[thelist] OT: what to do with virus warning?

Syed Zeeshan Haider szh at hotpop.com
Fri May 24 11:12:00 CDT 2002 

Hi Peter,
This virus is indeed very dangerous and intelligent. It is just using
your e-mail address to send it-self from some other computer. To trace
the sender computer, one should look at "return-path" in the headers of
the viral mail. It can be explained in this way:

One of your friends has got W32.Klez.H at mm on his machine. This virus
creates a blank e-mail with two viral attachments, chooses an address
from the computer's address book and puts it in "From" field and sends
the mail using your friends account and machine. Sometimes this virus
grabs your address also from your friend's address book to put in "From"
field. It uses attractive subject lines like "A good tool for you" etc.
It uses pornographic subjects also. I have been receiving many e-mails
with this virus that is why I know a lot about it. It often disables the
anti-viruses. Somebody in TheChat called it anti-antivirus virus. It
also prevents live update of AV. I don't know much about Mcaffee AV
because I am using Norton AV. But both Mcaffee and Norton
(http://www.symantec.com/) have put small chunks on their web sites to
fight out this virus independent of the original AV on the system.
Therefore, you can use anyone. I used Norton AV and downloaded it from
http://www.symantec.com/. It sized 132KB.

Now do following things:
1.    Downloaded AV chunk from any site Mcaffee or Norton and run it on
your machine as instructed by the company.
2.    Alert all of your friends and relatives about this virus and ask
them to download and run AV chunks.
If they have virus, it is most probable that this virus is sending
it-self using your address from their computers and the recipients will
blame you for this as they will see your address in "From" field.
If you have this virus then maybe your computer is also sending viral
mails using others' addresses.
Hope this helps.
Syed Zeeshan Haider.
http://syedzeeshanhaider.faithweb.com/

----- Original Message -----
Date: Thu, 23 May 2002 13:38:31 -0400
To: thelist at lists.evolt.org
From: PeterV <peter at poorbuthappy.com>
Subject: [thelist] OT: what to do with virus warning?
Reply-To: thelist at lists.evolt.org

Hi, I received an email stating that I had sent a virus to someone. It
said:

"Please contact your system administrator.
The scanned document was QUARANTINED.
Virus Information:
The attachment HREF.pif contained the virus W32.Klez.H at mm and could NOT
be
repaired."

Now I have the latest Mcaffee virus definitions in my virus program and
it
scans all outgoing messages. I *am* getting lots of virusses lately,
about
3 a day, with email titles that seem scaringly familiar.

I am worried I am sending everyone virusses now! Any tips?
Peter

<tip>
Running Apache on Windows for local development and having problems? Go
to
your httpd.conf file, and change the loglevel line to "LogLevel debug".
This will add more detail to your error logs so you can find out why
apache
won't start or your virtualhosts won't work.
</tip>

More information about the thelist mailing list