The place where everyone hangs out, chats, gossips, and argues
User avatar
By Chris
#12720
Someone is infected with a virus, and keeps sending me infected mail. The source is from ntlworld.com - if this sounds like you CHECK YOUR SYSTEM.

28 viruses in the last 6 days are starting to annoy me.

--

X-Persona: <mail.chrismoyles.net>
Received: from chrismoyles.net ([127.0.0.1]) by webtapestry.net ; Wed, 05 Jun 2002 19:20:52 +0100 UTC
Received: from mta02-svc.ntlworld.com ([62.253.162.42]) by chrismoyles.net ; Wed, 05 Jun 2002 19:20:51 +0100 UTC
Received: from Hblwmgab ([213.104.164.55]) by mta02-svc.ntlworld.com
(InterMail vM.4.01.03.27 201-229-121-127-20010626) with SMTP
id <20020605182026.OAUS4626.mta02-svc.ntlworld.com@Hblwmgab>
for <moylesworld@chrismoyles.net>; Wed, 5 Jun 2002 19:20:26 +0100
From: rwilkie <rwilkie@ideas-images.com>
To: mailto:moylesworld@chrismoyles.net
Subject: Ezboard, Inc.
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary=J3oWw77i9A338e6G0984O7L2K24kr23
Message-Id: <20020605182026.OAUS4626.mta02-svc.ntlworld.com@Hblwmgab>
Date: Wed, 5 Jun 2002 19:20:51 +0100
X-Rcpt-To: <moylesworld@chrismoyles.net>
Return-Path: <warren3@ntlworld.com>
X-UIDL: 1023301288.65345
Status: U
Last edited by Chris on Wed Jun 05, 2002 7:23 pm, edited 1 time in total.
By the_dr
#12741
theres a virus going round, dont know what its called. i get about 3 copies of it each day. its a random subject and message, but it usually has a 100k attachment or something. i dont use outlook so im not affected.
User avatar
By Uglybob
#12742
i got something today that the name was "a funny game" and it was 145k and i opened it but before i realized i deleted it so i missed it.

then i remember reading about the thing only last week.
User avatar
By jc
#12748
It's Klez, the most infectious virus yet. symantec.com have a removal tool available, so you might wanna e-mail this warren peep and tell him to remove you from his address book. Either that or tell him to use the removal tool. - jc
User avatar
By AndyB
#12773
Yeah Ive recieved it twice now, it must be someone useing moylesworld as it is my e-mail account that I only use for this site.
User avatar
By Adam
#12778
i think it would be best to protect yourselfs, by removing your addresses from the board for the meantime.

we are currently under attack by the looks of things

ad
User avatar
By Uglybob
#12792
tammimara_r Thu 06/06
119k
A good tool

didnt open that either, too big a file
User avatar
By Uglybob
#12816
BEWARE

i got sent an email from "eddienock" that was 130kb. i thought it was dubious and pm'ed Eddie on this and he said he didnt send anything today so people BEWARE. Do not open any emails that are over 100kb.
User avatar
By Lawrie
#12823
bob ive recived an email from you with the topic of `use of ADSL` ive destroyed it just in case
User avatar
By Uglybob
#12824
yep i didnt send anything to you so destroy it. i dont send emails to anyone on this board so if you recieve one with my name delete it. also a precautionary measure is that i have turned off public view to my email. i suggest the rest of you do this.

more info


http://www.datafellows.com/v-descs/klez_h.shtml
Last edited by Uglybob on Thu Jun 06, 2002 6:45 pm, edited 1 time in total.
User avatar
By TJD
#12826
is moylesworld under attack or something. I am gonna check my hotmail account now and see if i am also being targeted
By the_dr
#12827
it scans websites for email addresses - on my site i regularly get emails from what seems to be other people on the site, but its the virus
User avatar
By Uglybob
#12828
ftp://ftp.europe.f-secure.com/anti-viru ... eztool.zip


go here and it will rid you of the virus


Klez worms its way into history
By Andy McCue

Stubborn internet worm Klez has topped the virus charts for the fourth month running and is now responsible for almost 97 per cent of user infections.

Antivirus software vendor Kaspersky Labs reported figures that consign previous troublemakers such as SirCam and BadTrans to the sidelines.

