Klez.H [Archive] - WinDrivers Computer Tech Support Forums

Click to See Complete Forum and Search --> : Klez.H

Renée

April 17th, 2002, 04:15 PM

I've gotten hit like CRAZY today by this thing. I ain't even talkin' about a network or an email server; I'm just talking about my home PC. Sheesh!

<a href="http://www.fsecure.com/v-descs/klez_h.shtml" target="_blank">http://www.fsecure.com/v-descs/klez_h.shtml</a>

Anybody else?

Sowulo

April 17th, 2002, 05:57 PM

Hadn't heard of that one yet....sorry you got dumped on... :( :(

MacGyver

April 17th, 2002, 06:17 PM

Thanks for the heads up, updating antivirus software now....

Renée

April 17th, 2002, 09:16 PM

[quote]Originally posted by MacGyver:
Thanks for the heads up, updating antivirus software now....<hr></blockquote>

No problem...glad nobody else here got smacked with it. I hope it stays that way.

[quote]Originally posted by Sowulo:
Hadn't heard of that one yet....sorry you got dumped on... :( :( <hr></blockquote>

Thanks, Sowulo. I didn't actually get infected, though. Just got about 25 copies of the thing sent to me at intervals throughout the day from loads of people I used to work with (their MIS chick is having megafun right now, I suppose) and some random other people. They just kept coming about every 15 minutes or so.

Sowulo

April 17th, 2002, 10:05 PM

[quote]Originally posted by Renée:


Thanks, Sowulo. I didn't actually get infected, though. Just got about 25 copies of the thing sent to me at intervals throughout the day from loads of people I used to work with (their MIS chick is having megafun right now, I suppose) and some random other people. They just kept coming about every 15 minutes or so.<hr></blockquote>

Gee, and I thought I had a spam problem.... ;)

Renée

April 18th, 2002, 10:12 AM

[quote]Originally posted by Sowulo:


Gee, and I thought I had a spam problem.... ;) <hr></blockquote>

OMG....today, I'm getting them every five minutes! Not just Klez.h, but also old Klez variants, as well.

I knew when I left that place, they'd never do another AV update. I was the one that had to call them and tell them they had the problem yesterday.

cc_penguin

April 18th, 2002, 10:25 AM

No I havent gotten it either, but I havent gotten any emails either :p j/k

Renée

April 18th, 2002, 10:46 AM

[quote]Originally posted by cc_penguin:
No I havent gotten it either, but I havent gotten any emails either :p j/k<hr></blockquote>

Since I haven't had time to write you a real note back, I'd be happy to forward my mail to your addy for today if you'd like. I've gotten 15 more copies of this thing....

:D :p :D http://www.theunholytrinity.org/cracks_smileys/contrib/lynx/bluekiss.gif

cc_penguin

April 18th, 2002, 10:51 AM

[quote]Originally posted by Renée:


Since I haven't had time to write you a real note back, I'd be happy to forward my mail to your addy for today if you'd like. I've gotten 15 more copies of this thing....

:D :p :D http://www.theunholytrinity.org/cracks_smileys/contrib/lynx/bluekiss.gif<hr></blockquote>

Ummmm, thats ok, Take you time :D :D

+Daemon+

April 18th, 2002, 10:55 AM

yeah I got hit by this thing 10 times yesterday at my work, lucky we stirped it from the email.

Renée

April 18th, 2002, 09:52 PM

So far, the total is over 200. If it's happening to me, it's happening to all the professionals and agencies they deal with, too. And they have nobody qualified to deal with it. (Hey, they obviously don't even have anybody qualified to update their AV software.) Grrrrrrrrrr...it's spamming the heck out of me..... :mad: :mad: :mad:

[quote]Originally posted by cc_penguin:
Ummmm, thats ok, Take you time :D :D <hr></blockquote>

:D :D :D

SusieQ

April 28th, 2002, 05:46 PM

I have had quite a few of emails containing the following email virus W32.Klez.gen@mm. Can't seem to figure from where but obviously from someone's address book. Just keep the virus checks up to date.

Quiet Thunder

April 29th, 2002, 02:23 PM

<blockquote>quote:<hr />Originally posted by SusieQ:
I have had quite a few of emails containing the following email virus W32.Klez.gen@mm. Can't seem to figure from where but obviously from someone's address book. Just keep the virus checks up to date.<hr /></blockquote>Yea, we got hit by a few with the varient that spoofs the return address, so we're not too sure where it's comming from. And I'm not exactly desering to play around with the thing to figure it out. Luckly Novell Groupwise helps us prevent these infections.

