Urgent Virus warning

i got messages from geoff, dirty vicar, and someone i'm forgetting [who i now remember was anthony] which were more than likely all viruses [they were "blank" emails...no attachments]. if you're going to email me within the next week, make damn sure the subject header lets me know it isnt a virus.

my anti-virus found nothing, but i'm a bit afraid to turn the computer off.

I guess we all just have to be extra vigilant and ensure we have up- to-date antivirus software.

It also seems, if tis helps, that the viruses are between 120 and 135 Kb in size, and some have attachments, some do not.

maybe this is doomie's/gale's revenge?

While the number of computers infected by the Klez.H variant falls short of such epidemics as the LoveLetter worm, the virus has still shown surprising resiliency, said Steve Trilling, director of antivirus software maker Symantec's security response team.

"It is still going very strong," he said. "We got half the submissions from the last 10 days in the last two days...It is definitely not dropping off."

The Klez variant has generated nearly 20,000 incident reports from Symantec customers in a little over a week, Trilling said. Included in that number are 250 corporations that have multiple infections.

In total, Klez reports make up 75 percent of all reports that the company receives, easily putting it at the top spot for threats, according to Symantec.

The ability of even a ho-hum virus to spread effectively across the Internet may speak volumes about the ill-preparedness of home users and many corporations to deal with even old security threats.

Computer users who have antivirus software and have updated the software's virus definitions--information used to recognize viruses--are immune to the latest Klez variant. Trilling wouldn't say whether users' failure to update their software after Klez's first emergence was responsible for the increase in Klez infections, but he did say it's a leading reason for the continued spread of older viruses.

The Klez worm doesn't contain any new tricks that could account for its success, said David Perry, director of education for antivirus software maker Trend Micro.

"It's pretty surprising actually," he said. "It is just a minor variant of Klez...There is nothing very special about the technologies included in it."

Trend Micro's Worldwide Virus Tracking Center, a Web service that reports incidents of a virus infection aggregated from calls to Trend Micro's customer support and any instances found by its online virus scanner, says the Klez.H worm--which Trend Micro calls Klez.G--is currently its second most reported virus. An outbreak in Italy of the JS.Exception Javascript virus tops the list.

"We are a little puzzled that it is still showing up," he said. "I would say that someone is vigorously seeding this virus." However, Perry added that, while the way that Klez is infecting computers seems to indicate that the worm is being "seeded" or spread by design, he had no evidence that this was indeed the case.

The variant of the Klez worm, which started spreading early last week, arrives as an attachment to an e-mail message. While the virus doesn't harm data on a computer it infects, it can send out a random file from the PC as an attachment along with the e-mail that carries the worm, potentially leaking confidential information from an infected computer.

The worm randomly chooses a subject line from more than 100 possibilities, uses many different file names when attaching itself to a message and mails the messages off to e-mail addresses that it culls from files on the infected machine. In addition, Klez is able to "spoof," or replace, the sender's e-mail address with an address found on the infected PC.

Alex Shipp, antivirus technologist for U.K.-based e-mail service provider MessageLabs, pointed to these abilities of the virus as key reasons for its virulence.

"When people hear there is a virus out there, they look for a specific subject line and message," he said. The different subject lines and file names prevent victims from recognizing that a message contains the virus, Shipp said, pointing to the LoveLetter virus, which spread in May 2000, as one that could be easily recognized.

The spoofing function also makes it harder for people who receive an infected e-mail to contact the sender to let them known they are infected, he said.

"Normally, you'd tell the people (who sent the virus) to stop, but the people in the sender's box aren't the one's sending it," Shipp said. "You may get an e-mail from Aunt Mabis, but it's not Aunt Mabis that is infected."

Still, the Klez outbreak fails to be an epidemic of the magnitude of LoveLetter, Shipp added.

"We are seeing viruses at a rate of about 1 per 200 e-mails," he said. "When the Love Bug hit that was 1 in 28 e-mails." For its time, LoveBug, also known as LoveLetter, was more technologically advanced than Klez.

http://story.news.yahoo.com/news?tmpl=story&ncid=73&e=3&cid=73&u=/zd/2 0020426/tc_zd/5106830

This is why I never answer my email, no honest.

(as that sounds like the kind of joke i wd make, i shd probably stress that it really WAS...)

can macs be typhoid marys for these kids of thingsw we/o ever being damaged theselves? that story doesn't say... but the (myuth of?) semi-immunity wd explain why so many ppl (like me) don't take full precautions

i think the two of mine that came from fake ilx-ers were from geoff and kiwi

"The worm attempts to exploit a MIME vulnerability in some versions of Microsoft Outlook, Microsoft Outlook Express, and Internet Explorer to allow the executable file to run automatically without the user double-clicking on the attachment. Microsoft has issued a patch which secures against this vulnerability which can be downloaded from http://www.microsoft.com/technet/security/bulletin/MS01-027.asp. (This patch fixes a number of vulnerabilities in Microsoft's software, including the one exploited by this worm.)"

