It embeds itself into every .exe that it can find. you are going to have to buy some help. I suggest the www.pandasoftware.com program. You will have to buy it because the free version does not have the upgrade in it. You will need to download the qpremove.com program that kills the virus. This b*stard virus will detect av programs and unload them from RAM and delete them if they aren't specifically equipped to deal with it. Panda only costs $25. d/l the titanium version; download the upgrade file; then run qpremove.com. Run it all the way through and allow it to rip the virus out of all the infected .exe's on your harddrive. Microsoft also recommends to install the latest service pack for IE. This is an IE bug being exploited in several ways.
That thing hit our office last week and sent our network guy into a frenzy. (My office looks sorta like the brainiacs on the Nick Burns SNL skit...MOOOOOVE!) Try this link for a Symantec clean up tool that's free. It worked on all of our systems and we have VirusScan installed on all of them (which picked up the virus but couldn't correctly identify it and when we updated our scanning software, still couldn't recognize Klez correctly or clean the infected files properly) http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.removal.tool.html
The thing is really just getting users to STOP opening random attachments!! We use Novell GroupWise, so it doesn't automatically start the file when it arrives, eliminating the machine-error portion of this. Instead, we have the USER error. <a href="http://slashdot.org/article.pl?sid=02/04/30/1858248&mode=thread&tid=128">It's the <i><b>NEW</i></b> Klez virus</a> -- not so malicious, but more of a worm. The thing about this is that it mails itself around to people it can find in random files on the hard drive. But the <i>BEST</i> part of it is that it spoofs the "from" address. So people get mail with random attachments that look like they're from people they know and trust not to send them virues. So they open that message, see no text, figure it's in that attachment called "run.exe" and try to open those attachments again and again. We got it first on Monday, and nothing happened yesterday, after I sent out advisories, etc. Now it's at it again, sending itself again and again!!!
The attatchment does not have to be opened. Its payload can hit you by exploiting a bug in IE where html code is run in an IFRAME simply by viewing the body of the email. Theoretically, this could hit any email program that uses IE to render email-based html. This is an IE bug, not an Outlook bug. The very first thing it does is starts embedding itself in all your EXEs. I believe it waits to actually send out email copies of itself. That's probably why it looks like it keeps coming back. All the user has to do is start a program that has code embedded in it, then the b*stard is in RAM all over again. You will need to upgrade IE on all those machines, imo, or enforce a rule to not use any email program that uses IE to render embedded HTML. And, I recommend running a complete harddrive scan on all the machines.
Hey guys: Disclaimer: I know nothing of viruses and how they weasel their way into a computer, but this thread caught my attention. Monday night around 11:30pm I was at work during the graveyard shift. One of my responsibilities is to check the email every so often so that I can reply to any customers having trouble with our website. Our email is Outlook Express by the way. Anyway, I see this email pop up to says, "Protect yourself from the Klez Virus". Without thinking, I clicked on it and whoever sent it basically said that if I clicked on the link provided that it would give me info on how to protect myself from the aforementioned virus. I did not click on the link, but at the moment I remembered that someone had mentioned to me before that even opening an email can release the virus into your computer. At that point, I began to worry. Now mind you, there are only 2 of us there and the IT guys are at home sound asleep. Well, I left Tuesday morning at 7am and was off on Tuesday. I go back to work tonight at 10pm. For those of you who know how this virus is unleashed or acquired, should I worry about being b****ed out tonight when I go in or do I have nothing to worry about? Unless it is brought up, I am keeping my mouth shut about it.
They won't likely know who did it. It spoofs the "From" to someone else, and mails via its own SMTP engine. But you should run that fix from Symantec first. Where did you see that about it infecting all *.exe files heypartner?
There's a REALLY easy way to avoid these viruses... <img src="http://a1424.g.akamai.net/7/1424/51/b926358f23e275/www.apple.com/imac/images/indextop01072002.jpg">
i got a mac so i dont have to worry about any viruses. there are downsides to macs but i dont see why you would go with ms over mac.
Price . . . Proprietary hardware . . . IMO, the PC platform is superior because of its open-ness. But MS operating systems aren't the greatest . . . <i>This</i> however, is: <img src="http://www.theforumisdown.com/uploadfiles/050102/tux.gif ">
Ultimately, I think we'll see more and more cross platform software and operating systems. OSX already utilizes a unix-like interface and that will only grow with Linux.
The reason Windows is so vulnerable and Macs aren't is for a simple reason: nobody uses Macs while everyone uses Windows. People who write worms and viruses are interested in infecting as many computers as possible, so they choose the dominant OSes. It's not as if Macs are necessarily more secure... There are already a number of Linux viruses, worms, and trojans. As Linux and Linux-based operating systems grow in popularity, expect the number of infections to increase...
Yeah, nobody uses a Mac. Only the entire recording industry, 90 percent of the publishing industry, a significant portion of educational institutions and the majority of graphic designers. Other than that, NOBODY uses a mac. I guess that's why Bill Gates invested invested so much in the company.
