Klez.H @mm Virus

Recently there has been a huge rise in E-Mail virus & worms going around. We've put together this page to help you protect yourself from these virus and test your own system(s) for them. There are new Virus showing up on a daily bases, make sure you're anti-virus software is up-to-date!

One of the most common virus going around is the Klez.E and Klez.H virsus. Please read the notes below to learn more about this virus and how it works. We have also included links to several websites with great tools available for detecting and cleaning these virus from your system.

NOTES on the Klez.H @mm Virus: ( http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.h@mm.html)

  • Because this worm uses a randomly chosen address that it finds on an infected computer as the "From:" address, numerous cases have been reported in which users of uninfected computers received complaints that they sent an infected message to someone else.

    For example, Linda Anderson is using a computer that is infected with W32.Klez.H@mm. Linda is not using a antivirus program or does not have current virus definitions. When W32.Klez.H@mm performs its emailing routine, it finds the email address of Harold Logan. It inserts Harold's email address into the "From:" portion of an infected message that it then sends to Janet Bishop. Janet then contacts Harold and complains that he sent her an infected message, but when Harold scans his computer, Norton AntiVirus does not find anything--as would be expected--because his computer is not infected.

    If you are using a current version of Norton AntiVirus and have the most recent virus definitions, and a full system scan with Norton AntiVirus set to scan all files does not find anything, you can be confident that your computer is not infected with this worm.
  • There have been several reports that, in some cases, if you receive a message that the virus has sent using its own SMTP engine, the message appears to be a "postmaster bounce message" from your own domain. For example, if your email address is jsmith@anyplace.com, you could receive a message that appears to be from postmaster@anyplace.com, indicating that you attempted to send email and the attempt failed. If this is the false message that is sent by the virus, the attachment includes the virus itself. Of course, such attachments should not be opened.
  • The message may be disguised as an immunity tool. One version of this false message is as follows:

    Klez.E is the most common world-wide spreading worm. It's very dangerous by corrupting your files. Because of its very smart stealth and anti-anti-virus technic,most common AV software can't detect or clean it.We developed this free immunity tool to defeat the malicious virus. You only need to run this tool once,and then Klez will never come into your PC.

    NOTE: Because this tool acts as a fake Klez to fool the real worm,some AV monitor maybe cry when you run it. If so,Ignore the warning,and select 'continue'. If you have any question,please mail to me.


If the message is opened in an unpatched version of Microsoft Outlook or Outlook Express, the attachment may be automatically executed. Information about this vulnerability and a patch are available at
http://www.microsoft.com/technet/security/bulletin/MS01-020.asp

Other Links of importance:

Symantec: Tools, Detection, Anti-Virus: http://securityresponse.symantec.com/
Incidents.org: global tracking of virus around the world: http://www.incidents.org/
McAfee.com: Tools, Detection, Anti-Virus: http://www.mcafee.com
F-Secure: http://www.f-secure.com/virus-info/
Virus Encyclopedia: http://www3.ca.com/virus/encyclopedia.asp
PDF Form Filling Blog · New WebMail · Racine-Web.com Site Map · Content Management · Sites Design and Hosted by Racine Web Design · Network Operations Center · Anti-Spam with SpamBayes · Virus Alerts · Contact Us · Website Design & Web-Based content management
Server190

http://www.zomix.com/zomix