| Author |
Message |
    
Max Thomason (Lrmax)
| | Posted on Sunday, December 15, 2002 - 02:02 pm: | 
|
I would like to alert everyone on this board that my computer is really messed up with some sort of virus. It just goes to random addresses and dumps its load onto your system. Its titled "Lets be Friends" and I don't want anyone else to get it.
If you do get an E-mail with no message and a pop-up, erase it and do a virus scan.
Hope it doesn't hit anyone else!!
Max T. |
Robert Sublett (Rubisco98)
| | Posted on Sunday, December 15, 2002 - 02:49 pm: |
|
Someone has apparently gotten my email address and is using it to send a virus called Klez32 or something like that. I've updated my Norton and didn't find anything on my computer. However, I apparently keep sending these emails with the virus attached, various different titles in the subject line such as "Your Password", "Finished Successfully", many many others. I keep getting returned emails from people I've apparently sent these emails to, marked as undeliverable, etc. I've written my internet provider and they don't return my emails (COMCAST SERVICE SUCKS!!) Anyone here with any ideas to share would be good.. Thanks.. Later.>R S |
Linux Evangalist
| | Posted on Sunday, December 15, 2002 - 03:20 pm: |
|
Don't use Micro$oft Outlook. |
Jesse Lessard (Jlessard)
| | Posted on Sunday, December 15, 2002 - 03:48 pm: |
|
Linux =) |
Rans (Rans)
| | Posted on Sunday, December 15, 2002 - 05:33 pm: |
|
Robert, try using your Norton Antivirus to scan your machine from a bootable diskette at startup. In other words, you need a bootable copy of Norton Antivirus on a floppy. There are directions on how to create it in the Norton files. Once you have it, insert the diskette before firing up the computer and then start it up so that it boots off of the diskette. This way you are not using the bootstrap on the hardrive to start the computer thus not allowing any viruses to disguise themselves during the bootstrap process. Yes, the hackers are pretty creative.
Klez32 has been going around for most of the past year or so, it's a bitch.
Anyone who doesn't practice safe computing, antivirus protection updated weekly, avoiding unknown emails, never opening attachments unless you are absolutly certain of the source, etc is asking for trouble.
Good luck! |
Pugsly (Pugsly)
| | Posted on Sunday, December 15, 2002 - 05:56 pm: |
|
I'm a fan of Norton Antivirus Pro - it scans all of your OUTGOING email for virii, and also alerts you if another program tries to access the Outlook address book / contacts book.
I really like the features of Outlook so am unwilling to move to another platform, and this helps to plug some of the potential security gaps in it.
I have found my combination of Win2k / Zone Alarm Pro / Norton Antivirus Pro / LinkSys BEFSR41 to be about the best one can do on a Windoze platform. |
Axel Haakonsen (Axel)
| | Posted on Sunday, December 15, 2002 - 06:06 pm: |
|
Robert, if the return email on that klez virus is yours, then it most likely is not sent out from you. The klez virus will use random email adresses from the infected computer as the return email it sends out, masking the real sender. The virus comes from somebody you have had email correspondence with in the past. As long as you keep your virus scanner up to date, I would not worry. Norton is pretty good, it catches 2-3 incoming klez infected emails per day on average on my machine. |
Carter Simcoe (Carter)
| | Posted on Sunday, December 15, 2002 - 06:13 pm: |
|
ditto all that on the Klez virus, and I can vouch for the fact that it's a bitch -I got it last year. |
Robert Sublett (Rubisco98)
| | Posted on Sunday, December 15, 2002 - 06:32 pm: |
|
Axel, I just got 2 or 3 myself today, and have been averaging 0-3 a day. The Norton catches it and sticks it in Quarentine. I even got a blank message from Ho the other day with the subject line "Your Password". There were no attachments and nothing in the text. Norton didn't detect anything in the email.. Oh well.. gotta go finish watching Green Bay.. Peace. RS |
Steve (Scrover)
| | Posted on Sunday, December 15, 2002 - 06:52 pm: |
|
I got a blank message from Ho too. Subject line was 'Look,my beautiful girl friend'. Got all excited, but no attachment! Oh, well. |
mark
| | Posted on Sunday, December 15, 2002 - 08:54 pm: |
|
if you go to symantec.com it shows you how to remove it.... |
Axel Haakonsen (Axel)
| | Posted on Sunday, December 15, 2002 - 10:28 pm: |
|
Like I said, it may look like it came from Ho, but it wasn't from him, it was from someone else who has Ho's email in their address book. It's a pain to figure out where it really comes from, since it masks it's return address. You can look at the mail header to see which ip it came from i suppose, but that's about it. |
Steve (Scrover)
| | Posted on Sunday, December 15, 2002 - 11:18 pm: |
|
Yeah, I realized it wasn't really from Ho! Check out the 'options', looks like it was relayed a couple of times. Recognize any names?:
Return-Path: nthomason@earthlink.net
Received: from lamx01.mgw.rr.com ([66.75.160.12])
by orngca-mls05.socal.rr.com (Post.Office MTA v3.5.3 release 223
ID# 0-59787U250000L250000S0V35) with ESMTP id com
for ; Sun, 24 Nov 2002 08:27:52 -0800
Received: from hawk.mail.pas.earthlink.net (hawk.mail.pas.earthlink.net [207.217.120.22])
by lamx01.mgw.rr.com (8.12.5/8.12.5) with ESMTP id gAOGSCbL022900
for ; Sun, 24 Nov 2002 11:28:12 -0500 (EST)
Received: from user-2ivfc1d.dialup.mindspring.com ([165.247.176.45] helo=Hfgf)
by hawk.mail.pas.earthlink.net with smtp (Exim 3.33 #1)
id 18Fzbk-0003nV-00
for stevecooper@socal.rr.com; Sun, 24 Nov 2002 08:27:44 -0800
From: hochung
To: stevecooper@socal.rr.com
Subject: Look,my beautiful girl friend
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary=TYTJvmHp738Lb916106Dp2Gkfl3R1j71Lu004
Message-Id:
Date: Sun, 24 Nov 2002 08:27:44 -0800 |
Axel Haakonsen (Axel)
| | Posted on Monday, December 16, 2002 - 10:06 am: |
|
The return path in the first line should be a clue, don't know who the guy is, though |
|
Closed: New threads not accepted on this page