I haven't dared to open my hotmail at work today!

Just in case I'm wrong: Dan, I'm fine!

http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=WORM_KL EZ.G

Here's the link for the removal tool:

http://www.antivirus.com/vinfo/security/fix_worm_klez_3.11.zip

Virus Encyclopedia

Overview Tech details Risk statistics

WORM_KLEZ.G

Aliases: W32/Klez-G, I-Worm.W32/Klez.gen@MM

Description: This destructive, memory-resident variant of the WORM_KLEZ.H mass-mailing worm propagates via email and network shared drives. It uses SMTP to propagate via email. Both variants differ mainly in the type of email they compose (see Technical Details for more information).

It drops a WINK*.EXE file and a WQK.EXE file in the Windows System folder of the infected system and then creates corresponding registry entries to execute these dropped files at every system startup. It also infects .EXE files. To infect, it encrypts (compresses) the target file and then modifies the file extension with a random name. It also modifies the attributes of the file and sets these to Read-only, Hidden, System, and Archive. Thereafter, this worm copies itself to the original filename of the infected file. This worm's file size is the same as that of the infected file.

Solution: Automatic Removal Instructions

1.Please download and run the fix tool. 2.Trend Micro requests that all users download and read the readme text before using this tool.

Manual Removal Instructions For Windows 95 systems: Restart your computer. Press the F8 key when you see the message, "Starting Windows 95."

For Windows 98/Me systems: Restart your computer. Press the Ctrl key until your Windows 98 startup menu appears. Choose the Safe Mode option then hit the Enter key.

For Windows XP systems: Restart your computer. When prompted, press the F8 key. If Windows XP Professional starts without the “Press select operating system to start” menu, restart your computer. Press F8 again after the Power-On Self Test is done. Choose the Safe Mode option from the Windows Advanced Options Menu.

For Windows 2000 systems: Restart your computer. Press the F8 key, when you see the Starting Windows bar at the bottom of the screen. Choose the Safe Mode option from the Windows 2000 Advanced Options Menu.

1.Scan your system with Trend Micro antivirus and note all files detected as WORM_KLEZ.G. These infected files are WINK*.EXE files where * is a random number of random characters. 2.Click Start>Run, type Regedit then hit the Enter key. 3.In the left panel, double click the following: HKEY_LOCAL_MACHINE>Software>Microsoft>Windows >CurrentVersion>Run 4.In the right panel, look for and then delete these registry values. * is any random characters: ”Wink*” = ”%System%\Wink*.exe” ”WQK” = “%System%\Wqk.exe” 5.In the left panel, double click the following: HKEY_LOCAL_MACHINE>System>CurrentControl Set>Services 6.Under the Services key, look for and then delete this subkey: Wink* 7.Close the Registry Editor. 8.Restart the system. 9.Scan your system with Trend Micro antivirus and delete all files detected as WORM_KLEZ.G. To do this Trend Micro customers must download the latest pattern file and scan their system. Other email users may use HouseCall, Trend Micro’s free online virus scanner. 10.Since this worm uses a vulnerability in HTTP-based email clients like Microsoft Outlook and Outlook Express, please apply the latest patches: Update to Internet Explorer 5.01 SP2 Update to IE 5.5 SP2 Update to IE 6.0

Trend Micro offers best-of-breed antivirus and content-security solutions for your or .

My favourite thing is getting klez0r emails from someone at yahooNOSPAM.com or some such. Well, that and the ones w 'Japanese girls vs. Playboy' in the subject line. phwoar.

just a friendly reminder for all windows people to keep yr anti-virus stuff current and running :-)

What I don't get is this--Hotmail obviously detects Klez, or something like that, as the attachments are never downloadable. So why aren't they just deleted automatically?

Although maybe I'm just completely wrong in assuming that Hotmail has anything to do with the non-downloadability of the attachments.

Flagging this up because I rather unexpectedly got an email from Ned last week or so with the 'Fw: Funny :)' subject line - one of the subject lines associated with the virus. Anyone else get that? (And apologies to Ned for sending him a weird reply!)

I hope this was a funny inserted by the article's author.

