Jump to content
Battlefront is now Slitherine ×

Recommended Posts

Posted

Hi,

I used to be in this section, but dropped out early on. This week I just started getting bulk/spam mail from members of that group, even though I had previously deleted their addresses from my mail account. Anyway, the message & subject (same text) will only say something like this:

1) About the real M82A1 here

2) A special good tool

3) Some questions

4) Meeting notice

5) A IE 6.0 patch

6) (30727 bytes)

Those are actual e-mails I've received. Any of you III/two boys know about this? I've got one from:

rogert

jcallan

ckeagle

fvistini

Thanks

[ September 20, 2002, 02:24 PM: Message edited by: Silvio Manuel ]

Posted

Hello!

Same here..

Do NOT OPEN ANYTHING..

One of the fellows has the 'Klez Worm'..

This worm has the ability to forge email headers using the infected persons address book/or emails stored on the infected system.

I do not STORE anyones address's for this reason.

I would suggest you all do not as well.

therefore, you cannot know the identity of the infected person just by the 'from' on the email :(

Run the latest Anti-Virus programs, or get a 'Klez-Detect' program.. I believe one is available from Symantec.

The first one I recieved was from 'JCallan', and I've recieved others from other members of this group as well.

Hope this helps!

Frank

Posted

Howdy all,

Yep, I'm in the same boat, I've been getting virus emails from the same group, and Treeburst said he'd gotten one from me as well. I downloaded the latest McAfee virus scan program last night, and scanned my computer, but everything came up clean, so I don't think it's me.

Jeb

Posted

Hello Jeb!,

One of the Nasty things the Klez Worm does is it disables VIRUSCAN :(

Check out the McAfee Website for more info on Klez Worms.

You'll need to scan your system from a 'Command Prompt'

here are the instructions taken from the McAfee site:

Once infected, VirusScan may not be able to run as the virus can terminate the process before any scanning/removal is accomplished. The following steps will circumvent this action and allow for proper VirusScan scanning/removal, by using the command-line scanner.

Ensure that you are using the minimum DAT specified or higher.

Close all running applications

Disconnect the system from the network

Go to a command prompt, then change to the VirusScan engine directory:

Win9x/ME - Click START | RUN, type command and hit ENTER.

Type cd \progra~1\common~1\networ~1\viruss~1\40~1.xx and hit ENTER

WinNT/2K/XP - Click START | RUN, type cmd and hit ENTER.

Type cd \progra~1\common~1\networ~1\viruss~1\4.0.xx and hit ENTER

Rename SCAN.EXE to CLEAN.EXE to prevent the virus from terminating the process and deleting files. Type, ren scan.exe clean.exe and hit ENTER

First, scan the system directory

Win9x/ME - Type clean.exe %windir%\system\win*.exe and hit ENTER

WinNT/2K/XP - Type clean.exe %windir%\system32\win*.exe and hit ENTER

Once the scan has completed, Type clean.exe /adl /clean and hit ENTER

Rename scan.exe. Type, ren clean.exe scan.exe and hit ENTER

After scanning and removal is complete, reboot the system

Frank

Posted

Well, I'm in the same boat as you all and have received some of these same emails. Unfortunately, I don't have any productive info. I use a Mac: anyone have any suggestions?

Posted

Don't open any attachments that aren't CM turns! This little bug is quite deadly. I had to reinstall Windows to prevent numerous strange occurrences and crashes.

The bad stuff will come from a familiar wargamer with a wargame "flavored" attachment. If you open it, you die. smile.gif I know. I also knew better, but did it anyway. smile.gif

Treeburst155 out.

Posted

Actually, dont even preview the files if using outlook, outlook express or Eudora using the IE rendering engine. Unless you are fully patched to the IE August 6 Security rollup or better yet SP1.

They all play on a little MIME exploit in IE to automatically pop a picture then deliver nasty payload.

WWB

Posted

Anyone who possible thinks they are infected should head to Symantec's website and get the 'Klez-tool' they offer.

if it say's you're clean then you're clean. smile.gif

Posted

Thanks for the added info about Mcafee and the Klez virus Frank. I did exactly as stated, from a command prompt, and still came out clean. I'm pretty sure at this point that my system is virus-free, but I'll head over to Symantec's site to try their Klez tool as well.

Jeb

Posted

I too received such emails. The first one I received was from Redeker. I sent him a query as to why he sent me an executable file and he responded with - "... don't download it!"

I'm off to get the recommended worm scan now.

Thanks for all the info/advice.

Posted

If you're running McAfee Viruscan check this info out:

http://vil.nai.com/vil/content/v_99455.htm

Definitely get and run the Symantec Klez-detector removal program

**Needs to be run in SAFE mode** Obviously read the direction smile.gif

http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.removal.tool.html

Another cool way to check is online thru 'housecall'

Don't bother registering, enter your country and check 'C' drive smile.gif

http://housecall.antivirus.com/pc_housecall/

We'll sqash this bug smile.gif

Posted

Actually, I may be okay. I use Netscape on a Mac. The emails I received didn't have an executable attachment, and I don't open those as a matter of policy. I also haven't received any for a few days.

Now, has anyone else been plagued by this other virus? Somehow, when I open my CM turn files, it causes all my well-laid plans to go awry with unexpected casualties.... ;)

Posted
Originally posted by Heavy Drop:

I too received such emails. The first one I received was from Redeker. I sent him a query as to why he sent me an executable file and he responded with - "... don't download it!"

I'm off to get the recommended worm scan now.

Thanks for all the info/advice.

Hmmmm, if there was an .exe attachment, I missed it, so I'm prolly OK. I did open and read the messages themselves, though.
×
×
  • Create New...