that it finds on an infected computer. It uses this address as the "From" address that it uses when it performs its mass-mailing routine. Numerous cases have been reported in which users of uninfected computers received complaints that they sent an infected message to someone else.
For example, Linda Anderson is using a computer that is infected with W32.Klez.E@mm; Linda is not using an antivirus program or does not have current virus definitions. When W32.Klez.gen@mm performs its emailing routine, it finds the email address of Harold Logan. It inserts Harold's email address into the "From" portion of an infected message that it then sends to Janet Bishop. Janet then contacts Harold and complains that he sent her an infected message, but when Harold scans his computer, Norton AntiVirus does not find anything--as would be expected--because his computer is not infected.
If you are using a current version of Norton AntiVirus and you have the most recent virus definitions, and a full system scan with Norton AntiVirus set to scan all files does not find anything, you can be confident that your computer is not infected with this worm.
12-22-2002, 01:23 PM
#16
Le Mans Master
Re: Virus/W32.Klez.H@mm (QuickVet)
aaron thanks,im on cable and my mcafee virus scan and firewall updates every time im on so i know its up to date,ive scanned and scanned and its not there so i feel better now thanks.