PDA

View Full Version : KLEZ Email Virus info - Please read



harbormaster
09-02-2002, 07:22 PM
There are alot of you Donzi guys out there who are fairly new to the internet and computers. If you are going to play on the net, you REALLY need to have a current antivirus program running on your 'puter.
It is also imperative that you update your antivirus program's "virus definitions" every week. The definitions are what help an antivirus program to recognize new viruses.

There is an especially little nasty, widely circulating out there called the KLEZ virus. This virus is causing confusion with alot of people.

The Klez virus will send itself out using other people's names. This means two things:

1. You may receive infected messages that don't come from the indicated sender. The messages may appear to be from anyone including official sources and trusted associates. Their computers are not the ones that are infected and they did not send the email.

2. You may be notified that you sent a virus when it was actually sent by someone else.

Since Klez was released the number of virus laden messages through most email servers has doubled. In one 24 hour period, My personal mail server blocked over 4000 malicious mail messages containing this virus. This is almost 20 times the normal rate.

Please read the section below on infection prevention.

Two of the 120 possible subject lines are "returned mail" and "undeliverable mail" sometimes leading the recipient to believe the attachment is returned email when it is actually the virus. The virus also tries to make the recipient believe it is a patch or virus removal tool. No reputable organization will send such a program via unsolicited email.

The Klez virus infects computers in three major ways:

1. If you click an attachment in a message sent by the virus and your anti-virus software is not up to date.
- Treat email attachments and other unknown
software with care
- Keep your anti-virus software up to date

2.If you read an infected email message using Outlook or Outlook Express and you are running an out of date copy of Internet Explorer. You do not have to click anything to get infected if Internet Explorer is out of date.
- Keep your operating software up to date.
- In particular, make sure Internet Explorer
is up to date.

3. If you share writable Windows folders, Klez will find them and drop infected files into your computer. If you click on an infected file in a Windows share, someone else's or your own, and you're running out of date anti-virus software, you'll get infected.
- Nullify unneeded risk by neither providing
nor using shares that are writable by
anonymous persons (or viruses).

- Treat email attachments and other unknown
software with care

- Keep your anti-virus software up to date

If You Receive an Email Message with the Virus

It is unlikely that the actual sender is the one that is displayed in the FROM: field. The email addresses in both the To: and From: fields are selected at random from a number of sources. The safest course of action is to delete the message.

If Your Computer is Infected

Variants of the virus may delete all files on the hard drive on certain dates.

Other variants choose files from the hard drive to send along as an additional attachments. This may lead to exposure of confidential data or documents.

Use Microsoft's Windows Update Service to update your computer. Failing to do so may result in a quick re-infection.

Download and run the Symantec tool that removes the various variants of Klez. It can be found here: http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.removal.tool.html

Install auto-updating anti-virus software. Failing to do so may result in a quick re-infection.

fasttrucker
09-02-2002, 07:37 PM
why does a person make these virus up? is it fun to screw up another persons life? i just dont get it? :confused:

HyperDonzi
09-02-2002, 07:37 PM
email rule number 1: do not open attachments unless you know exactly what it is and were told so by the sender.

harbormaster
09-02-2002, 07:39 PM
They could concievably come from enemies of the USA

Cuda
09-02-2002, 09:51 PM
I've got the klez and have downloaded the program, bought new software, and can't get rid of it. I think another thing it does is call for other viruses to come get you too. I've been getting lots of emails with attachments that I don't open. You can tell some of them aren't right because the wording of them sounds like someone who doesn't speak English.

harbormaster
09-02-2002, 09:58 PM
I have heard rumors that the only foolproof way is to format your hard drive and reinstall windows.

harbormaster
09-02-2002, 09:59 PM
Cuda, it is not you. Someone you know with your email address in their address book is now infected.

MOP
09-02-2002, 10:12 PM
Post edited! I just looked I see now they finally made a program to remove it, I was doing the manual thing. Even if its from a friend do not click on attachments, tell them to learn to cut and paste!

Dino
09-02-2002, 11:00 PM
Thanks Scott
I am So tech challenged I seem to be behind with all this.
I have a computer person coming in this week to help install what I need and clean up what might be infecting my computer.
Your comments are appreciated.
Dennis

OceanCommotion
09-03-2002, 08:45 AM
I hate to be the bearer of unfortunate news, but these days, simply not opening and deleting an email attachment from someone you don't know isn't going to cut the mustard. If you've gotten the email, it's too late. A lot of these virii are self-executable (which means that as soon as you get it, you're screwed).

The biggest thing here is to do EXACTLY what Harbormaster suggested: Get yourself a good anti-virus program, and make sure your definitions are always up to date.

Forrest
09-03-2002, 09:39 AM
I have a friend of mine's PC the I'm working on right now that got hit. Even after running removal prgrams, there are still major problems. At this point, it looks like the only thing left to do is to format and reinstall Windows from scratch. Heed Scot's advice - DON'T LET IT HAPPEN TO YOU!

Though slightly more pricy than the big two names in the business, I use eSafe Desktop (http://www.esafedesktop.com/) by Aladdin (http://ealaddin.com/). They have a 30-day trial full-version with latest updates that you can download for free (http://www.esafedesktop.com/Downloads.htm).

Ranman
09-03-2002, 12:28 PM
My best friend who is the network administrator for my company offers the following solution to anyone who is infected with KLEZ.

1) Download the "FIXKLEZ" utility from Symantec. You do not have to have their software to do this.
Get the Utility here (http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.removal.tool.html)

2) Boot your computer into "Safe Mode". Press F8 wile booting to get to the menu that give the Safe Mode option.

3) Run the utility you downloaded (while in Safe mode). You MUST be in Safe Mode when you do this.

4) Reboot your computer.

5) Reinstall your antivirus software as KELZ has most likely screwed it up at this point

Rootsy
09-03-2002, 12:39 PM
I WONDERED why i was getting a crapload of returned emails from email addresses i didn;t even know last week with a virus warning in it and the virus *.dat attached.. mcafee caught it.. i also got a few other *.bat virus' in my mailbox but the antivirus got it... now this explains it... with outlook express, as soon as the email was highlighted it'd launch the *.bat's... little bastads...

McGary911
09-03-2002, 01:28 PM
One of the ways to avoid getting a virus like this is to turn off the Preview Pane under view (on MS Outlook). That's why some newer viruses can get you even if you dont "open" them. The preview pane counts as an "open" in the computer's mind. It can also be useful to use a non-microsoft mail client, as many viruses are written to exploit their products. And like everyone said, keep your virus program current.

HyperDonzi
09-03-2002, 02:32 PM
there was one i had back in december, had to reformat, and re install windows... but wait, it got into my boot log and screwed all that up first. i lost everything, around 9 gig of mp3's, a few new vidoe cd's in 25fps quality(good) and lots of boat pdf files.