-=PCTechTalk=- Re: [PCTechTalk] Virus? (Constantly Bombarded)

• From: "Mike" <mikebike@xxxxxxxxx>
• To: pctechtalk@xxxxxxxxxxxxx
• Date: Wed, 10 Jul 2002 21:46:49 -0700

Hi Cajun,
I'm not Linda<g>

Klez is a smart virus it mimics addresses.
It may have found your address in someone elses,
address book, or email and copied it.

I have Norton AV2002 and it picks up the infections on my incoming
email.

I have it set up to also scan outgoing messages.

There are also fake messages from;
 "System Anti-Virus Administrator"
If you have checked your computer and you know you did not 
send the message consider it a email error.
~~~~

Here is the text from one of Christy's HackFix articles.

"The recent ever popular (and annoying) Klez.h  Does
NOT require any version of outlook installed,  It can use its Own
SMTP engine to send itself.   It does Not require any sort of
windows address book to obtain addresses  it can easily get
addresses from a wide variety of locations including (but not
limited to)  ICQ databases and local files that may contain Email
addresses  such as Webbrowser cache files etc.

The Host infected system doesn't require any sort of outlook
installed as if the system itself is networked with another
system that Does have outlook installed it can travel to that
system.

If there is NO outlook/outlookexpress installed and Absolutely NO
chance of any files on the computer containing email addresses in
any way.  does that mean the virus stops ?    Not in this case!
 Klez will deactivate your antivirus program and destroy certain
files associated with the antivirus program to prevent it from
running and therefor detecting the infection.

And thats just part of One recent infection....

For more information on Klez.H itself please see:

http://www.symantec.com/avcenter/venc/data/w32.klez.h@xxxxxxx
http://vil.nai.com/vil/content/v_99455.htm
http://www.commandcom.com/virus/klez.html
http://www.Europe.f-secure.com/v-descs/klez_h.shtml
http://www.ravantivirus.com/virus/showvirus.php?v=98

Hopefully that helps some

Christy HackFix Staff ~ www.hackfix.org
http://www.hackfix.org/klez.html
~~~
Mike ~ It is a good day if I learned something new.
Editor MikesWhatsNews see a sample on my web page
http://www3.telus.net/mikebike
<mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=subscribe>
See my Anti-Virus pages ~ http://virusinfo.hackfix.org 
<virusinfo-request@xxxxxxxxxxxxx?Subject=subscribe>


*********** REPLY SEPARATOR  ***********

On 10/07/2002 at 10:03 PM Cajun wrote:

Linda, does either McAfee or Norton's detect the Klez virus?  I
downloaded a
Klez removal program from Norton's and after scanning my entire
computer, it
displayed the message "neither W32.Klez.gen@mm nor @32.elkern.gen
were found
on your computer."  Yet, I received another message today from
"System
Anti-Virus Administrator" saying a virus was found in an email
message that
I sent (I didn't send the message).  It says the virus is
application
Exploit-MIME.gen.b.

Cajun

<<<<Sounds like the Klez virus...that's the way it works...it
steals
addresses so it looks like the virus was sent by someone other
than the
one that sent it.

Linda>>>>




To unsub or change your email settings:
//www.freelists.org/webpage/pctechtalk

To access our Archives:
http://groups.yahoo.com/group/PCTechTalk/messages/
//www.freelists.org/archives/pctechtalk/

Other related posts:

• » -=PCTechTalk=- Re: [PCTechTalk] Virus? (Constantly Bombarded)
• » -=PCTechTalk=- Re: [PCTechTalk] Virus? (Constantly Bombarded)
• » -=PCTechTalk=- Re: [PCTechTalk] Virus? (Constantly Bombarded)

1. Home
2. pctechtalk
3. Archive
4. 07-2002

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---