Warning

 

Close

Confirm Action

Are you sure you wish to do this?

Confirm Cancel
Member Login
Site Notices
1/25/2018 7:38:29 AM
Posted: 6/1/2002 10:37:05 AM EST
In the past 24 hours I've recieved over 300 e mail messages. About 10% are "returns" of messages I sent to other AR15 site members which I never sent, The other 90% are messages from a screening outfit, telling me that I'm infected. What the heck do I do now?
Link Posted: 6/1/2002 10:40:55 AM EST
I assume you have the latest Nortons installed and the latest definitions as well, right? Then do a complete scan on your computer to see if you are infected. The virus takes random email addresses it finds in the infected computer and puts them in the "from" line in the email message so that it looks like someone else is sending them.
Link Posted: 6/1/2002 10:42:37 AM EST
[Last Edit: 6/1/2002 10:47:19 AM EST by Aimless]
Link Posted: 6/1/2002 10:54:40 AM EST
Aimless, That's just it. I NEVER open any attachment, unless it's from my brother, and he's called me to tell me he was sending something. That's why I don't understand this. Oh well, thanks for the reference. I'll give it a try.
Link Posted: 6/1/2002 10:56:36 AM EST
Link Posted: 6/1/2002 2:19:14 PM EST
I've been hit a few times myself. But, most of it goes to either my Hotmail account, or Norton gets it. It never ceases to amaze me how many people don't have antivirus protection...or if they do, the don't configure it to automatically update their definitions. It's not like virus' are something new! Even those who should know better are either too cheap or too mentally challenged. Maybe we could get the politicians to make it illegal to own a PC without virus software. Then they could fine individuals who don't have it...a new source of revenue!
Link Posted: 6/1/2002 2:31:46 PM EST
I've gotten about 20 that say they are from you.
Link Posted: 6/1/2002 2:37:29 PM EST
Link Posted: 6/1/2002 2:42:30 PM EST
go to www.grisoft.com and download the free virus protection software, its the best on the market, and its free.
Link Posted: 6/1/2002 3:28:38 PM EST
Originally Posted By bunghole: I've gotten about 20 that say they are from you.
View Quote
Bunghole; From me?? I think someone else is spoofing my address. I just scanned with Norton AV, then download the Symantec Fix/Detector and nothing was found either time. Could you send me a copy of what you received, including headers so that I can be sure. neilf99@hotmail.com. Thanks Neil
Link Posted: 6/1/2002 3:36:20 PM EST
[Last Edit: 6/1/2002 3:37:33 PM EST by neilfj]
Originally Posted By Aimless: Sounds like Klez-this is the removal tool [url=]http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.gen@mm.html[/url] You must have opened an infected e-mail/attachment. One of the 5 infected e-mails I got in the last 3 hours is from a worldnet account so I guess that's you.
View Quote
I got one a short time ago from shamayim. Here's the header:
From : ip_atty To : neilf99@hotmail.com Subject : Marginheight Date : Sat, 1 Jun 2002 22:42:56 +0000 MIME-Version: 1.0 Received: from mtiwmhc22.worldnet.att.net ([204.127.131.47]) by hotmail.com with Microsoft SMTPSVC(5.0.2195.4905); Sat, 1 Jun 2002 15:42:52 -0700 Received: from Acybohwsu ([12.92.218.74]) by mtiwmhc22.worldnet.att.net (InterMail vM.4.01.03.27 201-229-121-127-20010626) with SMTP id <20020601224224.OITD13408.mtiwmhc22.worldnet.att.net@Acybohwsu> for ; Sat, 1 Jun 2002 22:42:24 +0000 Message-Id: <20020601224224.OITD13408.mtiwmhc22.worldnet.att.net@Acybohwsu> Return-Path: shamayim@worldnet.att.net X-OriginalArrivalTime: 01 Jun 2002 22:42:52.0306 (UTC) FILETIME=[A9DC6F20:01C209BD]
View Quote
You can see the real person who sent it on the next to last line, "Return-Path: shamayim@worldnet.att.net" The virus put in the false "From" address of ip_atty .
Link Posted: 6/1/2002 5:06:41 PM EST
No neilfj, from shamayim.
Link Posted: 6/1/2002 5:38:50 PM EST
