Warning

 

Close

Confirm Action

Are you sure you wish to do this?

Confirm Cancel
Member Login
Posted: 4/27/2002 11:10:39 AM EDT
[Last Edit: 4/27/2002 12:58:50 PM EDT by Kevin]
If you are not aware last night Members all over AR15.com started getting Emails with Attachments I don't know all the ins and Outs but it seems to operate this way. File with Attachment sent to someones Email. It contains a VIRUS that could be the KLEF virus. It also contains a part where IT SENDS ITSELF , IT SEEMS TO EVERYBODY IN YOUR ADDRESS BOOKS. So if you recieve this Email do not think that someone on AR15.com has personally Attacked you. They have not it is just the actions of the VIRUS PROPOGATION mechanism, er process. It has hit AR15.com and also appears to have hit all over the Net. Ben EDITED TO ADD: Someone last night said it looked as if the Virus originated in Japan.. Also see thread about CIA warning of Chinese Cyber attacks.. I don't know if there is a connection. After all who the hell am I. This is just what I can Garner from what I have witnessed. Take it with a dose of salt.
Link Posted: 4/27/2002 11:16:49 AM EDT
I've noticed it too , also it seems to be alot of similiar activity through ICQ too . I have several ICQ address and the one i've got only listed here is getting weird messages too .
Link Posted: 4/27/2002 11:19:16 AM EDT
I got an email to my jarhead_22@hotmail.com addy yesterday that was 124k. When I opened it, there was no text, and no attachment. I closed and deleted it right away. What should I do? Set fire to my computer and pray to the Giant Space Turtle?
Link Posted: 4/27/2002 11:22:30 AM EDT
The Giant Space Turtle is fine...
Link Posted: 4/27/2002 11:24:51 AM EDT
Well Jarhead is your virus scan software up to date ? Is it configured properly to protect / scan email attachments ? Hope that Microsloth has its email service properly protected other wise keep an eye on your email out box .
Link Posted: 4/27/2002 11:27:49 AM EDT
Link Posted: 4/27/2002 11:30:56 AM EDT
Jarhead_22, might want to check your sys. I got an ICQ from you. This is why I like having a Mac.
Link Posted: 4/27/2002 11:51:46 AM EDT
[Last Edit: 4/27/2002 11:58:54 AM EDT by IAJack]
here is all the info you could possibly want on this virus. It attempts to and can disable some anti-virus software amoung other kewl traits. There is a specific scan and removal tool there for download too. [url]http://www.sarc.com/avcenter/venc/data/w32.klez.h@mm.html[/url] Later IAJack
Link Posted: 4/27/2002 11:53:52 AM EDT
Well, it would seem I have fallen prey to this crap also. I got an e-mail from "DJbump" yesterday. It had no subject line... but when I viewed the body of the message in the preview plane of Outlook Express, it had no message. A dialog box opened and then closed very fast. I hit {Alt-F4} and closed down my conection... too late. Now my connection tries to automaticly connect, if I let it, it stays active, this is not normal. I have the dam virus. Being on line is almost not worth it...
Link Posted: 4/27/2002 12:09:04 PM EDT
Originally Posted By Hydguy: Jarhead_22, might want to check your sys. I got an ICQ from you. This is why I like having a Mac.
View Quote
Mac or no Mac, you've got trouble. I don't have ICQ.
Link Posted: 4/27/2002 12:27:30 PM EDT
i've been getting a bunch of warnings from the ar15.com email system about [i]incoming[/i] messages. it quarantines it, no problem. but today i just got one that said i [i]sent[/i] one to paul@ar15.com. except that i never sent this email. am i in trouble? i've never received any weird messages in any of my other email accounts. damn, i hate geeky thugs!
Link Posted: 4/27/2002 12:31:53 PM EDT
Originally Posted By IAJack: [url]http://www.sarc.com/avcenter/venc/data/w32.klez.h@mm.html[/url]
View Quote
I went to the link above and downloaded the KlezFix tool, then ran it. I didn't have that virus on my box.
Link Posted: 4/27/2002 12:53:45 PM EDT
Originally Posted By Jarhead_22: Mac or no Mac, you've got trouble. I don't have ICQ.
View Quote
[shock]
Link Posted: 4/27/2002 1:02:45 PM EDT
Tacking this because I myself have gotten 2 or 3 suspect e-mails w/ attached files.
