I received two e-mails this morn with the Klez virus attached. I knew not to open them, but did a little research. They were from people on this forum I presume. The names I didnt' recognize but they are on the list that I have gotten when Bebop sends out a mailing and has everyone's name that he CC's to on it. So be careful!

Marilyn

I received two of that same virus yesterday but none so far this morning.
EVERYONE UPDATE YOUR VIRUS DAT FILES.
MCafee auto updated my dat files last night at 10 pm so that means another new virus just hit the wire.
PLEASE. IF YOU DON'T HAVE A CURRENTLY UPDATED VIRUS PROGRAM IN YOUR COMPUTER, PLEASE REMOVE MY NAME AND ADDRESS FROM YOUR FILES
THANK YOU,
BEBOP

Hi Marilyn. It may be that they weren't actually sent by forum members.
I received an e-mail from postmaster@taiyo.de to say an e-mail (subject LaserJet printers) with an attachment containing this virus had been received from my e-mail address.
It is not one that I sent (I've never mailed anything to them nor have I sent any with LaserJet Printers as the subject)).
My system has been checked (Nortons) and is virus free. So this virus is obviously using false addresses and headers.
As a precaution any e-mail's I send to forum members with an attachment, will include in the subject line the word 'Technics'. That way you will know it is genuine. If 'Technics' is not included in the subject line, then don't open it.
John

Hi all,
I also got this virus yesterday. The mail said it was from someone called Boris??? Anyhow that was as much info as I got before my virus prog chewed it up and spat it out. Would that my reflexes were as quick! It would do wonders for my keyboard playing
One of the hazards of internet life I think. As long as you have an up to date virus prog then there is no use worrying about it. Certainly the positives of the internet far outweigh these little hassles as far as I am concerned.
ttfn
Tony

------------------
Naked Women Here : http://website.lineone.net/~the-ant
OK OK it's my website really and your as likely to see naked women there as you are to see the Pope in trousers, but it pays to be creative )

[QUOTE]Originally posted by Tony W:
[B]Hi all,
I also got this virus yesterday. The mail said it was from someone called Boris???


KARLOFF?????? Walter.

I explained in the other thread that the Klez self replicates. Anyone in bebops address book could be targeted.

The first thing it does is make sure it self starts every time with windows, then attempts to remove start up keys and database entries in anti virus products.

It then searches for email addresses to send itself to, and chooses random email addresses in the address book to put in the 'from' field to confuse you it came from somewhere else. It chooses random attachment files and messages to mask the virus attachment.

A quote from a symantec virus report:

"Because this worm uses a randomly chosen address that it finds on an infected computer as the "From:" address, numerous cases have been reported in which users of uninfected computers received complaints that they sent an infected message to someone else."

so it could be going around for a while yet!

I gave instructions in http://www.synthzone.com/ubbs/Forum25/HTML/000680.html how to get rid of it for sure.

I got the virus today or last night. Klez. It came in my yahoo email and so it was never even downloaded but I did a yahoo virus scan with the nortons they use. and it said klez. Virus doesn't bother me, I have nortons as well. All that crap goes to my yahoo email, so it don't worry me any. Its never on my pc but instead is on yahoo's server.That is why I spoke highly in an other thread about outside/yahoo email being best.

oooooh spooky


------------------
Naked Women Here : http://website.lineone.net/~the-ant
OK OK it's my website really and your as likely to see naked women there as you are to see the Pope in trousers, but it pays to be creative )

I also received two emails this morning with the Klez virus attached, but Norton trapped them on the way in and I deleted the attachments.

Mike

And lately the return addresses on these emails has been forged by the virus. I have had emails supposedly from myself at ads@synthzone.com to nigelsp@synthzone.com and vice versa. When I look at the headers on these emails they come from servers all over the world, not from my email server. While email return addresses can be forged this problem will continue. And the big problem with this, other than making viruses look like they come from people who didn't send them, is that whoever has this virus active on their computer will probably never be aware it is happening because bounced email and complaints are never sent back to him/her but just the owner of the forged return address.

I guess my two emails address get used together frequently is because they appear together on the front page at Synthzone.com Viruses simply search temporary Internet caches on computers to find email addresses to use.

I really HATE viruses. They aren't funny or clever .... just destructive.

sadly, all true...

HI Every members Me too I receive 2 virus Bur Norton fixe these virus Hopping that these virus woill stop.I dowmload Adaware but it dont work Have a nice day and congradulation to Bill Forest for is great work Howard

It is a great pity that the guys who write these viruses cannot turn their undoubted talents to more constructive pursuits.

------------------
Willum

I have wondered that myself Bill. But nowadays you don't even have much knowledge to write a virus. Most virus engines are now available for download so most of the work has already been done for them.

you do hear rumours that some who are caught and not publicly charged (unlike like the high profile love bug guy) because details of just how easy it is to get through some windows back doors is too embarrasing for bill gates - get unofficial consultant type roles, paid to try and hack into systems.

a cynical view might be that some providers of anti virus progammes, hire or encourage people to write the viruses in order to keep their sales high ??

------------------
Willum

[This message has been edited by Bill Norrie (edited 06-16-2002).]

[This message has been edited by Bill Norrie (edited 06-16-2002).]

hmm... it is a lucrative business...

remember the year 2000 that was going to crash all our systems, and the hype and money spent on programs and consultants to check something that never ended up happening?

I am still getting 3 or 4 Klez virus attempts every day. My protection software is catching them safely, but it illustrates the fact that the virus is still in one or more computers probably in our forum circle. I hope all of you on the forums will verify that your antivirus software is updated often. It is a result of unprotected machines that these vicious attacks are spread.

I get it too, every couple of days - just goes straight in the bin.

To repeat my previous instructions, download
http://securityresponse.symantec.com/avcenter/FixKlez.com

from symantec (only takes a second).
If you have ME or XP switch off system restore, and for other windows any other Go Back type products.

Boot up in safe mode (hit F8 before windows starts)

go to where you have saved fixklez.com and double click it.

when it finishes, re-boot, and un-install and re-install your anti-virus product from scratch, and go online to update your definitions. As I read it, if you do not re-install your anti-virus the clean up may be unsuccessful. Then re-enable your system restore for ME or XP.

since klez attempts to attack anti-virus products and disable its database entries, it may be safer to do this than rely entirely on your anti-virus product, the info is sketchy here, maybe because norton wants it to be sketchy?

all the info is available at all the good anti-virus sites.


Since it came from bebops address book, everyone in bebops address book should do something, otherwise it may go around those addresses for ever...