SYNTH ZONE
Visit The Bar For Casual Discussion
Page 1 of 2 1 2 >
Topic Options
#58098 - 06/13/02 07:54 AM Klez VIrus Alert!!!
Marilyn Boissoneault Offline
Member

Registered: 06/07/00
Posts: 219
Loc: Melbourne, Florida, USA
I received two e-mails this morn with the Klez virus attached. I knew not to open them, but did a little research. They were from people on this forum I presume. The names I didnt' recognize but they are on the list that I have gotten when Bebop sends out a mailing and has everyone's name that he CC's to on it. So be careful!

Marilyn

Top
#58099 - 06/13/02 08:22 AM Re: Klez VIrus Alert!!!
BEBOP Offline
Senior Member

Registered: 01/02/00
Posts: 3781
Loc: San Jose, California
I received two of that same virus yesterday but none so far this morning.
EVERYONE UPDATE YOUR VIRUS DAT FILES.
MCafee auto updated my dat files last night at 10 pm so that means another new virus just hit the wire.
PLEASE. IF YOU DON'T HAVE A CURRENTLY UPDATED VIRUS PROGRAM IN YOUR COMPUTER, PLEASE REMOVE MY NAME AND ADDRESS FROM YOUR FILES
THANK YOU,
BEBOP
_________________________
BEBOP

Top
#58100 - 06/13/02 10:02 AM Re: Klez VIrus Alert!!!
John North Offline
Member

Registered: 01/16/02
Posts: 449
Loc: Alfreton, Derbyshire, England
Hi Marilyn. It may be that they weren't actually sent by forum members.
I received an e-mail from postmaster@taiyo.de to say an e-mail (subject LaserJet printers) with an attachment containing this virus had been received from my e-mail address.
It is not one that I sent (I've never mailed anything to them nor have I sent any with LaserJet Printers as the subject)).
My system has been checked (Nortons) and is virus free. So this virus is obviously using false addresses and headers.
As a precaution any e-mail's I send to forum members with an attachment, will include in the subject line the word 'Technics'. That way you will know it is genuine. If 'Technics' is not included in the subject line, then don't open it.
John

Top
#58101 - 06/13/02 10:15 AM Re: Klez VIrus Alert!!!
Tony W Offline
Member

Registered: 12/04/99
Posts: 836
Loc: Lancaster UK
Hi all,
I also got this virus yesterday. The mail said it was from someone called Boris??? Anyhow that was as much info as I got before my virus prog chewed it up and spat it out. Would that my reflexes were as quick! It would do wonders for my keyboard playing
One of the hazards of internet life I think. As long as you have an up to date virus prog then there is no use worrying about it. Certainly the positives of the internet far outweigh these little hassles as far as I am concerned.
ttfn
Tony

------------------
Naked Women Here : http://website.lineone.net/~the-ant
OK OK it's my website really and your as likely to see naked women there as you are to see the Pope in trousers, but it pays to be creative smile )

Top
#58102 - 06/13/02 11:48 AM Re: Klez VIrus Alert!!!
Walter McLaren Offline
Member

Registered: 01/16/02
Posts: 320
Loc: Borders. Scotland
[QUOTE]Originally posted by Tony W:
[B]Hi all,
I also got this virus yesterday. The mail said it was from someone called Boris???


KARLOFF?????? Walter.
_________________________
It don't mean a thing, if it ain't got that swing!!!

Top
#58103 - 06/13/02 01:55 PM Re: Klez VIrus Alert!!!
technicsplayer Offline
Senior Member

Registered: 01/17/02
Posts: 3319
I explained in the other thread that the Klez self replicates. Anyone in bebops address book could be targeted.

The first thing it does is make sure it self starts every time with windows, then attempts to remove start up keys and database entries in anti virus products.

It then searches for email addresses to send itself to, and chooses random email addresses in the address book to put in the 'from' field to confuse you it came from somewhere else. It chooses random attachment files and messages to mask the virus attachment.

A quote from a symantec virus report:

"Because this worm uses a randomly chosen address that it finds on an infected computer as the "From:" address, numerous cases have been reported in which users of uninfected computers received complaints that they sent an infected message to someone else."

so it could be going around for a while yet!

I gave instructions in http://www.synthzone.com/ubbs/Forum25/HTML/000680.html how to get rid of it for sure.

Top
#58104 - 06/13/02 03:54 PM Re: Klez VIrus Alert!!!
Sparky Offline
Member

Registered: 02/28/02
Posts: 182
Loc: lewiston maine usa
I got the virus today or last night. Klez. It came in my yahoo email and so it was never even downloaded but I did a yahoo virus scan with the nortons they use. and it said klez. Virus doesn't bother me, I have nortons as well. All that crap goes to my yahoo email, so it don't worry me any. Its never on my pc but instead is on yahoo's server.That is why I spoke highly in an other thread about outside/yahoo email being best.

Top
#58105 - 06/13/02 04:14 PM Re: Klez VIrus Alert!!!
Tony W Offline
Member

Registered: 12/04/99
Posts: 836
Loc: Lancaster UK
Quote:
Originally posted by Walter McLaren:
[QUOTE]


KARLOFF?????? Walter.



oooooh spooky


------------------
Naked Women Here : http://website.lineone.net/~the-ant
OK OK it's my website really and your as likely to see naked women there as you are to see the Pope in trousers, but it pays to be creative smile )

Top
#58106 - 06/13/02 08:15 PM Re: Klez VIrus Alert!!!
Mike Daniell Offline
Member

Registered: 05/15/00
Posts: 143
Loc: Brisbane, Qld, Australia
I also received two emails this morning with the Klez virus attached, but Norton trapped them on the way in and I deleted the attachments.

