Recieving Very strange emails

[tiggwigg]

Alby, your comments indicate you don't know how a virus worm works...this is NOT an external attack on the SPWAW community...it is a virus being propagated internally by members of the community...they activate the virus/worm and send it to each other.

The worm/virus is usually delivered as an attachment to an email and is a program disguised as a harmless atachement.

When the innocent recipient of the email clicks on the attachment, it starts the program. The program (commonly called a payload), does things to your computer. Usually, it copies itself onto your computer hard-drive and runs everytime you start your computer. It then sends a copy of the original email with virus attachment to everyone in your Outlook address book...if nasty it will do something like delete all files on your computer or change names of files.

This particular virus, known as KLEZ, does all these things...it uses a security failure in Outlook/Internet Explorer to run itself automatically without you having to open the attachment. If you have the latest IE updates installed, then this security loop-hole should be closed...but this doesn't stop you opening the attachment.

The KLEZ virus is currently the number network virus/worm problem. It requires both an anti virus application and a KLEZ removal program to fix...

As has been said...always have your anti-virus software up to date...also have the latest IE update...and importantly, know what makes an email suspicious and if in doubt, then delete it first...it is easier for your buddy to re-send his email than for you to clean up your computer...NEVER open an email, even from someone you trust, if there is the slightest doubt that it is not 100% clean.

[ruxius]

Right..your post exactly described what happened..
I was out for a while and when coming back here I found that a spam attack was launched by a sick person...he has been banned but which was his name ?
I would like to know if I ever spoke with him...

Anyone knows his name ?

[Tommy]

Originally posted by tiggwigg
[snip]

The KLEZ virus is currently the number network virus/worm problem. It requires both an anti virus application and a KLEZ removal program to fix...

As has been said...always have your anti-virus software up to date...also have the latest IE update...and importantly, know what makes an email suspicious and if in doubt, then delete it first...it is easier for your buddy to re-send his email than for you to clean up your computer...NEVER open an email, even from someone you trust, if there is the slightest doubt that it is not 100% clean.

Tiggwigg,

Excellent advice. The KLEZ is not effective against a PC which has all of the Windows (IE, Outlook & Norton Antivirus) updates installed. I am just finishing cleaning up 2 PCs that were infected by KLEZ. (No - not this one!).

BTW, a bit of caution on that advice about a "KLEZ removal program". I don't beleive there is a real one. There is a fake one around which actually infects the PC even worse, it's a trojan. As far as I could tell, you can't "remove & repair" the KLEZ worm (and it's virus sub-payload). You can delete all files containing the worm, then re-install all of the apps you just disabled.

One more note, McAfee was on the 2 infected PCs; the KLEZ wiped it out first thing ( like a sniper bullet to the head of the Company Commander). I rebuilt the PCs with Norton Antivirus and it survived the counterattack and wiped out the KLEZ.

I wonder if this all started a few days ago, remember my post about the strange email in Polish?
Caution: A hack attempt?

Tommy

[Shetty]

If you want an eMail-Program that is save compared to MS Outlook Express, download Eudora at www.eudora.com. It is free, and can not so easily used for a viral infection, since it doesn't automatically open every attachment like Outlook does.

By the way, Bing, what does your signature mean?

[Tommy]

Originally posted by Shetty


By the way, Bing, what does your signature mean?

and a 1, and a 2:

Big, bad, Leroy Brown
Baddest man in the whole **** town

Must get that voice fixed someday!;)
Tommy

[Shetty]

Oh, now I understand...was it translated by Altavista?

[Mojo]

I bought an AVP from Kaspersky. If you think having your troops hit a mine at 2 am will cause you to jump you should have seen me when that alarm went off.

I'm still having Java problems which they are helping me with but at least the computer is clean and I'm back on line.

BTW Bing what are you running as a firewall and what was that anti spyware product you recommended?

Oh and before y'all start treating me like Typhoid Mary I didn't have Klez so you didn't get it from me. << Insert smilie face here cause java ain't working>>

[Big Bill]

shetty Outlook Express can be configured NOT to automaticlly open attachments

Mojo I use Zone Alarm as a firewall and it seems to be doing a good job on my XP system.

I downloaded a spyware and cookie removal program ( forget the name) but it seemed to bog things down ( not speed) with pop up warnings etc. If your still interested I'll try to get you the name

[Bing]

Mojo: Am running naked - no firewall. I tried BlackIce, ZoneAlarm and Tiny Personal Firewall - they were all finicky and gave me dozens of intrusion "attempts" that didn't exist. I dont let the cable IP run 24/7 - only when I am surfing or doing e-mail. Running off USB, the software that crashed Bill Gate's demo on national TV. So I shut down, unplug the modem and restart for realtime app running, reverse the process for air time.

Not recommending this for anyone - I am willing to take the chance. The way I see it, outright intrusions are minor compared to spyware and e-mail viruses - there is even a new class of virus you get from just visiting a site. Benign and all, but it IS a virus and is classified as such.

I wouldn't dream of operating more than 48 hours without cleaning out the Internet Temp files - all the way, from the command line.

For spyware detection and killing I use Ad-Aware from http://www.majorgeek.com/index2.html - a temporary redirect while they get straightened around. I've had three cases of spyware detected in the last couple of months - Ad-Aware does a good job and now has a Net-based auto update exe available.

I use Cookie Pal - not the least bit intrusive, allows me to organize cookies and permanently bar whatever sites I want from installing cookies.

All of the pop-up killers I've used are the same: They kill important pop-ups for Internet shopping and password entry. I just don't buy anything advertised via pop-up and try not to go to the sites that harrass the user with multiple pop-ups.

Bing

[Mojo]

Originally posted by Bing
Mojo: Am running naked....