Link Posted: 4/27/2002 1:29:45 PM EDT
Link Posted: 4/27/2002 1:31:59 PM EDT
This virus can glean emails from other places in your computer than your address book. This is a big jump in ability for a virus. It can gather email addresses from temporary internet files, and cookies for instance. Apparently it can gather them from other sources as well, like ISP's, and it is most probably storing and collecting these address in a central location. I have received several warnings that I have sent emails that are infected but I have been scanning regularly every few hours and am always up to date on my anti-virus subscriptions. Good luck everyone and delete emails you are not expecting with attachments.
Link Posted: 4/27/2002 2:09:13 PM EDT
Originally Posted By DoubleFeed: They don't have one for Win98, do they?
View Quote
I ran it on my Windows Me system so it SHOULD work in Win98. 98 and Me are similar in that they are not part of the NT/Win2K family, so usually they are cross compatible. It wouldn't hurt to try. The fact that there's only one download available leads me to believe it's a one-size-fits-all file. Viper Out
Link Posted: 4/27/2002 2:27:15 PM EDT
I received 3 emails", all infected with "w32.klez.h@mm". Examination of the header file showed they were from "mcfadden@chesepeake.net". One was from JJMcFadden and the other two were from nonsense names. No two had the same profile or attachment name. Norton Anti-Virus caught them all and quarantined them. AR15.com Mail caught the others. Get Norton and keep current on the virus signatures.
Link Posted: 4/27/2002 2:49:47 PM EDT
Just to offer an alternative.. I use a program called PCCilin from trend micro. It does a great job of scanning and will scan your email before it's ever downloaded. It's free to try, less expensive to buy and in my experience (I've installed used every imaginable AV software) is much more stable and causes fewer problems than Norton or Mcafee. Their website always has really good info on virus problems and fixes also. Find it at [url]www.antivirus.com[/url] no, I'm not pimping it, I've just had really good luck with it. Mike
Link Posted: 4/27/2002 2:52:46 PM EDT
[Last Edit: 4/27/2002 2:53:32 PM EDT by Aimless]
Link Posted: 4/27/2002 4:03:27 PM EDT
[Last Edit: 4/27/2002 4:08:12 PM EDT by toaster]
I'm getting trashed too!! What the fuck!!! From: "System Administrator " Save Address | Headers To: CC: Date: Sat, 27 Apr 2002 01:57:29 -0400 Subject: WARNING: YOU WERE SENT A VIRUS -------------------------------------------------------------------------------- We Saved You Again !! *********************************************­********************* The Anti-Virus software on ar15.com has reported that you were sent a virus from Boomholzer@aol.com, with the subject "Get the big quality clips inside". The E-mail containing the virus has been quarantined to prevent further damage. *********************************************­********************* Virus Name: : W32/Klez.H@mm Attachment: Unknown File Message ID: <200204270357.6026600@webworldinc.net> Number of Recipients: 1 Queue Name: D3dc4aa4d014a8b2d.SMD Hostname of Sender: aol.com (c) 2002 WEB-Comm Technologies Corp. http://www.web-comm.com support@web-comm.com (c) 2002 Network Security Group Inc. http://www.NetworkSecurityGroup.com What the fuck!! Why do people do this shit!! -T.
Link Posted: 4/27/2002 4:54:19 PM EDT
Originally Posted By AR15forfun: Good luck everyone and delete emails you are not expecting with attachments.
View Quote
does this mean then that the virus/worm only strikes from an attachment? i have received NO attachments in any of my emails and i'm still getting this stuff. grrrrrrr. i repeat: i hate geeky thugs.
Link Posted: 4/27/2002 5:38:10 PM EDT
Originally Posted By DakotaKid: Just to offer an alternative.. I use a program called PCCilin from trend micro. It does a great job of scanning and will scan your email before it's ever downloaded. It's free to try, less expensive to buy and in my experience (I've installed used every imaginable AV software) is much more stable and causes fewer problems than Norton or Mcafee. Their website always has really good info on virus problems and fixes also. Find it at [url]www.antivirus.com[/url] no, I'm not pimping it, I've just had really good luck with it. Mike
View Quote
Yeah I'll give my vote towards Trend Micro as well, came with my computer when I got it but I'm happy with it. If you don't like Norton or if you want a decent alternative, I believe Trend is a better choice than McAfee.
