Silvio Manuel Posted September 19, 2002 Posted September 19, 2002 Hi, I used to be in this section, but dropped out early on. This week I just started getting bulk/spam mail from members of that group, even though I had previously deleted their addresses from my mail account. Anyway, the message & subject (same text) will only say something like this: 1) About the real M82A1 here 2) A special good tool 3) Some questions 4) Meeting notice 5) A IE 6.0 patch 6) (30727 bytes) Those are actual e-mails I've received. Any of you III/two boys know about this? I've got one from: rogert jcallan ckeagle fvistini Thanks [ September 20, 2002, 02:24 PM: Message edited by: Silvio Manuel ]
CuznJG14 Posted September 19, 2002 Posted September 19, 2002 Hello! Same here.. Do NOT OPEN ANYTHING.. One of the fellows has the 'Klez Worm'.. This worm has the ability to forge email headers using the infected persons address book/or emails stored on the infected system. I do not STORE anyones address's for this reason. I would suggest you all do not as well. therefore, you cannot know the identity of the infected person just by the 'from' on the email Run the latest Anti-Virus programs, or get a 'Klez-Detect' program.. I believe one is available from Symantec. The first one I recieved was from 'JCallan', and I've recieved others from other members of this group as well. Hope this helps! Frank
Jeb Posted September 19, 2002 Posted September 19, 2002 Howdy all, Yep, I'm in the same boat, I've been getting virus emails from the same group, and Treeburst said he'd gotten one from me as well. I downloaded the latest McAfee virus scan program last night, and scanned my computer, but everything came up clean, so I don't think it's me. Jeb
CuznJG14 Posted September 19, 2002 Posted September 19, 2002 Hello Jeb!, One of the Nasty things the Klez Worm does is it disables VIRUSCAN Check out the McAfee Website for more info on Klez Worms. You'll need to scan your system from a 'Command Prompt' here are the instructions taken from the McAfee site: Once infected, VirusScan may not be able to run as the virus can terminate the process before any scanning/removal is accomplished. The following steps will circumvent this action and allow for proper VirusScan scanning/removal, by using the command-line scanner. Ensure that you are using the minimum DAT specified or higher. Close all running applications Disconnect the system from the network Go to a command prompt, then change to the VirusScan engine directory: Win9x/ME - Click START | RUN, type command and hit ENTER. Type cd \progra~1\common~1\networ~1\viruss~1\40~1.xx and hit ENTER WinNT/2K/XP - Click START | RUN, type cmd and hit ENTER. Type cd \progra~1\common~1\networ~1\viruss~1\4.0.xx and hit ENTER Rename SCAN.EXE to CLEAN.EXE to prevent the virus from terminating the process and deleting files. Type, ren scan.exe clean.exe and hit ENTER First, scan the system directory Win9x/ME - Type clean.exe %windir%\system\win*.exe and hit ENTER WinNT/2K/XP - Type clean.exe %windir%\system32\win*.exe and hit ENTER Once the scan has completed, Type clean.exe /adl /clean and hit ENTER Rename scan.exe. Type, ren clean.exe scan.exe and hit ENTER After scanning and removal is complete, reboot the system Frank
Big X Posted September 20, 2002 Posted September 20, 2002 Well, I'm in the same boat as you all and have received some of these same emails. Unfortunately, I don't have any productive info. I use a Mac: anyone have any suggestions?
Treeburst155 Posted September 20, 2002 Posted September 20, 2002 Don't open any attachments that aren't CM turns! This little bug is quite deadly. I had to reinstall Windows to prevent numerous strange occurrences and crashes. The bad stuff will come from a familiar wargamer with a wargame "flavored" attachment. If you open it, you die. I know. I also knew better, but did it anyway. Treeburst155 out.
WWB Posted September 20, 2002 Posted September 20, 2002 Actually, dont even preview the files if using outlook, outlook express or Eudora using the IE rendering engine. Unless you are fully patched to the IE August 6 Security rollup or better yet SP1. They all play on a little MIME exploit in IE to automatically pop a picture then deliver nasty payload. WWB
CuznJG14 Posted September 20, 2002 Posted September 20, 2002 Anyone who possible thinks they are infected should head to Symantec's website and get the 'Klez-tool' they offer. if it say's you're clean then you're clean.
Jeb Posted September 20, 2002 Posted September 20, 2002 Thanks for the added info about Mcafee and the Klez virus Frank. I did exactly as stated, from a command prompt, and still came out clean. I'm pretty sure at this point that my system is virus-free, but I'll head over to Symantec's site to try their Klez tool as well. Jeb
Silvio Manuel Posted September 20, 2002 Author Posted September 20, 2002 I read those messages, but I don't think the Virus got me b/c I don't use Outlook or Internet Explorer.
Heavy Drop Posted September 20, 2002 Posted September 20, 2002 I too received such emails. The first one I received was from Redeker. I sent him a query as to why he sent me an executable file and he responded with - "... don't download it!" I'm off to get the recommended worm scan now. Thanks for all the info/advice.
CuznJG14 Posted September 20, 2002 Posted September 20, 2002 If you're running McAfee Viruscan check this info out: http://vil.nai.com/vil/content/v_99455.htm Definitely get and run the Symantec Klez-detector removal program **Needs to be run in SAFE mode** Obviously read the direction http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.removal.tool.html Another cool way to check is online thru 'housecall' Don't bother registering, enter your country and check 'C' drive http://housecall.antivirus.com/pc_housecall/ We'll sqash this bug
Big X Posted September 20, 2002 Posted September 20, 2002 Actually, I may be okay. I use Netscape on a Mac. The emails I received didn't have an executable attachment, and I don't open those as a matter of policy. I also haven't received any for a few days. Now, has anyone else been plagued by this other virus? Somehow, when I open my CM turn files, it causes all my well-laid plans to go awry with unexpected casualties....
Silvio Manuel Posted September 20, 2002 Author Posted September 20, 2002 Originally posted by Heavy Drop: I too received such emails. The first one I received was from Redeker. I sent him a query as to why he sent me an executable file and he responded with - "... don't download it!" I'm off to get the recommended worm scan now. Thanks for all the info/advice.Hmmmm, if there was an .exe attachment, I missed it, so I'm prolly OK. I did open and read the messages themselves, though.
CuznJG14 Posted September 21, 2002 Posted September 21, 2002 From the lack of 'Worms' being sent it appears that the infected machine has squashed the bug Have'nt recieved one in a few days
Recommended Posts