Another Virus Alert [Archive] - The PC Guide Discussion Forums

Paleo Pete

04-23-2002, 11:36 PM

Since I've received 5 copies of this one in the past 2 or 3 days I thought I'd post a notice here so some of our viewers might be aware to watch for it.

W32Klez.H@mm (http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.h@mm.html) looks like it's spreading pretty fast, 3 of the 5 copies I received were from a spammer in Malaysia, two from AOL addresses.

Make sure you update the DAT files for your virus scanner and double check all attachments before opening.

Outlook Express users cannot depend on the Properties sheet to show a dual extension, this one hasn't shown dual extensions on any of the copies I have received. They will usually be the same extensions used for most viruses, exe, bat, scr, pif and a long list of others. (See the above link.)

The ones I have received all have subject lines listed on the page as well: let's be friends, darling, welcome to my hometown, and another I don't remember. Seems there was also one thast is not on the list, I'll have to check again.

------------------
If your nose runs and your feet smell...
You're built upside down!
Note: Please post your questions on the forums, not in my email.

Computer Information Links (http://www.dreamwater.com/paleopete/computer.htm) has been moved, please update your bookmarks.

Rick

04-27-2002, 08:09 PM

I just finished an afternoon of eradicating a friends system infected with this virus .

I have to say it was not an easy process .
Finding that it had placed itself ahead of the AntiVirus is the service and run area of the register and in the startup folder.

Effectively disabling it.(AVG6)
It also infected the recovery program.(Nortons)

In a matter of a few days it infected a total of 69 files and services

Follow the removable instructions exactly or you will have to repeat the process.
If you see ( WINKxxxx.exe) in your startup?
get ready for some work.
Including removing and reinstalling your antivirus programs.

[This message has been edited by Rick (edited 04-27-2002).]

ErnieK

04-30-2002, 02:50 AM

The following is from the latest ZiffDavis News Letter, concerning the Klez virus.

Virus Attack Comes in Sheep's Clothing

The only thing worse than an e-mail virus attack is one that
comes in the guise of protection against an e-mail virus attack.
A recent message received by PC users around the country (and
possibly around the world) included an attachment that promised
Klez virus protection. The protection was--you guessed it--the
worm itself. Learn how to recognize this frightening new form
of attack in our news story:
http://eletters1.ziffdavis.com/cgi-bin10/flo?y=eP4q0DSh8Y0EvR0mZy0Az

------------------
Ernie