Virus update

[brian]

i have gotten a few more inquires concerning a virus that has been going around. if you get a somewhat cryptic email from someone on this board that has an attachment with little explaination DO NOT OPEN IT. i have gotten a few virus-created emails from some of you that were generated by the klez virus. you can check if you have the klez virus and clean it off of your computer with the following tool:

http://securityresponse1.symantec.com/sarc/sarc.nsf/html/w32.klez.gen@mm.html

(note: the bb dosen't read this link correctly, so if you just click on it, it you will get an error, page not found. you have to include the '@mm.html' at the end of the address. make sure you have the entire address to get to the correct page)

you can read there about how a virus can transmit itself by finding all the email addresses saved on your computer and sending them emails that look like they are coming from you - all without your knowledge! i can't emphasize enough the need for frequently updated virus protection. there is a lot of good software out there that does this, including norton antivirus 2003, which you can purchase at the above website.

[4Him]

...
i have gotten a few virus-created emails from some of you that were generated by the klez virus....

Brian,
I've probably received nearly a hundred emails containing this virus over the past couple of weeks.  Fortunately, all of them have been intercepted by my Norton 2003 and eMailinspector so none have made it into my computers.  

[Margaret]

Quote Wrom: XOEAIJJPHSCRTNHGSWZIDREXCAXZOWCONEUQZAAFXISHJEX
...
i have gotten a few virus-created emails from some of you that were generated by the klez virus....

"Brian,
I've probably received nearly a hundred emails containing this virus over the past couple of weeks.  Fortunately, all of them have been intercepted by my Norton 2003 and eMailinspector so none have made it into my computers."
   

So have we.  Plus many notifications that infected emails have been sent in our name.  Would it help to change our email address, or is it too late to do any good?

[brian]

So have we.  Plus many notifications that infected emails have been sent in our name.  Would it help to change our email address, or is it too late to do any good?

unfortunately, changing your email address won't help. the virus is a small, secret program that has installed itself on your computer. you need to uninstall it, and make sure it dosen't reinstall itself. following the link i put below is a good starting point. they have a tool that may remove it for you, and further instructions concerning what to do if their tool isn't sufficient to get the job done. it'll keep doing its dirty work until you take these steps, and that goes for everyone who has it - it won't just go away. you gotta dig it out of your system, and quickly! if you are not sure if you have it - go check! you would not get the virus from using this bb, but i am guessing that many of you have put each other's email addresses in your outlook address books and that is where the virus is finding them. it would only take a few of you who have the virus and don't realize it to send a lot of virus-carrying email to the rest of us. don't let it slide!

[Margaret]

Brian,
We have installed Norton Antivirus, and and had it do a complete system scan.  The link you have to Symantec gives us a page error.  What next?  (Sorry to be so dumb about this stuff.)  Is there a possibililty that someone has already harvested our email address and now they are using it?

[brian]

http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.removal.tool.html

this is a direct link to the tool. the problem with the link below is that the software that runs the bb is getting confused by the '@mm.html' at the end of the link, and is not including it. so if you just click it, you will get a page not found error. you have to manually type the '@mm.html' at the end of address in your browser's address bar, the it should find the page. the above link dosen't have any @ symbols in it, so it should work fine, and it has a link to the main klez info page, which is worth reading.

from the main info page:

Email spoofing
Some variants of this worm use a technique known as "spoofing" by which the worm randomly selects an address it finds on an infected computer. The worm uses this address as the "From" address when it performs its mass-mailing routine. Numerous cases have been reported in which users of uninfected computers received complaints that they sent an infected message to another individual.

For example, Linda Anderson is using a computer infected with W32.Klez.E@mm. Linda is neither using an antivirus program nor has the current virus definitions. When W32.Klez.gen@mm performs its email routine, it finds the email address of Harold Logan. The worm inserts Harold's email address into the "From" portion of an infected message, which it then sends to Janet Bishop. Then, Janet contacts Harold and complains that he sent her an infected message; however, when Harold scans his computer, Norton AntiVirus does not find anything, because his computer is not infected.

If you are using a current version of Norton AntiVirus and you have the most recent virus definitions, and a full system scan with Norton AntiVirus, which is set to scan all the files, does not find anything, your computer is not infected with this worm.