Link Posted: 4/27/2002 6:13:01 PM EDT
I got it too! I used this to get rid of it. [url]http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.removal.tool.html[/url]
Link Posted: 4/27/2002 6:43:52 PM EDT
Link Posted: 4/27/2002 7:31:40 PM EDT
I had a user Friday tell me he was not getting the attachments. Sure enough he was using Outlook 2002 (I think), but definately not Outlook Express. I attributed it to that, as I was getting it all day long with the attachments in Outlook Express. But now I am receiving some without the attachments. It must have something to do with the originating machine and what you are using locally. This is one complex little critter.
Link Posted: 4/27/2002 8:23:10 PM EDT
I got hit with this about 3-4 days ago.
Link Posted: 4/27/2002 8:36:59 PM EDT
My inbox is clean wonder why? could it be that I use original Windows 95 or that my outlook express email no longer works? Im stuck with my yahoo account. maby its good that I work with an obsolete system and my connection is so slow the virus cannot penetrate it! ;) or maby it wasnt designed to attack Win95 cause noone uses it anymore I would sugesst for now deleteing all AR15.com messages you didnt know were comeing and all messages from everywhere with attachments
Link Posted: 4/27/2002 9:24:15 PM EDT
Originally Posted By ARLady: does this mean then that the virus/worm only strikes from an attachment?
View Quote
Right. This is true in general. Generally, viruses transmitted by email can only be spread if they have some sort of attachment. Text, by itself, is always going to be safe. The trick is when you have preview on, and your system is set to automatically execute scripts. This allows the virus to install itself, spread, etc. Generally, you have to watch out for files with .exe, .bat, .com, .scr, .pif extensions. If you haven't gotten any of those, you should be in the clear. If you ever do get those, only open them if you trust the sender, and the sender makes it PERFECTLY CLEAR what the program is. Viper Out
Link Posted: 4/27/2002 10:36:28 PM EDT
Originally Posted By toaster: Message ID: <200204270357.6026600@webworldinc.net> Number of Recipients: 1 Queue Name: D3dc4aa4d014a8b2d.SMD Hostname of Sender: aol.com -T.
View Quote
I believe the "message ID" is MY email address. I have run numerous times Fixklez, an updated virus def of NAV, even did the manual removal instructions from symantec and there was NO TRACE of klez on my computer. I do not use nor ever have used outlook. Your address is not even in my address book. I still do not know WTF is going on. I am going to contact my ISP to see if they can help.
Link Posted: 4/28/2002 4:05:50 AM EDT
Link Posted: 4/28/2002 7:19:14 AM EDT
Link Posted: 4/28/2002 8:20:43 AM EDT
Sorry, but I just have to comment here on the utter and complete cluelessness of this thread.
Originally Posted By Benjamin0001: File with Attachment sent to someones Email. It contains a VIRUS that could be the KLEF virus. It also contains a part where IT SENDS ITSELF , IT SEEMS TO EVERYBODY IN YOUR ADDRESS BOOKS. So if you recieve this Email do not think that someone on AR15.com has personally Attacked you. They have not it is just the actions of the VIRUS PROPOGATION mechanism, er process.
View Quote
First of all, it's not a virus, it's a worm. And new virii/trojans/worms are literally being created on a daily basis. So why someone would get all bent out of shape over a common occurrence is beyond me. And tacking this thread just adds to the stupidity. These types of worms are soooooooo common that anyone who runs Outlook or uses the internet without a good anti-virus program is such a complete moron that they deserve to get infected and loose all their data, and I have absolutely zero sympathy for you. The fact that these worms spread like they do just goes to show you that there are millions of other morons just like you out there.
Originally Posted By Wolf_Spyder: Well, it would seem I have fallen prey to this crap also. I got an e-mail from "DJbump" yesterday. It had no subject line... but when I viewed the body of the message in the preview plane of Outlook Express, it had no message. A dialog box opened and then closed very fast. I hit {Alt-F4} and closed down my conection... too late. Now my connection tries to automaticly connect, if I let it, it stays active, this is not normal. I have the dam virus. Being on line is almost not worth it...
