Klez-G Thread poster: Lia Fail (X)
|
|---|
Lia Fail (X) 
Spain
Local time: 12:52
Spanish to English
+ ...
I\'m pretty computer illiterate and am trying to deal with a virus for the first time. I hope somebody can explain a few things to me:
1. The virus arrived and was detected, but installed itself in my TEMP folder and refuses to budge. Do I have to clear out teh system and re-install everything?
2. So far everything seems OK and I have heard no reports from anyone of having received anything through my mail. Does that mean I\'m safe for the moment and sti... See more I\'m pretty computer illiterate and am trying to deal with a virus for the first time. I hope somebody can explain a few things to me:
1. The virus arrived and was detected, but installed itself in my TEMP folder and refuses to budge. Do I have to clear out teh system and re-install everything?
2. So far everything seems OK and I have heard no reports from anyone of having received anything through my mail. Does that mean I\'m safe for the moment and still have a chance to get cleaned up?
3. I tried downloading the Microsft \"patch\" but apparently one must have a \"service Pack\" which I don\'t have. Maybe I tried to download the wrong files, but I was unable to check which version of Internet Explorer I have (my OS is Windows 9 . How can I get this \"patch\"?
4. It appears to have been the Sophos Anti-Virus, which I have on trial, that detected the virus, not my installed Panda Anti-Virus, purchased recently. I wonder why? Isn\'t an anti- virus supposed to be on stand-by for viruses?
5. Ages ago someone explained how to make an entry in my Outlook address book \"000!\" to avoid propagating viruses. Does this really work?
I attach details from SOPHOS below, in case it\'s of any use to anyone. Meanwhile I hope soemone can answer my simplistic questions!
http://www.sophos.com/virusinfo/analyses/w32klezg.html
W32/Klez-G
Type
Win32 executable file virus
Detection
A virus identity file (IDE) file which provides protection is available now from the Latest virus identities section, and is incorporated into the March 2002 (3.55) release of Sophos Anti-Virus.
Sophos has received several reports of this virus from the wild.
Description
W32/Klez-G is a Win32 worm that carries a compressed copy of the W32/ElKern-B virus, which it drops and executes when the worm is run.
This worm searches for email address entries in the Windows address book but uses its own mailing routine.
The email will have the following characteristics:
Subject line: either random or chosen from the list
How are you
Let\'s be friends
Darling
Don\'t drink too much
Your password
Honey
Some questions
Please try again
Welcome to my hometown
the Garden of Eden
introduction on ADSL
Meeting notice
Questionnaire
Congratulations
Sos!
japanese girl VS playboy
Look,my beautiful girl friend
Eager to see you
Spice girls\' vocal concert
Japanese lass\' sexy pictures
Message text: Message text is randomly composed by the worm but the message can also be without a text.
Attached file: Randomly named with extension .PIF, .SCR, .EXE or .BAT.
The sender address which appears in a message is chosen from a list inside the virus.
W32/Klez-G attempts to disable several anti-virus products and delete some anti-virus related files.
The worm attempts to exploit a MIME vulnerability in some versions of Microsoft Outlook, Microsoft Outlook Express, and Internet Explorer to allow the executable file to run automatically without the user double-clicking on the attachment. Microsoft has issued a patch which secures against this vulnerability which can be downloaded from http://www.microsoft.com/technet/security/bulletin/MS01-027.asp.
(This patch fixes a number of vulnerabilities in Microsoft\'s software, including the one exploited by this worm.)
W32/Klez-G may also spread to remote shares on other machines using random filenames.
It copies itself to the Windows System directory with a random filename. The worm will set the registry key
HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\
to point to the worm file, so that the file is run on Windows startup.
Please read the instructions for removing infected executable files.
▲ Collapse
| | | |
Ralf Lemster
Germany
Local time: 12:52
English to German
+ ...
Hi Ailish,
Sorry, need more info...
- Which Windows version are you using?
- Which antivirus software are you using? When did you last update your virus definitions?
- The IE version you\'re using can be checked under \"?\" => Info/About.
The fact that the infected file is sitting in your \"Temp\" directory is not surprising - this is the default folder where your e-mail client stores incoming file attachments.
Goo... See more Hi Ailish,
Sorry, need more info...
- Which Windows version are you using?
- Which antivirus software are you using? When did you last update your virus definitions?
- The IE version you\'re using can be checked under \"?\" => Info/About.
The fact that the infected file is sitting in your \"Temp\" directory is not surprising - this is the default folder where your e-mail client stores incoming file attachments.
Good luck - Ralf ▲ Collapse
| | | |
Lia Fail (X)
Spain
Local time: 12:52
Spanish to English
+ ...
TOPIC STARTER | In ans to your Qs, Ralf | Apr 20, 2002 |
Thanks for you reply.
Windows 98
Panda Platinum
Sophos version 3.56
Hope you can tell me if I\'m infected or not, and what to do! Thanks!
| | | |
To report site rules violations or get help, contact a site moderator:
You can also contact site staff by
submitting a support request » 
Login to reply/comment 
