Home Page | Owners Registry | Discussion Forums | ProwlerMall | Event Scrapbooks | About |
Click here to return to the Prowler Online Board Main Page Topic Closed |
ProwlerOnline, Plymouth/Chrysler Prowler Discussion Forum
General Prowler Discussion some of you are seriously infected with this virus...
|
Bottom of Page | next newest topic | next oldest topic |
Author | Topic: some of you are seriously infected with this virus... |
CatDude POA Site Supporter Prowler Avatar Master From:Charlottesville, Va |
posted 06-23-2002 10:34 AM
Somebody out there is seriously infected with the W32.Klez.H@mm virus... I get about 2 copies of this virus emailed to me every day. 99% of my email is with POA folks, so the likelihood that I am getting these emails from a POA member's PC is highly likely... If you are not up-to-date with your virus protection, I strongly recommend that you visit norton . It only costs about $40 for the software and a subscription to keep your PC clean. Info from Norton: W32.Klez.H@mm is a modified variant of the worm W32.Klez.E@mm. This variant is capable of spreading by email and network shares. It is also capable of infecting files. Also Known As: W32/Klez.h@MM, WORM_KLEZ.H, W32/Klez-G, I-Worm.Klez.h, Klez.H, W32/Klez.H, Win32.Klez.H, WORM_KLEZ.I Threat: Severe ------------------ |
CatDude POA Site Supporter Prowler Avatar Master From:Charlottesville, Va |
posted 06-23-2002 10:39 AM
One more thing... this virus is particularly clever and vicious. You can read the details about this virus here: http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.h@mm.html ------------------ |
Marty Usher POA Site Supporter Prowler Junkie From:San Antonio, Texas, United States |
posted 06-23-2002 11:27 AM
Damon - I get tow to five emails a day with attachments from POA folks. I don't know why, but Norton's picks up some as infected, others it does not. I just delete message with an attachment unless I know someone is sending me an email or I will open jpegs. BTW - I guess the mail must be running slow - still looking forward to receiving Louisville CD. Regards Marty ------------------ Driving my Dream |
bbrighton Prowler Enthusiast From:Reno, NV, USA |
posted 06-23-2002 11:50 AM
Damon, Tracking down the actual origin of KLEZmail isn't trivial -- you have to be able to read the full headers and chase the stream all the way back. You can't rely on the plain-text headers, since those are forged by the offending software. I'm not an expert at it, but I can give it a shot if you like. If you can forward _full_ headers of one of the infected email messages to the email address listed in my profile, I'll take a look. And don't worry about infecting me -- I run a Mac. ------------------ |
GRROWL POA Site Supporter Prowler Junkie From:Herndon, VA |
posted 06-23-2002 01:05 PM
Tell me if this was your experience (this was mine): Virus alert. Apparently, WRONG. .klez is somehow masking itself from the virus scan and then popping up again - internal to the PC, but appearing to come from an Email. This happened both under McAfee, and again after changing to Norton. I got rid of it as follows: It worked for me. No viruses in 32 days (and that was after a week of multiple-hits/day). Fortunately, I don't think I lost anything even though a lot of files had to be deleted (they couldn't be cleaned, but none of them were important). Good luck. |
CatDude POA Site Supporter Prowler Avatar Master From:Charlottesville, Va |
posted 06-23-2002 01:48 PM
quote: Not exactly - I got rid of it ok, but someone out there has it bad. The virus may have damaged my Outlook installation. I am unable to view email message headers. If I can find an email header, Brad, I'll send it to you. This virus is particularly crafty. It invokes many anti-anti-virus measures. |
gresults POA Site Supporter Prowler Junkie From:Houston,Texas USA |
posted 06-23-2002 02:05 PM
Guess I'm lucky all I ever get is emails from my IP telling me that someone was attempting to send me a virus, And like someone else said don't open emails from strangers however tempting it might be. I have only had one true virus on my computer in 12 years, and it came from a software company, that was sending out infected files. ------------------ |
CatDude POA Site Supporter Prowler Avatar Master From:Charlottesville, Va |
posted 06-23-2002 02:56 PM
I don't open email attachments either... I don't know how my PC got infected. I am careful as well. I can only remember having an infected PC twice since the existence of the internet. |
GRROWL POA Site Supporter Prowler Junkie From:Herndon, VA |
posted 06-23-2002 03:47 PM
You make a good point with: "This virus is particularly crafty. It invokes many anti-anti-virus measures." But I think you miss my point when you say, "Not exactly - I GOT RID OF IT OK". My experience, and I believe what you are experiencing now, is that you did not get rid of it - it is exhibiting one of its "anti-anti-virus measures" that you referred to by hiding and then making you think there's a new infection. Just think about it: if your Norton anti-virus was working, why would you get reinfected? My guess is that it's merely hiding and coming back FROM THE INSIDE. I strongly suggest that you check all of your Norton settings so that EVERYTHING is being scanned, on an hourly basis, (and that shares are turned off, as in the URL you cite) until it is gone and not just hiding. Keep us informed. I really don't think that POA members are doing this to you on such a repetitive basis. |
bbrighton Prowler Enthusiast From:Reno, NV, USA |
posted 06-23-2002 04:24 PM
VCD sez:
quote: I re-read this thread, and I have a question -- if you were infected, your machine would be sending the email, not receiving it. What makes you think your machine is infected? The descriptions here seem to imply that it's someone else (probably not whoever you might think it is) who has the infection. AFA getting the headers, you might try 'redirecting' one of those questionable messages. Plain forward strips the headers, IIRC, but this might not. |