AntiVir Worm/KillAV.GR
Avast! Win32:VB-CD [Wrm]
AVG Worm/Generic.FX
BitDefender Win32.Worm.P2P.ABM
ClamAV Worm.VB-8
Command W32/Kapser.A@mm (exact)
Dr Web Win32.HLLM.Generic.391
eSafe Win32.VB.bi

eTrust-INO Win32/Blackmal.F!Worm
eTrust-VET Win32/Blackmal.F
Ewido Worm.VB.bi
F-Prot W32/Kapser.A@mm (exact)
F-Secure Email-Worm.Win32.Nyxem.e
Fortinet W32/Grew.A!wm
Ikarus Email-Worm.Win32.VB.BI
Kaspersky Email-Worm.Win32.Nyxem.e
McAfee W32/MyWife.d@MM
Nod32 Win32/VB.NEI worm
Norman W32/Small.KI
Panda W32/Tearec.A.worm
QuickHeal I-Worm.Nyxem.e
Sophos W32/Nyxem-D
Symantec W32.Blackmal.E@mm
Trend Micro WORM_GREW.A
VBA32 Email-Worm.Win32.VB.bi
VirusBuster Worm.P2P.VB.CIL

Microsoft's patch to clean CME-24 is coming out 11 days from the known zero hour, when everyone's Office files will get overwritten with garbage.

I hope against hope that this results in a massive, massive loss to corporations all over the world and a massive, massive class-action suit against MSFT in the fallout. If a bank lost all your money because they didn't lock the safe, you'd fucking sue the bank and win. If a piece of software loses all your data because it was a sloppy piece of shit that wasn't even reasonably corrected when a fatal flaw was revealed, well, same fucking deal.

Shitwipes. My entire industry is full of shitwipes.

I'd assumed that they got my email address straight off ILX somehow. I doubt I'm in the address book of more than a couple of ILXORs (if any).

I think a combo of disabling html email, never ever opening mail attachments, and using webmail for anything that'll attract spam seems to have done the trick mostly.

(if friends ever send me anything out of the blue thats a "hey check this out" joke email, I delete it on sight. I only deal with email attachments on "heads-up" basis. )

So anyway, your computers still work, yes?

lol

my computer is convinced it has a virus & is p emphatic about getting me to do something about it but i dont want to pay for new virus software & its the vista security progam

had to blast thru with 'open as admin' just to get firefox open, security center kept putting its foot in the door

I am amazed at how long I have continued to trawl the seedy underbelly of the web unharmed, using only MSE 2.0 and Malwarebytes

wish beside "remind me later" & "activate now" "its cool computer i got this chill out" was an option

srsly i thought viruses were a thing of the past

http://free.avg.com

my computer is convinced it has a virus & is p emphatic about getting me to do something about it but i dont want to pay for new virus software & its the vista security progam

― flopson, Wednesday, April 6, 2011 11:46 AM (31 minutes ago) Bookmark

dude you're already infected don't pay for that

http://www.eweek.com/c/a/Security/LizaMoon-Mass-SQL-Injection-Attack-Escalates-Out-of-Control-378108/

suggest you nuke your computer, buy a mac

http://www.pcmag.com/article2/0,2817,2382979,00.asp

i would never pay i just want it to fuck off abt it

i have literally never had any problems w my computer before & have an arbitrary distaste for macs

damn, thx bro

microsoft antivirus software will never ask you to pay for AV software. if it is that means it's malware and you're infected.

http://appyzilla.com/wp-content/uploads/2010/05/back-to-school-buy-a-mac-get-free-ipod-touch-a-lrg1.png

you may have something different

http://www.review-buddy.com/spyware-removers/remove-vista-security-2011-virus-vista-security-2011-removal.html

sorry dude

http://theilife.com/wp-content/uploads/2008/04/buy-a-mac.jpg

http://www.precisesecurity.com/rogue/vista-security-2011/

http://www.precisesecurity.com/wp-content/uploads/2010/11/vista-security-2011.jpg

ya thats the one, they found 33 on mine tho

dude its not real

god i hate this shit.. my parents call me because their ~60yo friends "got a virus and clicked remove all but it's not working"..

ya i get it

neways i guess thats sort of good news

i can't even figure out how to explain to them where they went wrong.

good luck ~ hope you fix your computer ~~

ok i'm following the procedures on that last link wish me luck

btw idk if u work in computers dayo but u have been exceedingly dilligent & helpful, thank u

I hate "get a mac" as the answer to avoiding viruses. It is not. "get a clue" is the right answer. It is NOT that hard to avoid virii/phishing scams/etc on any platform with care and protection - and overbloathed AV programs dont need to be that solution either.

I run Firefox with Noscript and a hardware firewall and an outdated copy of AVG that came with me PC, and I never ever click on links in email and dont touch Outlook/IE and touch wood, Ive been fine, and I run Vista in admin mode.

But fuck installing a bloated nortons and paying to update it every 12 months like my mother bafflingly does.

...I dont know what a bloath even is but apparently it is over.

haha I'm imagining you saying "AVG that came with me PC" in some sort of snozzwoggers accent

ya i have no idea what i did to set this upon me but i have been going some sleazy places in search of megavideo links lately prob just a stray click in the barrage of pop ups

Yeah that'll do it. This is why Adblock/Noscript is yr friend.