<<eek smilie (still haven't fixed java)>> Hey Nature-boy at least put on a loin cloth huh? (Images too frightening to consider.)

One little trick I've seen with the pop ups is that they change the little "close button" thingie so that it connects you with their site instead of closing the window. That really chafes my hide boy. Want to start a flame fest with me just do that.

Kaspersky Labs AVP seems to work great and their customer support has gone way beyond the call of duty helping me with this. Lot's of hand holding and patient step by step help.

Thanks for the advice and help. You too Big Bill. Maybe I'll hold off on the firewall and just continue to run nekkid too.

[Capt Chris]

Linux baby!

Here's a copy of the only Linix virus I know...

***Begin_Virus***
This is an on your honor virus.
Login in to your Linux System as root.
Delete a bunch of files out of /boot and /etc at random.
Reboot your system.
***End_Virus***

Your system will now be unusable.

[Bing]

Originally posted by Mojo



<<eek smilie (still haven't fixed java)>> Hey Nature-boy at least put on a loin cloth huh? (Images too frightening to consider.)

One little trick I've seen with the pop ups is that they change the little "close button" thingie so that it connects you with their site instead of closing the window. That really chafes my hide boy. Want to start a flame fest with me just do that.

Kaspersky Labs AVP seems to work great and their customer support has gone way beyond the call of duty helping me with this. Lot's of hand holding and patient step by step help.

Thanks for the advice and help. You too Big Bill. Maybe I'll hold off on the firewall and just continue to run nekkid too.

You wouldn't last long around here if that were actually what I was doing. 180" snow annual average - which is not really a lot.

Kapersky seems to run counter to US firms: They actually DO put the customer first. I know they are consistently ahead of others in identifying viruses and adding them to the reference file. Weekly updates just doesn't do it in this day and age. They once answered a non-emergency service request for me at what amounted to 2 or 3 AM Sunday in Switzerland - I still can't believe it.

Bing

[Bernie]

Originally posted by Bing

For spyware detection and killing I use Ad-Aware from http://www.majorgeek.com/index2.html - a temporary redirect while they get straightened around. I've had three cases of spyware detected in the last couple of months - Ad-Aware does a good job and now has a Net-based auto update exe available.

I use Cookie Pal - not the least bit intrusive, allows me to organize cookies and permanently bar whatever sites I want from installing cookies.

All of the pop-up killers I've used are the same: They kill important pop-ups for Internet shopping and password entry. I just don't buy anything advertised via pop-up and try not to go to the sites that harrass the user with multiple pop-ups.

Bing [/B]

Try PestPatrol instead of Ad-Aware. It'll find stuff nothing else will, including trojans and RATs

Pest Patrol

[Mojo]

Their website is amazing. I think their AVP scans for 50,000+ viruses. The customer support folks I have been dealing with are in Moscow and they are staffed 24/7 and actually answer emails promptly. Sometimes within minutes. WTF are they thinking? Can't make money like that!

Disclaimer: Blah, blab, no financial interest in this company, blah, blah

Only 180 inches of snow? Oh that's right you're a troll right?

Uff da

[Mojo]

Originally posted by Bernie


Try PestPatrol instead of Ad-Aware. It'll find stuff nothing else will, including trojans and RATs

Pest Patrol

That's interesting stuff Bernie. Do you use this? Any problems with it?

[Bernie]

Originally posted by Mojo


That's interesting stuff Bernie. Do you use this? Any problems with it?

Yes, I do use it, and the only problem I've had to date with it was a false positve on a wav file.

[Alby]

Originally posted by tiggwigg
Alby, your comments indicate you don't know how a virus worm works...this is NOT an external attack on the SPWAW community...it is a virus being propagated internally by members of the community...they activate the virus/worm and send it to each other.

The worm/virus is usually delivered as an attachment to an email and is a program disguised as a harmless atachement.

When the innocent recipient of the email clicks on the attachment, it starts the program. The program (commonly called a payload), does things to your computer. Usually, it copies itself onto your computer hard-drive and runs everytime you start your computer. It then sends a copy of the original email with virus attachment to everyone in your Outlook address book...if nasty it will do something like delete all files on your computer or change names of files.

This particular virus, known as KLEZ, does all these things...it uses a security failure in Outlook/Internet Explorer to run itself automatically without you having to open the attachment. If you have the latest IE updates installed, then this security loop-hole should be closed...but this doesn't stop you opening the attachment.

The KLEZ virus is currently the number network virus/worm problem. It requires both an anti virus application and a KLEZ removal program to fix...

As has been said...always have your anti-virus software up to date...also have the latest IE update...and importantly, know what makes an email suspicious and if in doubt, then delete it first...it is easier for your buddy to re-send his email than for you to clean up your computer...NEVER open an email, even from someone you trust, if there is the slightest doubt that it is not 100% clean.

Yes I understand that, BUT, None of these "returned" emails have names that are currently or have ever been in my address book.
I ran the Tool that eliminates the klez worm and it found nothing, so you got me.

[Warhorse]

Yeah, I don't have it either, and received about 5 more infected messages last night!! Whoever has it, still does!!

[Bing]

Yes I understand that, BUT, None of these "returned" emails have names that are currently or have ever been in my address book.
=======================================

They don't have to be in your address book. Your address is in someone ELSE'S address book.

This someone else may be ignorant of current virus practice, they might not care, or they might be the perp. Take your pick. The criminal might have tapped into a commercial server - it does happen. I was notified of this happening in a book finder's service. Nothing ever happened, but they were compromised.

Bing

[Big Bill]

It finally hit, the w32.klez.gen@mm arrived in a PBEM game today, luckly Norton caught it and put it in quarrentine. It seems not all of our friends here have a antivirus program or if they do they aren't updatting their signitures!