Klez was last week crowned the biggest virus of all time, ahead of SirCam, Melissa and I Love You, according to antivirus hosting company MessageLabs.

It found around 20,000 instances of Klez being recorded each day, affecting one in every 300 emails.

The worm deletes files on local and network drives and overwrites files with random data, making them impossible to restore.

The reasons for Klez's success have been put down to an ability to cover its tracks by using a random name from an infected machine's address book as the sender address, as well as using a large selection of subject lines.
Last edited by Uglybob on Thu Jun 06, 2002 6:47 pm, edited 1 time in total.
User avatar
By TJD
#12829
....nope, i'm all clean so far
User avatar
By Nablo.
#13014
Chris I seem to have one of these e-mails from you! I just received one from you, it just said subject: Must see this flash intro.
Odd :?
User avatar
By Chris
#13027
The reasons for Klez's success have been put down to an ability to cover its tracks by using a random name from an infected machine's address book as the sender address, as well as using a large selection of subject lines.


My machine is not infected (in fact, I don't even use Outlook).
User avatar
By Chris
#13028
How do I delete the Klez virus?

1) disconnect the infected PC from the local network (if exists)
2) run ftp://ftp.kaspersky.ru/utils/clrav.com file

If the program says "nothing to clean" - run it from the command line with the paramrter /scanfiles, for example:

C:\clrav.com /scanfiles

3) re-boot your PC in Safe Mode
4) run clrav.com again
5) reinstall the anti-virus package and update the anti-virus database
6) run Kaspersky AV Scanner and check all the hard drives
User avatar
By Lawrie
#13029
checked my hotmail this morning had 4 emails claiming to have windows xp updates...information on gardening and one from some saying "hows my girlfriend" well........erm....all about 140/150 kb erm..virus anyone?
User avatar
By Gordon_the_Cromag
#13045
I got sent it from bob aswell, subject was "Hi Honey"
User avatar
By AndyB
#13046
Today i got one from eddie and one from someone called holi saying:

Klez.E is the most common world-wide spreading worm.It's very dangerous by corrupting your files.
Because of its very smart stealth and anti-anti-virus technic,most common AV software can't detect or clean it.
We developed this free immunity tool to defeat the malicious virus.
You only need to run this tool once,and then Klez will never come into your PC.
NOTE: Because this tool acts as a fake Klez to fool the real worm,some AV monitor maybe cry when you run it.
If so,Ignore the warning,and select 'continue'.


I found this a bit suspicious and didnt run the file although for some reason my checker didnt pick up on it.
User avatar
By Eddie
#13048
That's really weird because I've never emailed you Andy and you're certainly not in my address book...strange!
User avatar
By TJD
#13050
I'm all clean of viruses so far. I've never had one ever ever ever
User avatar
By Uglybob
#13051
========================================
Some details about the infected message
=========================================

To help identify the email:

The message sender was
mailto:warren3@ntlworld.com
mailto:robertkeightley@yahoo.co.uk

The message recipients were
mailto:shepj002@medway.org.uk

The message was titled 'Selected'
The message date was Sat, 8 Jun 2002 09:08:16 +0100
The message identifier was
<20020608080751.CZZG295.mta03-svc.ntlworld.com@Jiwfp>

To help identify the virus:

Scanner 1 (Cybersoft vfind) reported the following:

##==>>>> VIRUS POSSIBLE IN FILE: "./708253_2MAUDIO-X-MIDI_CTvalue.exe"
##==>>>> VIRUS ID: CVDL W32/Klez-G
##==>>>> Number of files read: 4
##==>>>> Number of possible virus infections: 1


The message was diverted into the virus holding pen on
mail server server-17.tower-4.messagelabs.com (id 708253_1023523696)
and will be held for 30 days before being destroyed.

=========================================
Getting more help
=========================================


If you need further help or information then please contact the
ITmanager within your organisation.

Please quote the following Virus Pen ID when contacting Support.
mail server server-17.tower-4.messagelabs.com (id 708253_1023523696)

________________________________________________________________________
This email has been scanned for all viruses by the MessageLabs SkyScan
service. For more information on a proactive anti-virus service working
around the clock, around the globe, visit http://www.messagelabs.com
________________________________________________________________________

and then there was another one that was 140kb with some description about flash tool but i deleted, when will these messages end cos i took off my email here and its still happening.