Malicious email with W32.Klez.H@.mm attachment 
Author Message
 Malicious email with W32.Klez.H@.mm attachment

NExt time you get an email of this sort, turn off pane preview, and right click on the
email, select properties, go to back tab and read through the properties to see who the
file really is from  (could be top return path -- could be an entry that says email
appears to be from xxxx)

Next Email that person (not the person who it says it is from) and tell them to clean
their system.


: Having a problem with what I perceive to be malicious
: email attack containing the KlezH virus. So far my Norton
: antivirus has detected it before my opening the
: attachment. The file is quarantined and then deleted. So
: far a thorough scan has not detected any virus on the
: computer. This is happening repeatedly. How do I shut
: down this type of attack in Outlook Express? Are there
: some settings to help prevent this type of activity? Any
: help will be appreciated!



Fri, 13 May 2005 21:17:30 GMT  
 Malicious email with W32.Klez.H@.mm attachment
Unfortunately with Klez and some of the other virus that are lurking around today --
you cant block the sender of the virus because the virus spoofs the FROM field.   You
would be blocking the wrong person -- an innocent person who had absolutely nothing to
do with the virus attack -- only guilty because they are in an address book.

IF you have come up with a way in OE to delete based on the actual sender, please list
it here!


: In addition to the steps Layla suggests, you might want to
: also block that specific email address, or set a rule to
: automatically perform a permanent delete on email recieved
: from that address until the sender's system is cleaned.


: the incorrect MIME headers exploit in Outlook).  It took
: me all week to finally get everything back up and running,
: and I had to replace a ton of software because Klez.H
: drops the Elkern.cav virus on your system, and it corrupts
: exe's.

Quote:
: >-----Original Message-----
: >Having a problem with what I perceive to be malicious
: >email attack containing the KlezH virus. So far my Norton
: >antivirus has detected it before my opening the
: >attachment. The file is quarantined and then deleted. So
: >far a thorough scan has not detected any virus on the
: >computer. This is happening repeatedly. How do I shut
: >down this type of attack in Outlook Express? Are there
: >some settings to help prevent this type of activity? Any
: >help will be appreciated!
: >.
: >



Sun, 15 May 2005 20:30:27 GMT  
 Malicious email with W32.Klez.H@.mm attachment
My computer is infected with this virus.  McAfee detected
it last night and I managed to get rid of it(or so I
thought).  I ran McAfee 3 times to be sure.  This morning
when I got up I discovered it was back.  HELP.  I am
running Windows XP Home Version.  If you need any other
info please ask
Susan

Quote:
>-----Original Message-----
>Unfortunately with Klez and some of the other virus that

are lurking around today --
Quote:
>you cant block the sender of the virus because the virus

spoofs the FROM field.   You
Quote:
>would be blocking the wrong person -- an innocent person

who had absolutely nothing to
Quote:
>do with the virus attack -- only guilty because they are
in an address book.

>IF you have come up with a way in OE to delete based on

the actual sender, please list
Quote:
>it here!



>: In addition to the steps Layla suggests, you might
want to
>: also block that specific email address, or set a rule
to
>: automatically perform a permanent delete on email
recieved
>: from that address until the sender's system is cleaned.

got

through
>: the incorrect MIME headers exploit in Outlook).  It
took
>: me all week to finally get everything back up and
running,
>: and I had to replace a ton of software because Klez.H
>: drops the Elkern.cav virus on your system, and it
corrupts
>: exe's.
>: >-----Original Message-----
>: >Having a problem with what I perceive to be malicious
>: >email attack containing the KlezH virus. So far my
Norton
>: >antivirus has detected it before my opening the
>: >attachment. The file is quarantined and then deleted.
So
>: >far a thorough scan has not detected any virus on the
>: >computer. This is happening repeatedly. How do I shut
>: >down this type of attack in Outlook Express? Are there
>: >some settings to help prevent this type of activity?
Any
>: >help will be appreciated!
>: >.
>: >

>.



Fri, 20 May 2005 11:47:54 GMT  
 Malicious email with W32.Klez.H@.mm attachment

Quote:
>-----Original Message-----
>In addition to the steps Layla suggests, you might want
to
>also block that specific email address, or set a rule to
>automatically perform a permanent delete on email
recieved
>from that address until the sender's system is cleaned.  

got

through
>the incorrect MIME headers exploit in Outlook).  It took
>me all week to finally get everything back up and
running,
>and I had to replace a ton of software because Klez.H
>drops the Elkern.cav virus on your system, and it
corrupts
>exe's.
>>-----Original Message-----
>>Having a problem with what I perceive to be malicious
>>email attack containing the KlezH virus. So far my
Norton
>>antivirus has detected it before my opening the
>>attachment. The file is quarantined and then deleted.
So
>>far a thorough scan has not detected any virus on the
>>computer. This is happening repeatedly. How do I shut
>>down this type of attack in Outlook Express? Are there
>>some settings to help prevent this type of activity?
Any
>>help will be appreciated!
>>.

>.



Fri, 20 May 2005 11:50:17 GMT  
 Malicious email with W32.Klez.H@.mm attachment

I have just been through a week of dealing with this bug for a friend.

Initially we used PANDA web site to remove the contaminated files -
this is a free service and the checking was done on-line. A 10gig HDD
took about 3/4 hour but he had less than half of the drive used up.

Although the report said that files had been decontaminated we were
aware that .exe files could have been destroyed.

This subsequently proved to be the case. Programmes like WINAMP and
MEDIA PLAYER reported no executable files and wouldn't run. We started
to load each one in an attempt to get his PC back to its previous
state.

The next thing we did was to reinstall WinME over the already loaded
system(in an attempt to ensure his system was intact and also retain
his data, photos, music etc) but we subsequently had problems
reconnecting to the Internet. I believe the TCP/IP files had been
damaged because removing and reinstalling Dial Up Networking files
didn't solve the problem.

After numerous hours of chipping away at the problem we bit the bullet
and did a format and clean install. we avoided back-up in case some of
the KlezBug remained on any files.

Reading about the various versions of Klez suggests that there is a
lack of knowledge about the extent of damage this is capable of.

Hope our experience gives some guidance on how to handle your problem.

KM



Sat, 21 May 2005 04:08:37 GMT  
 
 [ 5 post ] 

 Relevant Pages 

1. W32.Klez.H@mm

2. W32.Klez.E@mm

3. How to prevent Virus W32.klez.gen@mm

4. w32.klez.gen@mm

5. W32/Klez.h@MM virus

6. W32.Klez.gen@mm -- NOW MISSING .DLL FILES??

7. w32.klez.h@mm

8. W32.Klez.E@mm infected files

9. w32.Klez.gen@mm

10. W32.Nimda.A@mm and W32.Nimda.enc

11. email.Message question. including email attachments

12. W32/Klez-H

 

 
Powered by phpBB® Forum Software