CatDude POA Site Supporter Prowler Avatar Master From:Charlottesville, Va |
posted 06-23-2002 05:01 PM
Let me clear this up... About 2 weeks ago, my PC was infected. I downloaded and ran the software to fix it at that time. As a precaution, today, I downloaded the fix again and ran it and it indicated that my PC is still clean, so, apparently, my PC has been clean for the last two weeks. There could be a copy in the Windows restore files, but I have executed the restore facility and the virus has not reappeared. For the past couple of weeks, I have been receiving lot's of email with the virus... It is apparently coming from the outside. For the next week, I am going to only access my email from the web (instead of pop). This will clarify whether these klez emails are originating from my machine or from somewhere else. My machine is definitely clean (and has been for the last two weeks), unless the newest norton instructions do not work. I'll post again within the day or so to let you know what I have confirmed. |
purplecat POA Site Supporter Prowler Junkie From:Texas Hill Country |
posted 06-23-2002 09:14 PM
After I found my PC to be infected with this virus, I ran the Norton fix, and later when I scanned for the virus, it was still in the machine. Ran the fix again and then the virus scan was no longer available as the virus has the capability to destroy the drivers in the Norton anti-virus program. It took 3 long days of backing up data (what could be backed up, other drivers were also damaged). Eventually I had to write zeros to my hard drive and start all over. This is only the second virus that I have ever had on the PC, but it has convinced me to get a second hard drive for data. Check and double check everything. I am getting e-mails everyday which Norton is catching with the virus. I hope others don't have to do what I did because of the virus. |
CatDude POA Site Supporter Prowler Avatar Master From:Charlottesville, Va |
posted 06-25-2002 07:39 AM
The latest info... I have further researched and have found that my machine is still clean of the klez virus. I consulted a tech at symantec and he agreed that my machine is clean. I have been a programmer and technicnal user of PC's for over 20 years. If there is anything strange happening, I notice it pretty quickly. I believe my machine was infected less than a day before I noticed it and took corrective action. (That's probably what saved my machine from a more catastrophic failure.) I have run several scans, including a scan in SAFE MODE, since I ran the first fix - and no virus has been detected. I haven't received any viruses via email since this weekend, but I don't know exacly why, because there have been 3 variables: ------------------ |
Gary Archer POA Site Supporter Prowler Junkie From:Mobile,AL |
posted 06-25-2002 07:59 AM
Damon: How do you reboot in safe mode? Have a virus fix, it says to boot in safe mode and then run tool. |
CatDude POA Site Supporter Prowler Avatar Master From:Charlottesville, Va |
posted 06-25-2002 12:00 PM
quote: While your machine is booting up, press the <F8> key. This should forward you to a menu where you can select SAFE MODE. (Tip: Don't hold the key down - the computer may think that you have a keyboard error - a stuck key. Instead, press the <F8> key several times while the machine is booting up.) If this doesn't work, then click on your PC's START key (lower left-hand corner), click help and perform a search on SAFE MODE. ------------------ |
cstall POA Site Supporter Prowler Junkie From:Chandler, AZ USA |
posted 06-26-2002 11:23 AM
Here's an EASY way to fix this: Just point your browser to http://www.housecall.antivirus.com and follow the instructions. It will scan your PC for viruses. This site is run by TrendMicro, the company that makes PCcillin antivirus software. |
CatDude POA Site Supporter Prowler Avatar Master From:Charlottesville, Va |
posted 06-27-2002 04:08 PM
As an update... since a couple of days after I posted this thread, I have not received any more copies of the klez virus through my email. I have scanned my machine several times before I posted this thread and after and no copies of the virus were found. (A couple weeks before I posted this thread my machine had been infected.) Apparently, someone has purged their machine of the virus (or either they are on vacation now and their PC is off). Hopefully, I helped someone out by posting this thread... I know some of this confusing... here is the chronology for those who are following the details: June 8: I noticed my machine was infected. I immediately downloaded latest virus tools and fixed my machine. June 8 to June 24: I received approx 2 copies of the virus via email every day. June 23: I posted this thread. June 24 to present: I executed additional scans including SAFE MODE scans from a DOS command line and found no new copies of the virus on my machine. June 25 to present: I have not received any more copies of the virus via email. It appears that the infected machine that was sending copies to me has been cleaned.
------------------ |
Mike Krehel POA Site Supporter The World's Quickest Prowler (11.65 sec) and Administrating Kat Personal ScrapBook From:United States |
posted 06-27-2002 10:39 PM
Thanks for your help Damon. The number of infected emails that I've received has also diminished greatly. If we all keep up the effort and not let our guard down, we should have the Klez virus under control within the Prowler community. |
All times are CT (US) Top of Page Previous Page | Return to General Prowler Discussion next newest topic | next oldest topic |
All material contained herein, Copyright 2000 - 2012 ProwlerOnline.com
E-Innovations, LP