Spaceman Spiff

April 29th, 2002, 02:46 PM

As I said in the Tech Lounge, I've seen this one a bunch now. I've instructed everybody in our company to make sure they have the latest update to NAV... <img border="0" title="" alt="[Eek!]" src="eek.gif" />

Thunderwind

April 30th, 2002, 09:06 AM

Would you believe I just got this email???::

Klez.E is the most common world-wide spreading worm.It's very dangerous by corrupting your files.
Because of its very smart stealth and anti-anti-virus technic,most common AV software can't detect or clean it.
We developed this free immunity tool to defeat the malicious virus.
You only need to run this tool once,and then Klez will never come into your PC.
NOTE: Because this tool acts as a fake Klez to fool the real worm,some AV monitor maybe cry when you run it.
If so,Ignore the warning,and select 'continue'.
If you have any question,please <a href=3Dmailto:jesseg@geocities.com>mail to me</a>.

I wonder if he got anyone with this scam??

Zerotech

April 30th, 2002, 09:07 PM

I just got that one myself. Thank God the Norton AV was just updated, it intercepted this one and the two that came before it. I've only had it come to my home system, not at work.

Deity

May 1st, 2002, 09:22 AM

It's funny, but I had the email show up at my office without the attachment. :confused:

Stalemate

May 6th, 2002, 11:52 AM

<blockquote>quote:<hr />Originally posted by Deity:
It's funny, but I had the email show up at my office without the attachment. :confused: <hr /></blockquote>Your e-mail server (or it's anti-virus/firewall system) may prevent specific files or file extensions from reaching your desk.

I've just met my first instance of Klez on a client machine, and I'm impressed at the amount of damage it's done.

I'm starting to wonder if formatting/re-installing might not be the safest/fastest thing to do for this poor guy. <img border="0" title="" alt="[Frown]" src="frown.gif" />

Deity

May 6th, 2002, 12:07 PM

<blockquote>quote:<hr />Originally posted by a d e p t:
Your e-mail server (or it's anti-virus/firewall system) may prevent specific files or file extensions from reaching your desk.
<hr /></blockquote>To my knowledge we didn't have any type of filtering or AV running on the email server. Which was why I posted the thread about different AV solutions. The sad part is that the IT staff here is composed of me, myself and I. Even taking this into account, the CEO won't give me admin access to the email server. He insists that the information is too sensitive and he wants to retain a higher level of control over it. Meanwhile he just took off for a week for some type of conference, so if anything goes wrong with the email, we are screwed. :rolleyes:

I can only hope that our email server rns smooth for the next week.

Stalemate

May 6th, 2002, 12:33 PM

Another possible explanation may be that the outgoing server (from which the infected e-mail was originally sent) may have some type of verification for outgoing messages going through it.

As for the e-mail server problem, there *are* ways to work around it, if you really need to <img border="0" title="" alt="[Wink]" src="wink.gif" />

But do try once again to get admin rights to it. You could even try to downgrade your superior's rights by justifying it with a "it will keep you from being sued if an employee claims a breach of personal privacy".

Good luck with that!

Deity

May 6th, 2002, 01:23 PM

Thanks. I think I'll be able to convince him in time. Hopefully. <img border="0" title="" alt="[Wink]" src="wink.gif" />

Todo

May 7th, 2002, 08:31 PM

Well today I was working on my bosses wifes machine. She suspected a virus. They had NAV 2001 installed,but I couldn't get it to work. I went through the uninstall, then reinstalled it,but it still didn't work. So finally, I downloaded AVG and it found the Klez.E and Only_Game virus. Some of the infected files were NAV. So, it cleaned up the sytem,but affected ALL the JPG files. I couldn't open a single one. They opened up an email about 2 weeks ago which they believe spread the virus. I'm just glad I didn't have to reformat and reinstall her machine.

