Someone tried to send me an email infected with the Klez virus today. The systems at my webhost caught it though. Anyone know about the Klez virus? Has anyone been victim to it?

Interestingly it originated from my business website: syndicate wars, maybe?

Well you can look at the info (http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.a@mm.html) in the Norton Virus encylopedia to find out about it. There are alot of varients i picked the first one so it might be different based on the varient you got.

This worm sets itself off on the 13th of each month.. Which that was friday which is why you got it people who are infected with it causes files to become 0 btyes in size and sends itself to everyone in that person's adress book.

some broke my password for my e-mail & was sending pron spam with it. hell they sent one from my e-mail to my e-mail. they also change my nickname. so if you got hotmail i would keep a eye on it. :cross

hehe, sounds like a nasty little virus. All the more reason to make sure ya have some good ol' virus protection ;)

It didn't give me the contents. It was just the antivirus system at Omnis, my webhost, saying basically :

"We got a file from somebody at www.pricegrabber.com, which was infected with the Klez virus. Find attached the header and tell these people to sort their lives out."

The email wasn't included, even though it's an attachment (am I right Seph?), perhaps their systems aren't intelligent enough to separate email from and attachments or whatever. Anyways I didn't see it. I'll investigate it with Omnis and get back to you.

The wording would be interesting. Good to see how a virus writes...could be better than Stephen King?

I'm too busy at the mo', to investigate, but as it's the 15th, WATCH OUT.:bk

In outlook you have the option of running attachments automaticlly. Anyone know how to diable this? (I don't use it but my computer brain dead father does, I know he'll run a virus someday without knowing it)

Klez is a funny thing. The first thing it goes after is your anti-virus. Suppose you had no av, if infected with klez you would not even be able to throw norton on your machine without applying a klez fix first. It's not hard to get a klez fix, but a lot of people today still don't seem to think that they need an av. They bring their computer to you and say they think it's a hardware issue.

We need antivirus software, we need to update it. Period.
"Find attached the header and tell these people to sort their lives out" Heh Heh

Dude, Klez is some serious shit.
Get that shit off your PC pronto!
I used the Norton patch and its still on my computer!
I think I may just delete everything that's in the directory Klez is in, but I doubt its that easy.

(woohoo! 30 posts! newbie no longer!)

Yeah for sure,

After I loaded the fix, It would still be wise to then reinstall your av software. Again, the first thing it does is attack the av. So your norton probably isn't providing the protection you think it is.

where can i get a good klez fix

Here, wesr. This is from Norton.

http://www.sarc.com/avcenter/venc/data/w32.klez.removal.tool.html

yea i have seent the norton one, but the process to use it just seems so dumb

flashes u guys the 'format C:' command :P

:devil I thought this would be as good a time as any to post this. If you do this you can stop a virus from sending itself out to your contacts in your address book.

Here's what you do:

- first, open your address book and click on "new contact" just as you would do if you were adding a new friend to your list of email addresses.

- In the window where you would type your friend's first name, type in !000 (that's an exclamation mark followed by 3 zeros).

- In the window below where it prompts you to enter the new email address, type in "WormAlert," which of course, isn't a real email address. Then complete everything by clicking add, enter, ok, etc.

Now, here's what you've done and why it works: the "name" !000 will be placed at the top of your address book as entry #1.This will be where the worm will start in an effort to send itself to all your friends. But when it tries to send itself to !000, it will be undeliverable because of the phony email address you entered (WormAlert).

If the first attempt fails (which it will because of the phony address), the worm goes no further and your contacts will not be infected.

Here's the second great advantage of this method: if an email cannot be delivered, you will be notified of this in your InBox almost immediately. Hence, if you ever get an email telling you that an email addressed to WormAlert could not be delivered, you know right away that you have the worm virus in your system. You can then take steps to get rid of it!

I hope this helps....

That was literally beautiful. Did you come up with this yourself? Ingenius.

Originally posted by cheapprick
That was literally beautiful. Did you come up with this yourself? Ingenius.
:devil No I can't claim I'm that smart....A buddy of mine told me how to do it and since he shared it with me, I thought I'd share it with the guys and gals here.

As I understand Klez it sends itself out and fakes the sent from address with another address from either the infected computers' address book or in the temporary internet files. I've received plenty of Klez virus to my email from various people, but when I check the message headers it shows that it's actually from someone else. Therefore, the person who it looks like sent the email to you probably isn't really infected with the virus. I personally stay away from Outlook/Outlook Express in favor of anything else (Pegasus Mail is very nice).

From what I know this little work of put a !0000 entry in the addressbook is a HOAX.
I could work with old virus like "I love you".
But not with the new ones.

See: http://antivirus.about.com/library/weekly/aa082801b.htm
and in spanish http://www.vsantivirus.com/hoax-0000.htm

Anyway the BEST THIG YOU CAN DO IS PUT A GOOD ANTIVIRUS !

like avp or norton and always updated.

appreciate the excellent tip, have put it into use.

Originally posted by akira17
From what I know this little work of put a !0000 entry in the addressbook is a HOAX.
I could work with old virus like "I love you".
But not with the new ones.

See: http://antivirus.about.com/library/weekly/aa082801b.htm
and in spanish http://www.vsantivirus.com/hoax-0000.htm

Anyway the BEST THIG YOU CAN DO IS PUT A GOOD ANTIVIRUS !

like avp or norton and always updated.
:devil Ok akira nice link but to say that it works with the old viruses and then call it a hoax is misleading. It seems that the virus makers have just found a work around to the address book issue. But if it stops any virus then it's worth it. And yes I agree that the best way to stop viruses is to install a good antivirus and scan any attachment with it before you open it and scan any downloads also.