View Quote
You bought a several hundred dollar computer and pay $20-$50 per month for access, yet you refuse to spend $19.95 one time for virus protection? How stupid is that? Kid of like the guy who spends $1,000 on an AR-15 and ammo, but refuses to buy a set of $10 ear muff, then complains that shooting is making him deaf.
Originally Posted By Benjamin0001: EDITED TO ADD: Someone last night said it looked as if the Virus originated in Japan.. Also see thread about CIA warning of Chinese Cyber attacks.. I don't know if there is a connection.
View Quote
Excuse me? You do realize that China and Japan to two [b]totally different[/b] countries, don't you? Even though your prejudices make it seem like all Asians are the same, they have nothing in common. Kind of like saying England and Serbia are they same - hey, they're both white Europeans, right? So, look - if you haven't figured it out already; virii, Trojans, and worms are a fact of daily life on the internet. All you have to do is go buy, borrow, or steal a copy of NortonAV and you'll be fine. And if you're too stupid to do this, then at least give us all a break and quite whining about it!!!!
Link Posted: 4/28/2002 9:29:21 AM EDT
[Last Edit: 4/28/2002 9:33:48 AM EDT by Magic]
I received an email message that I guess was a media file because it tried to open my media player. I don't know who it was from, so I deleted it. I am not infected, but maybe I will open my mail with my Linux box for a while. [I forgot to add] Please piss off Steel_Rat. Not everybody is a computer genius like you.
Link Posted: 4/28/2002 10:20:11 AM EDT
WARNING: YOU WERE SENT A VIRUS The Anti-Virus software on ar15.com has reported that you were sent a virus from [b]wardfam@gte.net[/b], with the subject "A very funny game". Virus Name: : W32/Klez.H@mm Attachment: Unknown File [green]Somebody sent a [b]BUG[/b] (virus, worm, toad, frog; whatever) to my AR15 address. Since I don't know who this is, how do they get my address?[/green]
Link Posted: 4/28/2002 11:57:12 AM EDT
Originally Posted By Magic: Please piss off Steel_Rat. Not everybody is a computer genius like you.
View Quote
Hey, look everybody - I'm a computer genius!! [:P] Guess I better update my business cards: [img]http://www.mindspring.com/~steel_rat/Rat_Genius.jpg[/img]
Originally Posted By Benjamin0001:
View Quote
Uh, oh - looks like Benjamin0001 chickened-out and deleted his last reply. Too, bad - it was a good one, and I hate to see creative flames go to waste. [:P] My point was how dumb it is to post an alert for each and every new virus/Trojan/Worm that comes along. Every week someone starts squawking like Chicken Little about the latest horrible virus. But the w32.klez.h@mm worm is just your garden variety Visual Basic/Windows Script that exploits security holes in Outlook, hijacks your Windows Network Socket and sends out copies of itself to email addresses in your Address Book. Just like the thousands of variations that came before it, and will undoubtedly follow it, too. Now, people accuse me of being mean and rude, but let's take a look at this a little more closely. Magic has been a registered AR15.com user since Feb, 2001, so he's been on the Internet for more than a year. And Wolf_Spyder complains he got zapped by this worm, but he's been on AR15.com since July, 2001. Are you guys telling me that up until today you've never even heard of a computer virus before? Or, like millions of other people, are you getting bombarded regularly with news stories about these malicious programs but you failed to take any precautions at all. My money's on the second one. In fact, these worms are spread precisely because morons the world over do stupid things like use MS Outlook, won't install anti-virus software, won't run firewalls, won't configure their systems correctly, etc. And none of this demands that you be a Computer Genius. It does, however, require that you have 2 distinct brain cells to rub together. So, no - you don't have to be a computer genius to keep from being infected (and spreading!) viruses. (sic) All you have to do is go to the store where you bought your computer and buy NortonAV. Too hard? Go to their web page and they'll let you download it. Are you a little smarter? Go to alt.binaries.warez.ibm-pc and download it for free. If you are incapable of doing this, then you're too stupid to be on the Internet. And if you just plain don't want to, then you deserve everything you get. Now that you have been properly warned, please note that if you get hit with one of these worms and it wipes out everything on your hard drive, we're all gonna have a good laugh at your expense. Good luck, and be careful out there!!