Renée

May 8th, 2002, 02:15 AM

<blockquote>quote:<hr />Originally posted by Deity:
 ...Even taking this into account, the CEO won't give me admin access to the email server. He insists that the information is too sensitive and he wants to retain a higher level of control over it. Meanwhile he just took off for a week for some type of conference, so if anything goes wrong with the email, we are screwed. :rolleyes:

I can only hope that our email server rns smooth for the next week.<hr /></blockquote>:rolleyes: Boy, does that smell familiar. Sounds like my last job. Makes you want to ask why they hired you in the first place, doesn't it? That's okay. If they don't listen to you, they will end up learning the hard way. But if you're in the same position I was in, when they learn the hard way, you'll be the one cleaning up the mess. :mad:

Deity

May 8th, 2002, 09:20 AM

<blockquote>quote:<hr />Originally posted by Renée:
 :rolleyes: Boy, does that smell familiar. Sounds like my last job. Makes you want to ask why they hired you in the first place, doesn't it? That's okay. If they don't listen to you, they will end up learning the hard way. But if you're in the same position I was in, when they learn the hard way, you'll be the one cleaning up the mess. :mad: <hr /></blockquote>The really stupid thing is that I already have root access to all the servers! I have the highest level of authority to all the systems! He just won't give me a password to access the email configuration. :mad: What he doesn't realise is that the emails are stored in plaintext in simple folders corresponding to the usernames. I can open those and read any mail I want. The exact stuff he wants to protect is the least protected! :rolleyes:

Commander Klarg

May 8th, 2002, 10:04 AM

<blockquote>quote:<hr />Originally posted by Deity:
 <blockquote>quote:<hr />Originally posted by Renée:
 :rolleyes: Boy, does that smell familiar. Sounds like my last job. Makes you want to ask why they hired you in the first place, doesn't it? That's okay. If they don't listen to you, they will end up learning the hard way. But if you're in the same position I was in, when they learn the hard way, you'll be the one cleaning up the mess. :mad: <hr /></blockquote>The really stupid thing is that I already have root access to all the servers! I have the highest level of authority to all the systems! He just won't give me a password to access the email configuration. :mad: What he doesn't realise is that the emails are stored in plaintext in simple folders corresponding to the usernames. I can open those and read any mail I want. The exact stuff he wants to protect is the least protected! :rolleyes: <hr /></blockquote>Silly, aren't they? Be careful; he might get the idea to try and take your root access away. :rolleyes:

Imagenatas

May 9th, 2002, 01:31 PM

My company just got hit with this over the last 2 days. Thanks goodness we've updated in time. This virus is pretty horrndous because it seems like it's ubiquitous. It's popping up every 30 minutes or so with the name of people whom used to work at this company.

Renée

May 10th, 2002, 10:07 AM

<blockquote>quote:<hr />Originally posted by Deity:
 The really stupid thing is that I already have root access to all the servers! I have the highest level of authority to all the systems! He just won't give me a password to access the email configuration. :mad: What he doesn't realise is that the emails are stored in plaintext in simple folders corresponding to the usernames. I can open those and read any mail I want. The exact stuff he wants to protect is the least protected! :rolleyes: <hr /></blockquote>Ugh. This is giving me flashbacks.

I had about 55 users on a Novell network with one measly file/print server when I was at the job I was talking about. I was the one and only MIS person they had on site. But...the CEO wanted the server itself to be located in my supervisor's office, to which, of course, I didn't have a key. DUH. I, like you, had access to every file on there. I never did figure out why he thought the server shouldn't be in my office, but I sure got a lot of pleasure when the thing crashed and neither my supervisor nor the CEO were around so that I could get in and reboot the thing. (I was always around.) All 55 users pleading for the server, and not a blessed thing I could do. I felt sorry for the users, but I loved telling them why I couldn't fix it. Our CEO was trying to make tech decisions and he needed his hand held just to log onto AOL (which, of course, he refused to replace with another internet service).

Arrrgh!! I really feel your pain, Deity. If you ever feel like crying and moaning, come see me... :mad:

BTW, the company I'm talking about is the same one that started this thread...the one I got 200+ copies of Klez from.

edball

May 17th, 2002, 02:46 PM

I just have to keep explaining to my users that "No, you don't really have a virus", when they get sent back an e-mail from someone's AV program because there e-mail address happened to reside somewhere on the infected pc.

randy

May 17th, 2002, 07:30 PM

:D :D Hey I also was working on a pc at work and found the worm_klez.h which was randomly writing itself to files with wink in it and placing itself in the startup group (msconfig) and/or in the register in run or runonce. I found the fix at trendmicro's website <a href="http://www.antivirus.com." target="_blank">www.antivirus.com.</a>
Hope you all have a good weekend I have to work all of it !!