Copper Talk » Open Forum » Archived Messages » 2002 » Archived Messages 02/01/2002 to 04/31/2002 » Virus Information « Previous Next »

Author Message
Top of pagePrevious messageNext messageBottom of page Link to this message

Tech181
Posted on Friday, April 26, 2002 - 12:50 am:   Edit Post Delete Post    Move Post (Moderator/Admin Only)
Hot off the presses...

An e-mail virus is becoming more prevalent on the internet. The name of the virus is called Klez, and it has several variants.

It will come from someone who has you in their e-mail address book, but the From: field may be filled out with someone else's address, making it difficult to track down who is actually infected and sending the e-mail. It has numerous subject lines (listed below) and attachment names. The text in the e-mail is random. The attachment can be automatically executed in an unpatched version of MS Outlook, so be especially cautious if using it. If you get this in your e-mail, please delete it immediately.

Be extremely careful before you run attachments that you did not request!!

More info at:http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.h@mm.html

Random Subject lines:
* how are you
* let's be friends
* darling
* so cool a flash,enjoy it
* your password
* honey
* some questions
* please try again
* welcome to my hometown
* the Garden of Eden
* introduction on ADSL
* meeting notice
* questionnaire
* congratulations
* sos!
* japanese girl VS playboy
* look,my beautiful girl friend
* eager to see you
* spice girls' vocal concert
* japanese lass' sexy pictures
* Undeliverable mail--"[Random word]"
* Returned mail--"[Random word]"
* a [Random word] [Random word] game
* a [Random word] [Random word] tool
* a [Random word] [Random word] website
* a [Random word] [Random word] patch
* [Random word] removal tools
The [random word] will be one of the following:
* new
* funny
* nice
* humour
* excite
* good
* powful
* WinXP
* IE 6.0
* W32.Elkern
* W32.Klez.E
* Symantec
* Mcafee
* F-Secure
* Sophos
* Trendmicro
* Kaspersky

In addition, the worm also may attach a random file from the computer. The file will have one of the following extensions:
* mp8
* .txt
* .htm
* .html
* .wab
* .asp
* .doc
* .rtf
* .xls
* .jpg
* .cpp
* .pas
* .mpg
* .mpeg
* .bak
* .mp3
* .pdf

Steve
Tech181
Tech181@copperelectronics.com
Top of pagePrevious messageNext messageBottom of page Link to this message

Jburner
Posted on Friday, April 26, 2002 - 8:52 am:   Edit Post Delete Post    Move Post (Moderator/Admin Only)
Thanks Steve, been lucky so far. Wonder why people like to do this. More often than not just to see if they can. Wish I had time like that to waste. Again thanks for the info.
Top of pagePrevious messageNext messageBottom of page Link to this message

Scrapiron63
Posted on Friday, April 26, 2002 - 10:56 am:   Edit Post Delete Post    Move Post (Moderator/Admin Only)
You need to be sure you have the latest patches for Outlook Express, and, that you have a good virus scan. They are getting slicker, I got one a couple days ago that you didn't even have to open, it tried to excute when it was highlighted. The one I received yesterday had for a subject line: "A special new website".
The message was:
"Hello,This is a new website
I wish you would enjoy it. "

He got good english, huh, lol. I got another this morning, the subject line was: "Angel for you". The virus was: Win32/magistr.gen@mm.
These are coming to my ISP email account thur Outlook Express. I use hotmail and yahoo for the forums, mail lists, and most other mail, they are automatically scanned for viruses. Outlook express has had those holes from the first, and everytime they upgrade, more holes show up and have to be patched. For receiving files, photos, and other attachments, hotmail, yahoo or some of the others are a much better choice, since they are scanned. Viruses can also be sent thur all the 'instant message' chat things, including AOL, you need to be careful with those, and know who you chat with.
Top of pagePrevious messageNext messageBottom of page Link to this message

Biged
Posted on Friday, April 26, 2002 - 4:47 pm:   Edit Post Delete Post    Move Post (Moderator/Admin Only)
My computer is infected as I speak. I can no longer use outlook express for some reason. When I try to open it up, I get a message saying "Outlook Express could not be started because MSOE.DLL could not be loaded" I dont know what that means. My hard drive also filled up when I got it. I have a 20 gig hard drive and have only ever used about 6-7 gigs since I've had it but over night it filled up. The gateway tech said I have a virus and need to completely reload windows. Now comes the fun of backing everything up.
Top of pagePrevious messageNext messageBottom of page Link to this message

Tech181
Posted on Friday, April 26, 2002 - 8:48 pm:   Edit Post Delete Post    Move Post (Moderator/Admin Only)
Biged,

Just be sure that you know which files were infected by the virus. The last thing you want to do is save all your .doc files (for example) and then reload them on your PC and find yourself infected all over again.

Steve
Tech181
Tech181@copperelectronics.com
Top of pagePrevious messageNext messageBottom of page Link to this message

ss8541
Posted on Friday, April 26, 2002 - 11:34 pm:   Edit Post Delete Post    Move Post (Moderator/Admin Only)
thanks 181 and scrap, you have provided the best info yet without blowing your own horn about being a super duper computer trooper who can shut this down with 7 fingers and 2 thumbs behind your back.
Top of pagePrevious messageNext messageBottom of page Link to this message

Biged
Posted on Saturday, April 27, 2002 - 9:40 pm:   Edit Post Delete Post    Move Post (Moderator/Admin Only)
Thanks tech 181, I never thought of that. I havnt started saving anything yet, but I have started to delete stuff. I think that is why my email is not working, because I deleted the file that opens it up. Thank you again for the info..Eddie