[pchelpers] Re: Why the Klez worm just won't go away

Tim,

I just wanted to publicly thank you for the help you gave me to get my Live
Update working again.  I feel so much better now knowing that my definitions
are up to date, as well as the program, NAV, itself.  A great example of
what pchelpers is all about.

Phil B.
Grover Beach, CA

----- Original Message -----
From: "Tim H." <tekphobia@xxxxxxxxx>
To: <pchelpers@xxxxxxxxxxxxx>
Sent: Wednesday, April 24, 2002 11:20 PM
Subject: [pchelpers] Re: Why the Klez worm just won't go away


> Hi Phil,
>
> What exactly happens when you try to run Live Update? Are there any
errors?
> Once I know what's goin on, we can fix your NAV. If the Live Update fails,
> you can get the Intelligent Updater file(s):
>
> http://www.sarc.com/avcenter/download/pages/US-N95.html
>
> The first one is the large chunk, the smaller 3 are the large chunk
divided
> into smaller files suitable for floppies. Comes in handy after a Klez
> removal!
>
> Also, if you like, you can send your subscription # (would be in NAV,
under
> "About") to me personally and I can see what's going on with it.
>
> Regards,
>
> Tim Hamel
>
> ----- Original Message -----
> From: "POTGN" <potgn@xxxxxxxxxxx>
> To: <pchelpers@xxxxxxxxxxxxx>
> Sent: Wednesday, April 24, 2002 10:24 PM
> Subject: [pchelpers] Re: Why the Klez worm just won't go away
>
>
> >
> > Tim,
> >
> > Just a question.  I use NAV 2002 and have been unable to get any Live
> > Updates for the past 30 days.  Is there a particular reason or thing
that
> I
> > would like to know about?  I know I am getting closer and closer to one
of
> > those last 4 *.exe files that you mentioned and probably the Klez.E/H
> also,
> > so when I get one I will send it if able.  Can you tell me where to
check
> on
> > the status of Live Update.  I just subscribed for another year.
> >
> > Thanks,
> >
> > Phil B.
> > Grover Beach, CA
> >
> >
> > ----- Original Message -----
> > From: "Tim H." <tekphobia@xxxxxxxxx>
> > To: <pchelpers@xxxxxxxxxxxxx>
> > Sent: Wednesday, April 24, 2002 7:55 PM
> > Subject: [pchelpers] Re: Why the Klez worm just won't go away
> >
> >
> > > Hello,
> > >
> > > Fortunately, I work in Symantec's Virus Removal labs. After removing
> > > Klez.E/H all day, I was a bit hesitant to reply. The thing with Klez
is
> > that
> > > it's network aware and thus can spread via open file shares. It also
has
> > its
> > > own SMTP engine so checking Outlook's "Sent" folder will inevitably
not
> > show
> > > any messages the worm has sent. I'm sure you guys know this, but many
in
> a
> > > lot of calls, people think otherwise.
> > >
> > > With Klez.H, the infection of EXEs is greater than the previous
> > incarnation
> > > (.E). With Klez.E, we were able to do a manual removal, but with .H,
it
> > > infects PEs (EXEs) and thus will keep reinfecting the system. We
> > (Symantec)
> > > have an excellent removal tool that will remove Klez.E/H. If you
follow
> > the
> > > instructions on the site about it, you won't see the step that says,
> > "Reboot
> > > into Safe Mode." So we get a lot of calls where people say they ran
the
> > tool
> > > but it locks up. I ask, "Did you reboot into Safe Mode?" and they say,
> > "No,
> > > what's that?"
> > >
> > > As for protection? NAV with the latest definitions will prevent Klez
> from
> > > infecting your system. Microsoft also has a patch for Outlook to
prevent
> > it
> > > from executing attachments because the MIME headers were spoofed.
> > >
> > > http://www.microsoft.com/technet/security/bulletin/MS01-020.asp
> > >
> > > I prefer your suggestion in abandoning Outlook. It has WAY too many
> holes
> > > and Microsoft never seems to address the root of the problem.
> > >
> > > As a side note. We've been getting a lot of calls about
> "Backdoor.Trojan"
> > > being on their system. It always references the same files:
> > >
> > > absr.exe
> > > ausvc.exe
> > > mnsvc.exe
> > > bvt.exe
> > >
> > > I would LOVE to get my hands on one of these files. So, if anyone gets
a
> > > warning about those or has one of those on their systems, I would be
> very
> > > happy if you emailed it to me.
> > >
> > > Regards,
> > >
> > > Tim Hamel
> > >
> > > ----- Original Message -----
> > > From: "Robert Weyer" <rweyer@xxxxxxxxx>
> > > To: "pchelpers" <pchelpers@xxxxxxxxxxxxx>
> > > Sent: Wednesday, April 24, 2002 3:14 PM
> > > Subject: [pchelpers] Why the Klez worm just won't go away
> > >
> > >
> > > > Content-Type: text/plain;
> > > > charset="iso-8859-1"
> > > > Content-Transfer-Encoding: quoted-printable
> > > >
> > > > Hi John
> > > > Here is an interesting article.  I have been hit twice lately.  =
> > > > Fortunately my software isolates, confines and ultimately destroys
it.
> > =
> > > > But maybe the best solution is to abandon Outlook and all email
> programs
> > =
> > > > associated with it.
> > > >
> > > >
> > > >
http://www.zdnet.com/anchordesk/stories/story/0,10738,2862307,00.html
> > > >
> > > >
> > > > ---
> > > > Outgoing mail is certified Virus Free.
> > > > Checked by AVG anti-virus system (http://www.grisoft.com).
> > > > Version: 6.0.350 / Virus Database: 196 - Release Date: 4/17/2002
> > > >
> > > >
> > > >
> > > > -- Binary/unsupported file stripped by Ecartis --
> > > > -- Type: text/x-vcard
> > > > -- File: Robert Weyer.vcf
> > > >
> > > >
> > > >
> > >
> > >
> > >
> >
> >
> >
> >
>
>
>
>

Other related posts: