That everytime that I visit the Registry I get a Email from a csporer and sboltds with virus attachments??? And I'm not even logged in most of the time. I know it's not Tony or Scott doing this but somebody is using their name.

I was given the KLEZ worm several months ago and have been battling it ever since. It apparently attacks an address book and sends "undeliverable" messages, kind of like a bad e-mail chain letter!I have Norton Utilities but it does not recognize it, so I will probably try MacAfee as my next step. I apologize for any inconvenience this may be causing anybody!

Lee, I get this all the time, but my protection software always catches it.

The explanation as to why you are getting this is long, but I will try to make a few quick and short points.

The emails you are receiving from "csporer" and "sbolts" are not really coming from those people. The emails have been spoofed. Think of sending a letter via real mail. You can write whatever you want in the "from" area on an envelope and send it wherever you want. In effect you could send a piece of mail to Scott Bolt from your house and write "Rany Oak" in the return address or in "from" area thus making it appear the letter came from me when actually you sent it from your home.

The reason you are getting these emails is because a computer virus that has infected a PC somewhere is sending itself out via emails. It is most likely NOT coming from sbolts or csporer, but IS most likely coming from a PC that has both those email addresses along with yours in its address book. This means that if my PC were infected and I have you, sbolts and csporer in my email address book, the virus may try to send itself to you while looking like it came from sbolts of csporer.

What can you do about this? Really, there is not much you can do, but I can offer the following advice: Make sure your virus protection is up to date. If you are receiving this on a work computer, it most likely is. If you are using a Microsoft mail program such as Outlook, try right clicking on the email and choose PROPERTIES. From here, try reading through the email headers and see if you can determine where the mail is actually being sent from. Sometimes you can tell and then you may be able notify the person that their PC may be infected and sending out the virus.

This is my best (and short) understanding of this subject, if someone else cares to correct me, please feel free to do so for everyones benefit.

Ranman

Tony,

Go here, do some reading and follow the instruction to the "T". I personally, would run this tool from a floppy disk.

http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.removal.tool.html

<small>[ March 04, 2003, 01:33 PM: Message edited by: Ranman ]</small>

Lee,
I agree with everyting Ranman said and have a few additional thoughts (although I am sure they will not be as suscinct or articulately stated).

KLEZ is a B@!#$! I would be surprised if there are very many people using the internet that have not received it (although some may not know it if their virus software is not current).

I receive it about once a week from someone, but my virus software catches and quarantines it before it does any damage. I receive others from time to time as well. It is part of the internet and email.

I do not beleive that the association between getting the virus and coming to this site is anything more than a mere coincidence. KLEZ is a self replicating worm that is transmitted through email not by visiting sites (unless you somehow download it and I do not believe there is anything on this site you would unknowingly download that would give you the virus).

Although the Spoofing that Ranman described above is the likely culprit, it is also possible that the two individuals who you received it from have the virus and don't know it, or thought they got rid of it and did not.

KLEZ does not require any action on the part of the host computer. Once the computer is infected, the virus sends itself out to people in the address book of the host computer. The virus is smart enough to disguise itself with more than a hundred different subject lines and message text.

Either way, if you are receiveing it you need to contact the people whom you receved it from and let them know they may have a virus. Both you and the senders need to invest in a good AV software. I suggest McAfee or Norton, although I personally use Norton and am very happy with it. You also need to make sure you remove it from your system.

Although this is a little extreme, if you get rid of the virus and are concerned about getting it again, most ISP's have a web browser that will let you view your email on their servers before you receive it. From there you can review your mail and delete ones that are questionable and never worry about downloading it.

As I said before, I receive it about once a week, and most of the time I am getting it from someone I do not even know (spam). Viruses are getting too smart, and too prevalent to not have up to date AV software.

If you are still reading this, sorry for the wordiness, but as I mentioned above, am not as suscinct or articulate as the Ranman, but still wanted to help.

If you want to know more, below are a couple of links that should prove helpful.

Good luck,

Fish

KLEZ info (18 types of KLEZ)
http://vil.mcafee.com/alphar.asp?char=W32/Klez

KLEZ Removal tool
http://www.mcafee.com/anti-virus/virus_removal/klez.asp

<small>[ March 04, 2003, 05:32 PM: Message edited by: Fishboy ]</small>

I have been battling klez for about a year now. It's like a cockroach, you can't extermnate it. I finally gave up and bought a new PC which I just hooked up yesterday. There is a lot on the old PC that I need, so I just keep the old one running too, just not hooked up to the net. If I could get my %^&&8 CD R/W to work, I could just get what I want of the old PC, but that's another story.

well, theres an easier way then going out and buying a new computer to get rid of the virus.(unless your using it as an excuse)

If you can have your computer set up with 2 partitions you can keep all your pictures and other important data on a separate partition (d: )and keep the operating system on another partition( c: )

so when you get a virus you can format your c: partition and save your data on your d: partition.

I uses zonealarm on my computer to help from viruses and hackers and it works pretty good.

There are a bunch of sites with info on killing Klez. Just put Klez in a search engine and you can find plenty of removal tools. Just read carefully and go step by step, even a novice can get through it.

VooDoo - Did a KLEZ find and fix. (Thanks for the links gentlemen) Nothing found on my P/C. I use Norton 2003 Professional and it deletes e-mail with a virus before I can open it. Heck, I can't even send P/C game executables to it. Better safe than sorry.

