[pchelpers] Re: Why the Klez worm just won't go away

Tim,

Just a question.  I use NAV 2002 and have been unable to get any Live
Updates for the past 30 days.  Is there a particular reason or thing that I
would like to know about?  I know I am getting closer and closer to one of
those last 4 *.exe files that you mentioned and probably the Klez.E/H also,
so when I get one I will send it if able.  Can you tell me where to check on
the status of Live Update.  I just subscribed for another year.

Thanks,

Phil B.
Grover Beach, CA


----- Original Message -----
From: "Tim H." <tekphobia@xxxxxxxxx>
To: <pchelpers@xxxxxxxxxxxxx>
Sent: Wednesday, April 24, 2002 7:55 PM
Subject: [pchelpers] Re: Why the Klez worm just won't go away


> Hello,
>
> Fortunately, I work in Symantec's Virus Removal labs. After removing
> Klez.E/H all day, I was a bit hesitant to reply. The thing with Klez is
that
> it's network aware and thus can spread via open file shares. It also has
its
> own SMTP engine so checking Outlook's "Sent" folder will inevitably not
show
> any messages the worm has sent. I'm sure you guys know this, but many in a
> lot of calls, people think otherwise.
>
> With Klez.H, the infection of EXEs is greater than the previous
incarnation
> (.E). With Klez.E, we were able to do a manual removal, but with .H, it
> infects PEs (EXEs) and thus will keep reinfecting the system. We
(Symantec)
> have an excellent removal tool that will remove Klez.E/H. If you follow
the
> instructions on the site about it, you won't see the step that says,
"Reboot
> into Safe Mode." So we get a lot of calls where people say they ran the
tool
> but it locks up. I ask, "Did you reboot into Safe Mode?" and they say,
"No,
> what's that?"
>
> As for protection? NAV with the latest definitions will prevent Klez from
> infecting your system. Microsoft also has a patch for Outlook to prevent
it
> from executing attachments because the MIME headers were spoofed.
>
> http://www.microsoft.com/technet/security/bulletin/MS01-020.asp
>
> I prefer your suggestion in abandoning Outlook. It has WAY too many holes
> and Microsoft never seems to address the root of the problem.
>
> As a side note. We've been getting a lot of calls about "Backdoor.Trojan"
> being on their system. It always references the same files:
>
> absr.exe
> ausvc.exe
> mnsvc.exe
> bvt.exe
>
> I would LOVE to get my hands on one of these files. So, if anyone gets a
> warning about those or has one of those on their systems, I would be very
> happy if you emailed it to me.
>
> Regards,
>
> Tim Hamel
>
> ----- Original Message -----
> From: "Robert Weyer" <rweyer@xxxxxxxxx>
> To: "pchelpers" <pchelpers@xxxxxxxxxxxxx>
> Sent: Wednesday, April 24, 2002 3:14 PM
> Subject: [pchelpers] Why the Klez worm just won't go away
>
>
> > Content-Type: text/plain;
> > charset="iso-8859-1"
> > Content-Transfer-Encoding: quoted-printable
> >
> > Hi John
> > Here is an interesting article.  I have been hit twice lately.  =
> > Fortunately my software isolates, confines and ultimately destroys it.
=
> > But maybe the best solution is to abandon Outlook and all email programs
=
> > associated with it.
> >
> >
> > http://www.zdnet.com/anchordesk/stories/story/0,10738,2862307,00.html
> >
> >
> > ---
> > Outgoing mail is certified Virus Free.
> > Checked by AVG anti-virus system (http://www.grisoft.com).
> > Version: 6.0.350 / Virus Database: 196 - Release Date: 4/17/2002
> >
> >
> >
> > -- Binary/unsupported file stripped by Ecartis --
> > -- Type: text/x-vcard
> > -- File: Robert Weyer.vcf
> >
> >
> >
>
>
>

Other related posts: