What do you know about W32.Klez? (part rant - part questions)

[His_kitty]

W32.Klez - What exactly is it? How do you get it?


Earlier today my NAV informed me that it was present and quarantined. Then wouldn't let me do anything else, just continued flashing that message. Finally I had to cold boot my computer.

Almost a week ago, my IE stopped letting me check my (Hot)mail. If I wanted to see what I had, it could only be done through my outlook express - which I hate using because of the security risks - I ran multiple virus scans in this past week, not only using my own NAV, but an online one virus scanner, as well. All saying nothing was wrong.

I must say this is not the first time that I have had worms or viruses, and unfortunately will probably not be the last.

So the only thing that I could do was reinstall my windows and wipe my hd. Which so happens to be the second damn time that I've had to do this, since mid March.

But I would like to know, if this could be the result of someone *hacking* me. Which btw, I also have had that *pleasant* experience (hence the last reinstallation).

I'm frustrated to tears with this situation, angry as hell that this seems to continue happening. If anyone has any suggestions on how to protect my computer, I'd greatly appreciate it.

Postscript - I have Norton's 2002 Interenet Security, and I do not open attachments from those that I do not know.

 

[solid_]

W32.Klez Info
W32.Klez Removal Tool
These links should help.

 

[MissTaken]

Klez is very capable of hiding itself from your virus scan.

Ack! I had quite a battle with it about a month ago. Frankly, I am still not convinced that my pc is clean, but after two different removal tools, I would hope so.

 

[His_kitty]

W32.Klez Info
W32.Klez Removal Tool
These links should help.

Thank-you for the links ... but I have in fact done some research on it.

I'm computer illiterate, so I suppose that I was hoping there would be someone here on the boards, who is pretty knowledgeable in this area, who could dummy up the explanations for me. *lol*

 

[His_kitty]

Klez is very capable of hiding itself from your virus scan.

Ack! I had quite a battle with it about a month ago. Frankly, I am still not convinced that my pc is clean, but after two different removal tools, I would hope so.

If you could tell me what removal tools you used, I'd appreciate it. Because it wouldn't surprise me if I got this again.

 

[LukkyKnight]

The explanation boils down to this:

It has variations, but it's game is to send mail with clever subject lines as a means of spreading itself around. The payload is in the attachments, and the "from" line is not you, but other people in your address book (depending how you do mail, that is.) This makes it damn hard to track back to the original sender, so it's hard to alert an infected friend that they are causing you a problem.

 

[His_kitty]

The explanation boils down to this:

It has variations, but it's game is to send mail with clever subject lines as a means of spreading itself around. The payload is in the attachments, and the "from" line is not you, but other people in your address book (depending how you do mail, that is.) This makes it damn hard to track back to the original sender, so it's hard to alert an infected friend that they are causing you a problem.

That does help some - thank-you

(sorry to be so much trouble)

Here is another thing, yesterday morning my NAV firewall was no longer on my toolbar, when I went into programs to see what was going on, it said it was disabled. Now, I know that I did not disable it, and since I am the only one who uses this computer, I know that no one else had either. It wouldn't allow me to enable the firewall again.

So I looked up what the causes for this could be, and it listed W32.Klez as a possiblity. I d/l the tool to search for it, but it said it wasn't present. Then today, my anti virus said it was. wtf is up with that?

 

[Shy Tall Guy]

If I wanted to see what I had, it could only be done through my outlook express - which I hate using because of the security risks

I dislike Outlook too, but I use it for almost all of my email, and I do it safely. If you keep it updated, and you disable opening attachments (as I do), it is fairly safe. It makes it a bit of a hassle when you want to open attachements, and then I enable it temporarily, but most viruses, etc. come through Outlook that way, so disabling it makes it a lot safer.

But I would like to know, if this could be the result of someone *hacking* me. Which btw, I also have had that *pleasant* experience (hence the last reinstallation).

I know nothing about Klez so I don't know. I am pretty careful and have yet to become infected in over 15 years as a computer professional. You should use Zone Alarm as it is an effective and free software firewall.

I do not open attachments from those that I do not know.

I do not open attachments from anybody unless I am expecting them and I am sure of what they are. Lost Cause keeps sending me attachments with no body in the message (despite me telling him not to), and I just won't open them - I delete them. Opening attachments only from people you know doesn't help if they get infected too. Only open those attachments you expect and are sure of, regardless of where they come from.

 

[Shy Tall Guy]

Here is another thing, yesterday morning my NAV firewall was no longer on my toolbar, when I went into programs to see what was going on, it said it was disabled.

Not all firewalls are created equally - get Zone Alarm it is one of the good ones, and it is free. There are ways to defeat it, but it is one of the better ones.

 

[His_kitty]

See the thing is, I don't believe this to be an accident.

I'm fairly certain that it's the same sick individual who keeps sending me trojan's and other stuff. He is a known hacker ...

Thank-you .... I'll check Zone Alarm out, when I get back home later today.

I appreciate all the help!

 

[fgarvb1]

sorry to here your troubles with the klez gang!

i urge you to buy zone alarm pro, as it will protect your e-mail.

One more thing are your windows updates in order? also klez can disable you norton anti-virus. (i think thats what said)

I don't remember which worm it was but some are infecting some files already infecteded by the klez virus. also klez is realy bad on windows 2000. i wish i had read the symantec news letter closer now.

 

[Weird Harold]

See the thing is, I don't believe this to be an accident.

I'm fairly certain that it's the same sick individual who keeps sending me trojan's and other stuff. He is a known hacker ...

It's quite possible that it's the same person, but it may not be intentional. If this individual is "a known hacker" but not a very bright one, his system could be loaded with various viruses, worm, and trojans that his system is sending out without him knowing it.

Klez is an E-mail Worm that attacks your Anti-virus programs as well as your system. It can arrive as an attachment or as an HTML format message.

It's very difficult to remove, but the link to the removal instructions is a good one -- just follow the instructions step by step.

I use PC-Cillin from Trend Microsystems, in part because it's not widespread enough to be specifically targeted by things like the Klez worm -- It's stopped Klez at least four times without any damage with it's "Real-Time" scan function.

 

[His_kitty]

sorry to here your troubles with the klez gang!

i urge you to buy zone alarm pro, as it will protect your e-mail.

One more thing are your windows updates in order? also klez can disable you norton anti-virus. (i think thats what said)

I don't remember which worm it was but some are infecting some files already infecteded by the klez virus. also klez is realy bad on windows 2000. i wish i had read the symantec news letter closer now.

Yes klez can get past the norton anti-virus ....

I have win 98, and have just reinstalled my NAV and norton's firewall ..... and took the advice to d/l zone alarm. So I'm keeping my fingers crossed!

Thank-you for the suggestion.

 

[LukkyKnight]

Somebody deliberately hacking-into/cracking your own, home computer is actually quite rare, particularly in comparison to viruses. The exception is if you've managed to somehow capture the concentrated attention of one particularly determined person with nothing better to do than get on your nerves. Forgive the way this sounds, but there's just not much of interest on most people's personal computers even though you may have pics of yourself and so on there... what's interesting to a real intruder is finding their way into a system with very useful data, such as financial information about lots of people.

 

[His_kitty]

It's quite possible that it's the same person, but it may not be intentional. If this individual is "a known hacker" but not a very bright one, his system could be loaded with various viruses, worm, and trojans that his system is sending out without him knowing it.

I'm almost certain that it is the same person. He is a known hacker and unfortunately he knows what he's doing and how to do it, without getting caught. If he has anything on his system, it's intentional.

It's very difficult to remove, but the link to the removal instructions is a good one -- just follow the instructions step by step.

The instructions were not hard to follow, I d/l the program to detect the klez, and it didn't. Even after NAV informed me that they had it quarantined.

I use PC-Cillin

I'll try that as well, I'm more than willing to load my comp down with protection against anymore attacks, f-disking is getting a lil old.

Thanks for all your help

 

[freakygirl]

If Norton quaranteened it.. it means it cleaned it up.. the worm should be gone

hence the reason you aren't finding it now.

Keep your dat files updated.. and make sure your firewall is up and running.

It's highly unlikely a hacker put this virus on your computer. It's main way of infecting is via emails. My AV popped up yesterday with 5 emails infected and NONE of them had attatchments. It was in the coding of the emails. (All of the infected emails were from different spam mails)


Klez has atleast 5 knows varients.. it's changing and evolving.. I read yesterday that it was worse than the Sir Cam virus...

Good Luck

 

[His_kitty]

Somebody deliberately hacking-into/cracking your own, home computer is actually quite rare, particularly in comparison to viruses. The exception is if you've managed to somehow capture the concentrated attention of one particularly determined person with nothing better to do than get on your nerves. Forgive the way this sounds, but there's just not much of interest on most people's personal computers even though you may have pics of yourself and so on there... what's interesting to a real intruder is finding their way into a system with very useful data, such as financial information about lots of people.

This is a person that I've known for close to 9 months, we were friends at first before beginning a brief online relationship. I did not know his past as a hacker (he was actually caught hacking when he was a teenager), or I would never have become associated with him. I simply thought he was a computer whiz.

I ended that relationship, and ever since he has harrassed me and my friends. Admitting that he has hacked into systems, of those around me.

Now had he not taken my ending that "relationship" so badly, or if he didn't have the abilities that he does, much less the fact that he has admittedly hacked, I would agree with you. It wouldn't seem plausible. He hacked into someone and found out their personal information (info that could possibly harm them), someone that I'm extremely close to.

He isn't interested in my personal information, his intent is to harrass; he is interested in cyber terrorism. I find it strange that anyone could be so obsessed or hell bent on making other peoples online lives hell.

I'm tired, I'm frustrated and I'm angry that he can't just leave things alone. I've had to 'drop' quite a few of my friends because of all these goings on, because I didn't know who I could trust. I'm upset that I had to leave the place that I had chatted at for two years, because of this man (a term that I'm using very loosely). I'm mad at him, and I'm mad at myself. Because I've been *hiding* for over a month now, and if you knew me, you'd know that isn't in my character to back down. But I feel so powerless.

I hope that I'm not coming across as a bitch here, or that I sound as if I'm jumping down your throat, because I'm not. Guess I'm just venting everything that I've been keeping in since March.

 

[Guru]

 

[His_kitty]

Thx Guru .... I'll do a scan before I go to bed tonight.

 

[Spinaroonie]

Earlier today my NAV informed me that it was present and quarantined. Then wouldn't let me do anything else, just continued flashing that message. Finally I had to cold boot my computer.

I know this'll sound like a buy my stock msg from a CEO, but don't trust that quarenteen. Klez is one of the trickiest pieces of code I've ever seen.

From http://news.com.com/2100-1001-885030.html by way of somethingawful:

The worm arrives in an e-mail message with one of 120 possible subject lines. There are 18 different standard subject headings, including "let's be friends," "meeting notice," "some questions," and "honey." On top of those, seven other patterns exist, such as "a x game" and "a x patch," where x can be one of 16 different words, including "new," "WinXP," and the name of any of six major antivirus companies.

In many circumstances, the worm doesn't need the victim to open it in order to run. Instead, it takes advantage of a 12-month-old vulnerability in Microsoft Outlook, known as the Automatic Execution of Embedded MIME Type bug, to open itself automatically on unpatched versions of Outlook. The program will also cull e-mail addresses by searching a host of different file types on the infected PC. Using its own mail program, the worm will send itself off to those e-mail addresses. In addition, it will use the addresses to create a fake "From:" field in the e-mail message, disguising the actual source of the e-mail.
----------------------------------

So in short... Scan and disinfect early and often. And also... seriously... Get rid of outlook.

A free, BETTER email client is available at: Http://www.eudora.com
Seriously, it runs circles around Outlook and Entourage.

 

[His_kitty]

Re: Re: What do you know about W32.Klez? (part rant - part questions)

I know this'll sound like a buy my stock msg from a CEO, but don't trust that quarenteen. Klez is one of the trickiest pieces of code I've ever seen.

I didn't trust it, for one because I knew that it effects your NAV, which is why I wiped my hard drive.

So in short... Scan and disinfect early and often. And also... seriously... Get rid of outlook.

A free, BETTER email client is available at: Http://www.eudora.com
Seriously, it runs circles around Outlook and Entourage.

Since my 'problems' started two months ago, I scan several times a week, and make sure that I keep it updated. I hadn't used outlook until I could no longer get into my hotmail (using a browser).

I've heard of eudora before, and I'll go have a look see at it.

thank-you for the info

 

[Raina]

Just my .02. Eudora rocks!

 

[Spinaroonie]

Eudora is the best. I would sooner Telnet into mail than use outlook.