I am being hit virtually every day by variants of the W32.Klez.xxx virus. A couple of weeks ago it hit me for the first time. At that incident, I'm not sure my virus scanner effectively deleted the virus since it was an older version of McAfee. I immediately disconnected my system from the Internet and went through a detailed and tedious cleansing process using DOS. This virus is a nasty worm that travels around using e-mail and the address books in your computers to resend itself out to everyone listed in your computer address book in Outlook and Outlook Express. I understand that unlike some viruses, you do NOT have to open an attachment for this virus to infect your computer! If the virus arrives in your inbox and you don't have a up-to-date anti-virus program running...you’re screwed! A detailed description on the McAfee site indicates that certain versions of the Klez series viruses contain TIME BOMBs...sub-viruses that go off on certain dates during the year and wreak havoc with your hard drive by overwriting files so this virus has the potential to be very destructive if not removed. I know of a couple of folks who failed to detect and clean this bug and they did lose their hard drives. Additionally, you may have been hit by mail delivery from someone whom you know...but the message in fact did not come from the person in the "From" box. Here is a bit of info on how the little critter works, from out friends at Symantec: "Some variants of this worm use a technique known as "spoofing." If so, the worm randomly selects an address that it finds on an infected computer. It uses this address as the "From" address that it uses when it performs its mass-mailing routine. Numerous cases have been reported in which users of uninfected computers received complaints that they sent an infected message to someone else. For example, Linda Anderson is using a computer that is infected with W32.Klez.E@mm; Linda is not using an antivirus program or does not have current virus definitions. When W32.Klez.gen@mm performs its emailing routine, it finds the email address of Harold Logan. It inserts Harold's email address into the "From" portion of an infected message that it then sends to Janet Bishop. Janet then contacts Harold and complains that he sent her an infected message, but when Harold scans his computer, Norton AntiVirus does not find anything--as would be expected--because his computer is not infected." I am using Norton Antivirus to scan every mail message, both incoming and outgoing. Norton appears to be very effective in stopping this virus. Go to the Norton website: http://www.symantec.com/ and select the "Search Virus Encyclopedia" hyperlink. Select the "W" option and follow the directions to the explanation of this annoying virus. There are even directions on how to delete this bug if you are infected. GOOD LUCK!!!
Link Posted: 6/2/2002 3:23:44 AM EST
OK---Finally, after three go arounds, the symantec program tells me that the virus is out of my system. Very interesting--neilfj points out that I'm the "real person" who sent him an infected email. My only contact w/him has been thru a note I put on this board sympathising with what he and others up in Massachusetts have to go thru re gun ownership. My assumption is that the virus has infected this site, and that anyone using it is likely to get it (including this note). Anyway I'm going to withhold posting on the site for awhile, until I'm sure we've got this thing whipped. To anyone who has had a problem w/ stuff that supposedly came from me, my apologies. Honest guys, I had no idea what was going on.
Link Posted: 6/2/2002 5:28:25 AM EST
Originally Posted By shamayim: OK---Finally, after three go arounds, the symantec program tells me that the virus is out of my system. Very interesting--neilfj points out that I'm the "real person" who sent him an infected email. My only contact w/him has been thru a note I put on this board sympathising with what he and others up in Massachusetts have to go thru re gun ownership. My assumption is that the virus has infected this site, and that anyone using it is likely to get it (including this note). Anyway I'm going to withhold posting on the site for awhile, until I'm sure we've got this thing whipped. To anyone who has had a problem w/ stuff that supposedly came from me, my apologies. Honest guys, I had no idea what was going on.
View Quote
Shamayim; The virus reads the HTML code of the website you are visting, picking out email addresses from the page (in addition to your Outlook Address book). If you hold your cursor over the mail icom above each post, you can see at the bottom of Explorer, it shows the email address of the person who posted it. That shows that the email address is in the HTML code. It's not that the you got the virus fm AR15.com, just that you had the virus and it harvested the email addresses from the board while you where browsing the postings. That's why in 'public' forums, I always use my Hotmail address. Let them get the virus! (Hell, they are owned my Microsoft, its only fitting that they get punished for causing/contributing to the problem, since their security holes are what most virus writers exploit).
Top Top