Link Posted: 4/28/2002 12:06:06 PM EDT
Link Posted: 4/28/2002 12:51:04 PM EDT
Originally Posted By Gloftoe: You know, a REAL computer genious would make the damn picture work. [:P]
View Quote
[size=6][blue]DOH!![/blue][/size=6][shock]
Link Posted: 4/28/2002 1:43:32 PM EDT
Yeah, I deleted my post... After I got through I realized that YOUR post really didn't need a reply. Everyone would see it for what it was. Ben
Link Posted: 4/28/2002 5:23:15 PM EDT
People....PLEASE use and update a good anti-virus program. I'm getting these stupid notices from AR15.com at least 5 times a day. Computers should be like cars. If you're going to have one, learn how to use it before you get on the internet. Part of that is using anti-virus software. USPC40 ------------------------------------------------- [b][blue]NRA Life Member[/blue][/b] - [url]www.nra.org[/url] [b][blue]GOA Life Member[/blue][/b] - [url]www.gunowners.org[/url] [b][blue]SAF Supporter[/blue][/b] - [url]www.saf.org[/url] [b][blue]SAS Supporter[/blue][/b] - [url]www.sas-aim.org[/url] [img]www.ar15.com/members/albums/USPC40/alabamaflag.gif[/img]
Link Posted: 4/28/2002 10:41:20 PM EDT
Originally Posted By Steel_Rat: In fact, these worms are spread precisely because morons the world over do stupid things like use MS Outlook, won't install anti-virus software, won't run firewalls, won't configure their systems correctly, etc. And none of this demands that you be a Computer Genius. It does, however, require that you have 2 distinct brain cells to rub together.
View Quote
I have NEVER used Outlook. I have been using NAV. I have been using ZoneAlarm set at "high security". I don't open attachments. Now explain to me how my computer got infected.
Link Posted: 4/29/2002 2:51:28 AM EDT
Link Posted: 4/29/2002 5:54:24 AM EDT
[fantasy]When I find the little whore rat troll son of a bitch bastard that started this virus, I'm gonna destroy his little goddamned "central location" for all these email addresses. About 10 rds. of quadrangle buck should do the job. Perhaps then we can attach a 12 volt battery to his testicles, and torture him for the locations of his accomplices.[fantasy/] This whole thing really chaps my ass-I'm just glad that my virus software was up to date.
Link Posted: 4/29/2002 8:24:03 AM EDT
[Last Edit: 4/29/2002 8:27:25 AM EDT by Steel_Rat]
Originally Posted By Imbroglio: I have NEVER used Outlook. I have been using NAV. I have been using ZoneAlarm set at "high security". I don't open attachments. Now explain to me how my computer got infected.
View Quote
First, let me commend the efforts and precautions you've taken. But the sad truth is you cannot get infected without executing the virus payload. So somewhere you received an attachment and opened it. I did that once. (Oops! Maybe I'm not such a computer genius after all. [:)]) I was trying to move an attachment out of Netscape to a folder on disk so I could scan it when I inadvertently double-clicked it. All of a sudden Zone Alarm popped up with "Do you want to give MTX.EXE access to the internet?" Eeeeeeeeek!!!! I had to manually clean my system of the MaTriX Worm. So, unless you're using something that automatically opens attactments like Outlook or Microsoft Mail, or you have Java Script enabled in your mailer, you had to have manually opened the payload yourself without realizing it.
Link Posted: 4/29/2002 11:50:16 AM EDT
Here's what I do, and it has worked so far- I got burned by the happy99.exe virus years ago, and now delete like crazy w/o even reading if I don't know who it's from. BUT even before I do that, even before I open up Outlook Express/Windows95 (yeah, I know...) is, I go to www.mail2web.com., preview by title and sender who and what the email source and possible attachments are on all emails, delete if there is any questionable material, and write back to the sender via a separate Intenet yahoo.com acct, "Hey- what did you just send me?" So far nobody has ever replied. (I assume they have the virus, and I quarantine them from me...) Using this prcedure, I also haven't inadvertently opened up any email attachments w/virii, trojans, etc., KNOCK ON WOOD....... I have had lots of emails w/attachments in the past which I have not opened, but, nonetheless, merely highlighting the email containing them caused a GPF, and the OE window closed up. I used to get them everyday. Reopening the OE was done after deleting any emails around the offending one, then dragging and dropping the "good" ones back to the Inbox, and deleting the remaining contents of the Deleted Items folder on OE. Sheesh!
Top Top