W32/Klez.H@mm Virus Alert

**Chas Kingston** · August 15, 2002, 07:36 AM

**Walt McGaw** · August 15, 2002, 08:20 AM

W32/Klez.H@mm Virus Alert (removal tool)

In case anyone needs to investigate further and possibly remove the virus, here is a pointer to everything you need.

Symantec Security Center

http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.h@mm.html

Symantec security research centers around the world provide unparalleled analysis of and protection from IT security threats that include malware, security risks, vulnerabilities, and spam.

Walt

**Dave K.** · August 15, 2002, 08:27 AM

Re: W32/Klez.H@mm Virus Alert

I was also receiving e-mail containing this virus up to about two weeks ago. Than it stopped about the same time Joe mentioned. As of yesterday, I hadn't received any infected mail. Fortunately, I have the latest version of Norton Anti virus that detected and removed it. I had about five occurrences of the virus.

Dave Kitch

**Dale Pearman** · August 15, 2002, 09:10 AM

Re: W32/Klez.H@mm Virus Alert

I have a firewall and Norton as well. I get these viruses all the time but they don't get into my computer. If I ever send an attachment I e-mail the recipient separately that's it's OK to open before I send the attachment.

Dale...............Anything from me with two "o"s is fraudulent. My address is varooom@usit.net..........(three "o"s)

**John W.** · August 15, 2002, 04:26 PM

Re: W32/Klez.H@mm Virus Alert

Joe,

This virus and it's mutations have been around for two or three months. I get anywhere from 3 to 10 instances a day. Microsoft has been sending me a lot of them recently. Since the From address is picked at random from the computer that is sending the virus it is unlikely that the address that it says it came from is infected. There are a couple more new ones out now that also fake the From address. The virus's like all of the other programs out are getting more sophisticated all of the time.

The only protection that you have is a good virus program, and make sure that it updates the pattern file every time it logs on to the internet, or everyday if you have a broadband connection.

Anyone not running an up to date virus checker, that gets e-mail or share any files with friends has most likely got at least one if not more virus's on their system. Get it checked for free at www.housecall.antivirus.com It just takes a little while and it is worth the peace of mind.

I just did a small network job last week. The unprotected computers with Internet access had about 150 infected files each. Took almost all day to get the cleaned, and install anti virus program.

John

**Joe C.** · August 15, 2002, 04:42 PM

Am I The Only One

My computer is protected with McAfee Online Virus Scan, and is NOT infected. I am, however, a target of this annoying intruder, and am searching for the answqer to the problem. The first clue was, that the continuity of the bogus emails corresponded exactly to the timing of the event at Monterey.
I recieved an email titled "Jolly Good Assumption" today, just after my initial post this morning. Seems like the SOB is monitoring my correspondence.
Is anybody else experiencing the same annoyance as I am?

Regards,
Joe

**Joe C.** · August 15, 2002, 04:57 PM

Re: W32/Klez.H@mm Virus Alert

John:

My computer is definately not infected. I have McAfee, which updates the .dat files every time I log on. I am not worried that my computer will get infected, as I have recieved many of these annoying emails over the last couple months. They are recieved as 129-132kb messages with no content, but they take an inordinate time to download, which is a major annoyance. Many seem to emanate from this forum, because the header information is peculiar to certain participants (e.g. "varooom"--aka Dale Pearman). I realize that Dale, among others, are not responsible for this phenomenon, but it is more than coincidental that I experienced a gap in these pesky emails that corresponded exactly to the time frame of the Monterey National.

Joe

**John H.** · August 15, 2002, 07:05 PM

Re: Am I The Only One

Joe -

I've been getting the "Good Assumption" infected messages for about a week - that one's been around for a while, like the "Here's a New Game For You", and many others. I get them all day long, including when I was on-line every day at the National in Monterey. Just keep your AV program definition files updated daily, and don't open any attachments that don't look genuine. Just one of the joys of the Internet. There are now 16 variants of the W32Klez.h@mm virus, with more to come, I'm sure. LOTS of people out there (who don't have current AV protection) have it, and don't know it, and the most recent Klez variants all use harvested proxy "from" headers, and those people DON'T have it - it didn't come from that address.

W32/Klez.H@mm Virus Alert

W32/Klez.H@mm Virus Alert

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Debug Information