Thread Tools
Old 28-04-2002, 12:51 PM   #1   [permalink]
eva2000
Administrator
 
eva2000's Avatar
 
Join Date: 23 Jun 2000
Location: Brisbane, Australia
Posts: 12,408
Exclamation [Virus Alert] W32.Klez worm virus!

W32.Klez.gen@mm is a mass-mailing worm that searches the Windows address book for email addresses and sends messages to all recipients that it finds. The worm uses its own SMTP engine to send the messages.

The subject and attachment name of incoming emails is randomly chosen. The attachment will have one of the following extensions: .bat, .exe, .pif or .scr.

The worm exploits a vulnerability in Microsoft Outlook and Outlook Express in an attempt to execute itself when you open or even preview the message. Information and a patch for the vulnerability can be found at
http://www.microsoft.com/technet/sec.../MS01-020.asp.
W32.Klez.gen@mm attempts to copy itself to all network shared drives that it finds.

W32.Klez.gen@mm is a generic detection that detects variants of W32.Klez. Computers that are infected with W32.Klez.gen@mm are most likely infected with either W32.Klez.E@mm or W32.Klez.H@mm.

Removal tool
Symantec has provided a tool to remove infections of W32.Klez.E@mm, W32.Klez.H@mm, W32.ElKern.3587, and W32.ElKern.4926. If your computer is detected as infected with W32.Klez.gen@mm, download and run the tool. In most case, the tool will be able to remove the infection. Click here to obtain the tool.

Remember to update your anti-virus programs and remember to patch your windows/internet explorer apps with latest security updates
__________________
be afraid... Admin cap is back... !
eva2000 is offline  
Old 01-05-2002, 02:28 PM   #2   [permalink]
Steathassasn
Forum Addicted
 
Steathassasn's Avatar
 
Join Date: 14 Mar 2002
Location: RIP Camaro ..Long Live WRX
Posts: 1,300
Send a message via AIM to Steathassasn
eva....your the big brother that warns me about on coming traffic...i thank you and ill be sure to update and install post haste !
__________________
Always send a boy to do a man's job. He'll get it done in half the time and twice the angst.
Steathassasn is offline  
Old 08-05-2002, 10:03 PM   #3   [permalink]
tfcreate
Forum Elite
 
tfcreate's Avatar
 
Join Date: 21 Dec 2001
Location: K2 in meditation, then Chicago
Posts: 1,633
Send a message via AIM to tfcreate
Re: [Virus Alert] W32.Klez worm virus!

Quote:
Originally posted by eva2000
W32.Klez.gen@mm is a mass-mailing worm that searches the Windows address book for email addresses and sends messages to all recipients that it finds. The worm uses its own SMTP engine to send the messages.

The subject and attachment name of incoming emails is randomly chosen. The attachment will have one of the following extensions: .bat, .exe, .pif or .scr.

The worm exploits a vulnerability in Microsoft Outlook and Outlook Express in an attempt to execute itself when you open or even preview the message. Information and a patch for the vulnerability can be found at
http://www.microsoft.com/technet/sec.../MS01-020.asp.
W32.Klez.gen@mm attempts to copy itself to all network shared drives that it finds.

W32.Klez.gen@mm is a generic detection that detects variants of W32.Klez. Computers that are infected with W32.Klez.gen@mm are most likely infected with either W32.Klez.E@mm or W32.Klez.H@mm.

Removal tool
Symantec has provided a tool to remove infections of W32.Klez.E@mm, W32.Klez.H@mm, W32.ElKern.3587, and W32.ElKern.4926. If your computer is detected as infected with W32.Klez.gen@mm, download and run the tool. In most case, the tool will be able to remove the infection. Click here to obtain the tool.

Remember to update your anti-virus programs and remember to patch your windows/internet explorer apps with latest security updates


Apparently there is a variant of the Melissa_A virus that is being used in conjunction with the Klez virus. So even if you run the virus removal programme, you should also scan your system again to verify protection from a secondary infection.
TFC
__________________
~A sparrow takes to wing, a spider spins it's web.... a butterfly emerges from it's coccoon, ... everything happens for a reason.
tfcreate is offline  
Old 01-06-2002, 05:26 PM   #4   [permalink]
Black Vixen
Forum Addicted
 
Black Vixen's Avatar
 
Join Date: 2 Oct 2001
Location: Wandering Aimlessly
Posts: 1,339
Send a message via ICQ to Black Vixen Send a message via AIM to Black Vixen Send a message via Yahoo to Black Vixen
I keep finding Acebo on my PC, usually hiding in the Win Sys files.
Pain in the @$$ cause I think it's taken out at least 4 of them now.
__________________
. . . . . . . . . . . . . . . . .Many things go unnoticed, until a moment of observation. . . . . . . . . . . . . . . .

http://www.angelfire.com/ok2/myjunkdrawer/sig.gif
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
aka
Black Vixen . . . . . . . .

. . . . . . . . . . . . . . . . . . .
We walk between the shadow and the light.. . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . .
Who or what we are, is a question far easier asked than answered.. . . . . . . . . . . . .
Black Vixen is offline  
Old 04-06-2002, 09:45 AM   #5   [permalink]
Kairi
Junior Member
 
Kairi's Avatar
 
Join Date: 2 Jun 2002
Location: Night Islands
Posts: 17
Does the symptons of the worm including not getting any response from Microsoft Outlook?
Kairi is offline  
 

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


New To Site? Need Help?

All times are GMT -4. The time now is 04:58 AM.


Powered by vBulletin® Version 3.8.10
Copyright ©2000 - 2017, vBulletin Solutions, Inc.