Good points there Jodi. The only thing I would emphasize relates to this quote:


if you are receiveing it you need to contact the people whom you receved it from Because of the spoofing, it's not as simple as looking at the "sender" information. This meanes if the email says it came from Ranman@donzi.net, it may or MAY NOT actually be from Ranman. You have to double check the email headers to try to determine where the virus was actually sent from. To notify me would do no good unless I was the one listed in the headers..

Scott B seems to be a case in point here. He is running good AV software and it does not appear that his PC is sending Voodoo the virus. It is most likely coming from some PC with Scott, Tony and Voodoo in it's address book. Based on this, it IS probably a Donzi.net member, but which one???

<small>[ March 05, 2003, 12:17 PM: Message edited by: Ranman ]</small>

Sounds like we have a real mystery on our hands Shaggy. Got any scoobie snacks?

Good information guys - I've unsuccessfully explained it to others before. Next time I'll copy and pass on your explainations.

Now who has the nasty critter?

Here's a question about the KLEZE. If your computer is infected, and is sending messages to people in your address book, do those messages show up in your "SENT" or "OUT" box?

Tony - the undeliverable messages you are seeing are likely originating from someone elses computer but being returned to you since it looks like you are the originator.

Thanks for the Symantic link, Randy, but I have been there and done that...about three times! Like Scott, it told me that no Klez was on my computer. As my Norton is not screening very effectively I am in the process of purchasing the McAfee version of anti-virus protection.

What a load of CRAP this is. People who spend their time in deviant technological behaviors such as this should be DRAWN and QUARTERED!

RedDog,
I do not beleive it will show up in your outbox as a sent item when it replicates itself.

Tony,

My good friend is a very savvy network admin. After talking to him about this thread, he is curious about what makes you think you actually have this virus? It is almost certain that the email that Lee received did NOT come from you. If the cleaning software tells you it did not find the KLEZ, why do you think you still have it.

The fact of the matter is if you ACTUALLY have the KLEZ virus, you would most likely be contacted by your ISP (internet Service Provider) because people would notify your ISP of the bogus emails your PC is sending. In essence, if your PC has the KLEZ virus, it would be constantly sending emails (stamped by your ISP) over and over creating an issue the ISP would recognize.

If you have a minute, call me tonight at 313-255-4442 or tomorrow at 248-208-8347. I think I can help you.

Thanks for all the great info guy's. Tony the culprit is still using your old .edu Email address, Not your new Hotmail Email address. I know this is NOT really coming from you and Scott B. As I know you both are stand up guy's. Yes my Software always catches it, But the fact is it still bothers me that eventhough I'm not logged on under my screenname I receive the bogus Email's. Which points me to believe that there is "something" infecting the Registry which captures the ISP's that are viewing and not logged on.???

I received this today and I found this on my machine. 3 files with the teddy bear icon. What do you think? Is it a hoax looking for you to e-mail everyone in your address book to pass the virus? I did not do the e-mail part, but did delete it from my machine.

I have found that a virus was passed on to me recently and infected the
address book. It's not detected by Norton or McAfee anti-virus systems.
since you are in my address book , it is possible that you will be
infected, too. I am told that the virus sits quietly for 14 days before
damaging the system, and that is is sent automatically by messenger and
by the address book whether or not you sent e-mails to your contacts.
Here is how to check for the virus and how to get rid of it.--

1. Go to Start; click Find or Search option.

2. In the file folder, type the name jdbgmgr.exe

3. Be sure ;you search your C: drive and all sub-folders and any other
drives you may have.

4. Click "find now"

5. The virus has a teddybear icon with the name jdbgmgr.exe DON''T
OPEN IT.

6. Go to Edit on the menu bar and choose "select all" to highlight the
file without opening it.

7.. Now go to File on the menu bar and select Delete. It will then go to
the Recycle Bin.

8. IF YOU FIND THE VIRUS, YOU MUST CONTACT ALL THE PEOPLE IN YOUR
ADDRESS BOOK, SO THEY CAN ERADICATE IT IN THEIR OWN ADDRESS BOOKS.

9. To do this:
a) open a new e-mail message.
b) click on the icon at the address book next to the "To"
c) Highlight every name and add to "BCC" (which I assume means blind
carbon copy) this can be done by highlighting the first address, then
scroll to the bottom and press the shift and enter at the same time.
d) Copy this message and enter subject paste to e-mail.

I have copied this as it was sent to me. My procedure for sending was a
little different but apparently works. I did find the virus on my
computer (complete with little teddybear icon) and deleted it as
described above. Sorry for passing it on!

That's not a virus Scott, we all have that file on our computers...
http://www.snopes.com/computer/virus/jdbgmgr.htm

The good news is unless you are a java developer, you probably won't miss it.

Bunches,

Celene 'giving Snopes a workout today'

<small>[ March 07, 2003, 12:22 AM: Message edited by: ToonaFish ]</small>

I see..... Thank-you Toona! So, it's a plot to get everyone to delete a file we don't need? Next time I'll ask the experts here first. :mad:

Darn people sitting at home with to much time to burn. Suggestion: Become a Donzi Club President :D

Boldts,
I could have told you the same thing as Toona... but only becuase I fell for it too a few years ago. Live, learn, and pass on the wisdom.

Fish