• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

W32/Klez.h@MM virus problem

D

downhiller80

Platinum Member
I'm getting emails from postmasters saying I'm sending out the W32/Klez.h@MM virus.

Fair play. I run AVG and have all of the latest updates. A full scan reveals nothing.

Does this virus stop AV software from finding it or something? If so what can I do to get rid of it?

cheers

- seb
 
Klez has many variants that do contain anti-anti-virus program features. Part of the virus methodology for this worm is to present you with a file that will innoculate your system against it. Here is a good report on it:

Klez
 
Actually, it's very possible you're not infected at all. Klez has the annoying trait to spoof the "From:" field in emails. So, oftentimes some person running Klez will send around mails containing the virus under a false identity, that is, it'll appear that someone else than the real infected machine is sending the mails. In this case, maybe someone is unknowingly sending around Worm mails containing your address in the "From:" field, which the postmaster daemon promptly picks up and returns to the assumed sender.

Now obviously, I can't guarantee that you aren't infected, but I'm pretty damn sure I am not, and I also get those mails occasionally.
 
Yes! Klez will spoof. The last attempt I had on my system was this week, and the sender was "postmaster" @my ISP! It is still a problem. I should have known that my ISP has no such person as "postmaster."
 
so is there a definitive way to detect if I have it or not? not tried the patch yet, but I'm assuming it'll just patch away regardless of whether the virus is found or not, and I'd like to know out of curiosity!

- seb
 
Install the patch! If you don't have klez yet, it'll help prevent it -- and other viruses currently out and soon to come out...

As far as "how can I tell if I have it??" --- run a virus scanner. If you don't have one, there are two that I've been recommending:
1. Housecall from Antivirus.com is a free online scanner. It won't prevent a virus, but will detect.
2. AVG from Grisoft is a free virus protection package that you can download and then runs all the time. Includes download and email scans. Regular updates of the dat files are obviously necessary, as with any virus package -- but they've provided for this to be automatic.

Good luck

OZEE
 
I would try to run one of the virus checkers in DOS, like F-prot. I have had many problems dealing with virii lately on client's computers where they will get them from email or what not and it keeps reinfecting itself upon booting into windows. Either work in Safe Mode or go to dos and use a good anti-virus program. Installing one after you are infected is too late cause the virus will corrupt the antivirus program. If you have an antivirus program previously installed, make sure it is up to date at least once or twice every two weeks. If you have the Klez virus, you might have the Elkern virus as well. Some checkers will not find some virii or you will have to manually delete files if they can not be disinfected.

I cleaned off my boss' home computers and found the klez, Elkern.c, and Kriz virii on it this time. The Klez would reinfect itself if you tried to clean it from windows so you need something to clean the memory and to be able to clean it from the windows files that are open when Windows is run so I did it in DOS (more difficult to do in NT systems). You will probably have to edit the Registry as well to get the virii completely off the machine. Everything seemed fine after reinstalls and then several scans, and then I reinstalled NAV after finding it had the rescue disks and liveupdate was corrupted with the virii, and it found two more virii after running another scan overnight. This time they had the HLLW.Acebo and the HLLW.Bymer virii.

Hehe You can't imagine how irritating it is to keep finding different virii all the time on systems that have been "supposedly" clean. On one of their old machines downstairs I was asked to clean off this one virus and found 5 others on the machine at the same time. I have only had virii two times on my own machines in the past, one was due to carelessness in downloading and not checking my download, and the other was from backing up a friend's machine onto my own before scanning it for virii.

If all else fails, and sometimes this is the best solution, you can always reformat and reinstall. If enough programs are corrupted then you'll have to reinstall anyway. In any case, make sure that you aren't infected first cause as they say, the klez will spoof, but I'm not sure which or if all strains will do this. Symantec has some good info on cleaning specific virii from your machine if you go to the site and search on the specific virus. You can also go to several anti-virus sites to do an online and limited scan of your computer to see as well if you are infected.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top