Mike

Top
#58107 - 06/13/02 10:16 PM Re: Klez VIrus Alert!!!
Nigel Offline
Admin

Registered: 06/01/98
Posts: 6483
Loc: Ventura CA USA
And lately the return addresses on these emails has been forged by the virus. I have had emails supposedly from myself at ads@synthzone.com to nigelsp@synthzone.com and vice versa. When I look at the headers on these emails they come from servers all over the world, not from my email server. While email return addresses can be forged this problem will continue. And the big problem with this, other than making viruses look like they come from people who didn't send them, is that whoever has this virus active on their computer will probably never be aware it is happening because bounced email and complaints are never sent back to him/her but just the owner of the forged return address.

I guess my two emails address get used together frequently is because they appear together on the front page at Synthzone.com Viruses simply search temporary Internet caches on computers to find email addresses to use.

I really HATE viruses. They aren't funny or clever .... just destructive.

Top
#58108 - 06/14/02 01:55 AM Re: Klez VIrus Alert!!!
technicsplayer Offline
Senior Member

Registered: 01/17/02
Posts: 3319
sadly, all true...

Top
#58109 - 06/14/02 02:50 PM Re: Klez VIrus Alert!!!
hbinfo Offline
Junior Member

Registered: 02/15/02
Posts: 11
Loc: ST-Nicolas,Que,Canada
HI Every members Me too I receive 2 virus Bur Norton fixe these virus Hopping that these virus woill stop.I dowmload Adaware but it dont work Have a nice day and congradulation to Bill Forest for is great work Howard
_________________________
Howard

Top
#58110 - 06/14/02 03:23 PM Re: Klez VIrus Alert!!!
Bill Norrie Offline
Senior Member

Registered: 01/16/02
Posts: 2330
Loc: North Yorkshire UK
It is a great pity that the guys who write these viruses cannot turn their undoubted talents to more constructive pursuits.

------------------
Willum
_________________________
Willum

After silence, that which comes nearest to expressing the inexpressible is Music.
Aldous Huxley
( especially when the music is played on a KN7000....)

Top
#58111 - 06/15/02 08:03 PM Re: Klez VIrus Alert!!!
Nigel Offline
Admin

Registered: 06/01/98
Posts: 6483
Loc: Ventura CA USA
I have wondered that myself Bill. But nowadays you don't even have much knowledge to write a virus. Most virus engines are now available for download so most of the work has already been done for them.

Top
#58112 - 06/16/02 10:05 AM Re: Klez VIrus Alert!!!
technicsplayer Offline
Senior Member

Registered: 01/17/02
Posts: 3319
you do hear rumours that some who are caught and not publicly charged (unlike like the high profile love bug guy) because details of just how easy it is to get through some windows back doors is too embarrasing for bill gates - get unofficial consultant type roles, paid to try and hack into systems.

Top
#58113 - 06/16/02 02:37 PM Re: Klez VIrus Alert!!!
Bill Norrie Offline
Senior Member

Registered: 01/16/02
Posts: 2330
Loc: North Yorkshire UK
a cynical view might be that some providers of anti virus progammes, hire or encourage people to write the viruses in order to keep their sales high ??

------------------
Willum

[This message has been edited by Bill Norrie (edited 06-16-2002).]

[This message has been edited by Bill Norrie (edited 06-16-2002).]
_________________________
Willum

After silence, that which comes nearest to expressing the inexpressible is Music.
Aldous Huxley
( especially when the music is played on a KN7000....)

Top
#58114 - 06/16/02 03:37 PM Re: Klez VIrus Alert!!!
technicsplayer Offline
Senior Member

Registered: 01/17/02
Posts: 3319
hmm... it is a lucrative business...

remember the year 2000 that was going to crash all our systems, and the hype and money spent on programs and consultants to check something that never ended up happening?

Top
#58115 - 06/16/02 07:48 PM Re: Klez VIrus Alert!!!
Bob Hendershot Offline
Member

Registered: 12/02/99
Posts: 924
Loc: Johnson City, TN USA
I am still getting 3 or 4 Klez virus attempts every day. My protection software is catching them safely, but it illustrates the fact that the virus is still in one or more computers probably in our forum circle. I hope all of you on the forums will verify that your antivirus software is updated often. It is a result of unprotected machines that these vicious attacks are spread.

Top
#58116 - 06/17/02 02:52 AM Re: Klez VIrus Alert!!!
technicsplayer Offline
Senior Member

Registered: 01/17/02
Posts: 3319
I get it too, every couple of days - just goes straight in the bin.

To repeat my previous instructions, download
http://securityresponse.symantec.com/avcenter/FixKlez.com

from symantec (only takes a second).
If you have ME or XP switch off system restore, and for other windows any other Go Back type products.

Boot up in safe mode (hit F8 before windows starts)

go to where you have saved fixklez.com and double click it.

when it finishes, re-boot, and un-install and re-install your anti-virus product from scratch, and go online to update your definitions. As I read it, if you do not re-install your anti-virus the clean up may be unsuccessful. Then re-enable your system restore for ME or XP.

since klez attempts to attack anti-virus products and disable its database entries, it may be safer to do this than rely entirely on your anti-virus product, the info is sketchy here, maybe because norton wants it to be sketchy?

all the info is available at all the good anti-virus sites.


Since it came from bebops address book, everyone in bebops address book should do something, otherwise it may go around those addresses for ever...

Top
Page 1 of 2 1 2 >

Moderator:  Admin 



Help keep Synth Zone Online