one of us has a system infected with a KLEZ email worm

i am recieving multiple emails from users both known and unknown to me,

this virus can falsify the senders address, and purport to be from any user in the infected systems address book,

suggest all check their systems immediately
THOROUGHLY!!

This worm CAN hide in a format NOT recognised by standard auto detect mode,
it MUST be scanned for aggressively!!!

I HAVE RECIEVED 3 COPIES IN DIFFERENT FORMATS FROM DIFFERENT USERS WITHIN THE LAST 24 HOURS!

one as an EXE (setup.exe),
CLAIMED TO BE A KLEZ REMOVAL TOOL FROM MCAFEE!

one as a batch file (gardenia.bat),
one as a screensaver file (req_main.scr),

I have contacted Mcafee and they are evaluating the threat.

and before some clown mentions my BSOD and FAT table problems, these virus never made it onto my machine,
my scanner grabbed the first one, and i quaranteened all subsequent files BEFORE i open them...

Ive been getting those viruses sent to me for 2 weeks now. My own virus checker picks them up atleast once every 5 days.

I get a lot of viruses sent to my email box so im extra carefull but nobody can say for sure they are 100% protected, safe and virus. Those that do probably have 5 or 6 viruses on their system by now.

Nothing is that safe.

So i'll check my system again to be sure and suggestion everybody else does the same.

Giskard

gis what are u checking with seen as it
can detect said macro.

LK

I got the same a few months back, but I've long since removed the worm and continuosly checked my system.

------------------
Power to the Sultan!
-Clan Seljuk

I don't know Akech, can't trust Mithrandir with the newbies, he may try and create a Miny Mith.-NagatsukaShumi

Plain old McAfee mate. Set to update automatically so it maintains the latest database.

Mcafee catches this paticular virus as windows is processing its temp in file. So it never touches your email box. I tested this on several occassions and virus checked my email box afterwards and it definately removed the virus.

Also Mcafee seems to have reduced the inbound viruses i get per month from 26 to 2. Not sure why but id guess some virus companies are making work for them selves and keeping them customers keen.

I run a popular site so i tend to attract viruses. You have to remember that anybody who knows you and has your email addy who then catches a typical worm virus will be sending out emails to all their friends anonomously. They probably wont even know its happening.

This is why Barocca mentioned it, he clearly knows how these things work which is his best defense against them because no single virus checker can catch ever virus out there.

Knowledge is the key to avoiding email viruses. Most work in the same way. Some key steps can be taken to avoid infaction without using a virus checker. For instance, never open emails from strangers. Avoid using outlook your email client as it becomes a primary target for virus makers.

A virus should not panic a user or make him feel ashamed if he gets one. Only a fool would think they are totally immuned and any responsable should have a virus checker installed anyway.

Even then you could still get a virus. Theres no certainties here as anybody who knows how they work will tell you.

All you can do is watch out and dont fall for any stupid subject lines like "Click here to see Bill Clinton naked".

The worst thing you can do when you catch a virus is panic, the next worst thing you can do is fail to tell your friends. If your friends are infacted too the chances are you will be reinfected a week later.

If a mate laughs when you mention it and denies any chance of him having a virus, put him on your high risk list.

Giskard

and the files keep coming,
recieved another bundle when i logged on this morning,

remember you must do an agressive check,
and you must enable check ALL files, not just program files
:-)

Those are standard settings here because i get sent a lot of archived files.

My system check out, scanned all drives. So as far as my virus checker is concerned im clean. However thats the opinion of one Virus check only.

Nothing odd happening here right now with my system though and a virus infection tends to mean odd things do start to happen. Of course ODD is definated by activities that are not normal for my computer. Anybody who has been for while may see their current problems as normal.

Note: Just noticed a default/all file setting that goes beyond the zip/program/data file option here. Checking again.

Giskard

[This message has been edited by giskard (edited 10-07-2002).]

Got 3 today my self. Still now where near my record for 1 month which was 26 viruses in the mail.

They dropped off dramatically for me when i told my mates that i was adding anybody who finds the virus problem funny to my ignore list.

I took the lack of viruses after that to mean those that found it funny where the ones who where infected. One guys been on my ignore list for 2 years now. He recently emailed me and the first email in 2 years from him was a virus. I quickly told my other friends who also new him and they too got a message from him. all where infected and all where screensavers. He likes his animations exe's too.

He is a real sucker for the cool exe, lets pass it around all my friends trick. Theres a email that goes around telling users some windows file is a virus and should be deleted on sight. Its not a virus, the message it self if a fake but deleting the file causing windows to stop booting. He even phoned everybody he new and told them delete that file. I check up on it and found out about it but as most of his mates where using XP they didnt have the file anyway and could not delete it for that reason.

Had they done so and then found out it was some crewl joke the guy would have been hung drawn and quartered by his own friends.

Not bad going considering a simple lookup on any virus site would have told him what that fake virus was all about.

Giskard


[This message has been edited by giskard (edited 10-07-2002).]

[This message has been edited by giskard (edited 10-10-2002).]