Ok, ok... SOME people use Macs. My point was that the market share of Macs is virtually nothing when compared to Windows. It wasn't a slight against you Mac guys, I was just talking numbers... According to MacCentral: "WebSideStory, a provider of outsourced e-business intelligence services, is reporting that the global market share for the Mac operating system has remained at less than 3 percent since January 1999. As of Jan. 2, 2002, it was 2.32 percent, compared to Microsoft's 96.28 percent as of the same date, according to WebSideStory's StatMarket, a source for data on global Internet user trends." As far as Microsoft's investment in Apple goes, I think it was moreso a way of keeping the antitrust guys away than an outright "commitment" to their products. Microsoft needed the Apple lawsuit dropped, and Apple needed the cash...
x34 is right. Windows probably owns 90-95% of the desktop marketshare... Virus writers are going to go after the OS that gets their baby spreading to the greatest extent and Windows is it. It's not the securest of OS's, but it's the most popular OS. Linux's desktop marketshare isn't even worth mentioning. Last December someone released data that said its marketshare had barely budged in the past 3 years and was at something like 0.25%. As for Microsoft's investment in Apple, I believe it was something like a 5% stake in the company, and it was nothing more than helping to keep the Feds off their asses. Jobs needed the money to revitalize Apple. The conference where he announced the investment was hilarious as the crowd booed the decision to allow Billy boy to "infiltrate" Apple. Now I'm sure Bill wouldn't mind taking over Apple desktops, too, but that's another story... I use OS X on my G4 and have 3 or 4 more computers with Windows 2000 and Windows XP. I think OS X has a good interface that's the equal of if not better than XP/2000. However, I think the application support for Windows is just so much greater for the things the average person does on a daily basis. There are more choices, but more importantly, there are more inexpensive choices. With Apple hardware and software, you sometimes feel as if you're forking over a kidney to get stuff! And for God's sake Mr. Jobs, get a mouse that can right click... it's soooo much more productive. I still love the G4/OS X combo, though. The majority of the security issues that people experience could be avoided if the users themselves would do simple things that help lockdown their pc's. It would also help if they don't try to open any and every attachment that comes to them from who-knows-where.
vengeance, As I recall, it was the Elkern "strain" of the Klez. It has the same repair instructions and exploits the same hole in IE. They probably just have two different payloads. Here is what I witnessed: That ****er loads on view of an email (despite the fact I have HTML viewing OFF and IFRAMEs OFF grrrrrr) and you see a little IFRAME popup for a split second. It is using an IE bug to launch code that opens the attachment without any help from you. At that point, I closed all programs and pulled out my internet connection, this took about 2 seconds. I brought up Task Manager and the b*stard virus was running a randomly named application called fnc317.exe (which is not searchable on the internet, just randomly named). And that ****er overroad my admin ability to terminate it or delete it. So, I'm thinking. OK this thing really isn't going to kill me and rebooting might not be a good idea until I know what it is. Within minutes it is peaking my CPU and nailing the harddrive. It is embedded itself into exe's. At that point, I am furious and declare war. That's when I pull out the credit card and buy Panda AV and d/l onto my laptop, burn a CD and install on the isolated machine. First time I run it, the mofo virus detects it and terminates it and then ****ing deletes the AV from my directory. That was a brand new version of Panda with a virus file dated 4/16. I had to reinstall and get the 4/26 one to wipe it out. It found over 500 infected .exe's. This was in the span of about an hour. I've been running a complete scan once a day sinse. I'm pretty convinced it wasn't intending to fire off massive emails of itself until after it embedded into .exe's. anyhow, that's my first virus experience. i'll be damned if that will happen again. upgrade your IE's.
Vengeance, Luckily we haven't had to battle this too much. Klez is a big pain in the a$$ though. We had one PC on our network (a server that some boso built) and it was infected with WORM_KLEZ.E. All of our workstations that log into the domain get Trend Micro Office Scan installed and all of the servers I build get Trend Micro Server Protect installed. So all of the other machines start going apesh!t when the infected machine begins propigating the virus to any freaking share on the network. The other machines automatically delete the virus, but the users all think they are infected when they see a pop-up on their screen saying that Trend has detected and QUARANTINED a virus.It is a real pain in the rear to track down because you can not tell what machine is pushing out the file. So we had to go to each machine... Besides that we usually block all viruses that come through email. We have Trend Micro ScanMail installed on the Exchange server plus we block EXE, PIF, SHS, SCR, VBS, COM extensions. The attachment blocking is a real life saver, especially when a new virus comes out. Most of the viruses usually come with one of the six attachments that we block so it gets stopped. This saved us from Code Red and Nimda. WORM_KLEZ.H http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=WORM_KLEZ.H Like Heyp says - patch your OS and keep your pattern files updated. If you don't do attachment blocking or email virus scanning you may want to think about it. Trend, Symantec, Mcafee, etc. have products for all platforms. http://windowsupdate.microsoft.com Microsoft is coming out with a Corporate Windows Update tool that you can run internally and force updates to all machines on your network. Free Online Virus Scanner http://housecall.antivirus.com/
