People still don't know about Klez

Bait O' Eggs · 01-14-2003, 12:30 PM

Thanks for the info Jen. I am one of those idiots who is getting email with Klez in it and thinking the name on the email is the person who sent it. [img]graemlins/icon_argue.gif[/img] I guess I have been thinking bad of others who did no wrong. :blush:

I keep getting it from people who are ifish oriented. I hope who ever has it with my address in their box, gets it off their machine soon.

Silver Hilton · 01-14-2003, 02:49 PM

Interesting story here on new viruses.
New viruses

steelhooked · 01-14-2003, 03:05 PM

if you to the norton or symantec website you can get the tool to remove it. just punch in the virus name in the search. it is not the easiest virus to remove so really follow the directions. had to do this to my moms computer who didn't have virus protection. good luck!!

The Fishing Geek · 01-14-2003, 07:35 PM

I'll put this out there: the person who I've been getting viruses from lately has verizon.net as their ISP, and recently either received an email from or sent one to an address at okumafishing.com.

Jennie@ifish · 01-14-2003, 11:20 PM

I still get several e mails a day asking me how come they got Klez from so and so...

Chances are, they didn't send it.

Please read about E mail spoofing, something KLEZ is known for:

Email spoofing
This worm often uses a technique called "spoofing." When the worm performs its email routine, it can use a randomly chosen address it finds on an infected computer as the "From:" address. Numerous cases have been reported in which users of uninfected computers received complaints that they sent an infected message to someone else.

For example, Linda Anderson is using a computer infected with W32.Klez.H@mm. Linda is not using an antivirus program or does not have the current virus definitions. When W32.Klez.H@mm performs its emailing routine, it finds the email address of Harold Logan. The worm inserts Harold's email address into the "From:" portion of an infected message, which the worm then sends to Janet Bishop. Then, Janet contacts Harold and complains that he sent her an infected message, but when Harold scans his computer, Norton AntiVirus does not find anything because his computer is not infected.

If you are using a current version of Norton AntiVirus, have the most recent virus definitions, and a full system scan with Norton AntiVirus, which is set to scan all the files, does not find anything, you can be confident that your computer is not infected with this worm.

There have been several reports that, in some cases, if you receive a message that the virus has sent using its own SMTP engine, the message appears to be a "postmaster bounce message" from your own domain. For example, if your email address is jsmith@anyplace.com, you could receive a message that appears to be from postmaster@anyplace.com, indicating that you attempted to send an email and the attempt failed. If this is the false message sent by the virus, the attachment includes the virus itself. Of course, such attachments should not be opened.

The message may be disguised as an immunity tool. One version of this false message is:

Klez.E is the most common world-wide spreading worm. It's very dangerous by corrupting your files. Because of its very smart stealth and anti-anti-virus technic,most common AV software can't detect or clean it.We developed this free immunity tool to defeat the malicious virus. You only need to run this tool once,and then Klez will never come into your PC.

NOTE: Because this tool acts as a fake Klez to fool the real worm,some AV monitor maybe cry when you run it. If so,Ignore the warning,and select 'continue'. If you have any question,please mail to me.

Another good explanation is here!

The Fishing Geek · 01-14-2003, 11:39 PM

I'm going to keep this thread bumped until the end of time, Jennie. I get Klez viruses from people who frequent fishing forums all the time. How do I know? Because the return addresses lately have had fishing tackle originations, which means that the person it really originated from had contacted that tackle company recently.

There are FREE antivirus packages available out there for PC users that do a great job, and have worked for a couple of years now. If you don't like that route, there are also pretty inexpensive ways to get the big names like Norton and McAfee. However, as long as people don't care to fix the problem we will continue to get viruses from them, whether they know it or not.

The Fishing Geek · 01-16-2003, 09:28 AM

More information about this person. For the last couple of weeks they have had the IP number 4.63.189.160, which verifies to me that the person has DSL.

To find out what your IP address is, in Windows click on Start-->Run, type cmd and press Enter. At the DOS prompt type ipconfig and you will see your IP address.

If only ISP's cared about this stuff I would contact Verizon. No such luck, though.

Bait O' Eggs · 01-22-2003, 08:21 AM

Geek - check your private message, I may have figured this out. You seem to be playing detective, I got a lead for ya.

Edit - I have confirmed who is posting with that IP address. Now to get their computer a penicillin shot.

[ 01-22-2003, 09:50 AM: Message edited by: Bait O' Eggs ]

The Fishing Geek · 01-22-2003, 09:55 AM

BOE and Water Dog:

I have verified the information that you provided to me and it does appear to be a match. I have emailed the person in question (disregard my email to you, BOE, as that was a different person than this one) with instructions on how to remove the virus, how to obtain free antivirus software, and also extending my help if they need more help than what I gave them in the email.

As a courtesy, I do not want to release their name to the public if we can get them cleaned up. While I do sometimes feel that public whippings are in order for those who surf the Internet without up-to-date antivirus software, I must err on the side of humanity.