Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

virus :( anyone?

  • 05-05-2002 9:42pm
    #1
    Ruu_Old
    Closed Accounts Posts: 36,634 ✭✭✭✭


    Return-Path: mizangel@htol.net
    Received: from [12.147.204.23] (HELO htol.net) by elivefree.net (Stalker SMTP Server 1.7) with ESMTP id S.0001285822 for <ruu@elivefree.net>; Sun, 05 May 2002 20:37:12 +0100
    Received: from Yjfuc [12.147.205.33] by htol.net
    (SMTPD32-7.07) id A9BF4330104; Sun, 05 May 2002 15:36:31 -0400
    From: reply-76694704-7 <reply-76694704-7@william.monsterjoke.com>
    To: ruu@elivefree.net
    Subject: Self.parent)
    MIME-Version: 1.0
    Content-Type: multipart/alternative;
    boundary=O4m0085rCK
    Message-Id: <200205051536761.SM01980@Yjfuc>
    Date: Sun, 5 May 2002 15:37:08 -0400

    thats the message source...and theres Service.C and bgcolor.bat attached...its deleted tho...anyone else get this?


Comments

  • #2
    halfab
    Closed Accounts Posts: 157 ✭✭halfab


    Looks like a version of Klez, showing sent from one address but actually going to another...

    Usually the person that it apparently comes from doesnt have the virus at all only that their address is in the address book of someone who has.. from www.sarc.com

    "This worm searches the Windows address book, the ICQ database, and local files for email addresses. The worm sends an email message to these addresses with itself as an attachment. The worm contains its own SMTP engine and attempts to guess at available SMTP servers. For example, if the worm encounters the address user@abc123.com it will attempt to send email via the server smtp.abc123.com.

    The subject line, message bodies, and attachment file names are random. The From address is randomly-chosen from email addresses that the worm finds on the infected computer.
    "


  • #3
    Hellrazer
    Moderators, Arts Moderators, Recreation & Hobbies Moderators Posts: 10,703 Mod ✭✭✭✭Hellrazer


    Got that damn klez last week.
    B*stard to get rid of.
    I used a prog I d/l from the net somewhere but the prog instead of cleaning the infected files it deleted them including some system files.
    Full re-install!!!!!!!:mad:


  • #4
    Winters
    Registered Users, Registered Users 2 Posts: 14,761 ✭✭✭✭Winters


    I would advise using Nortan Anti-Virus, i think thats the best. Al lyou would need to do is update it and it will get rid of it. You can Forward the email, along with the virus and they will get rid of it for you :D


  • #5
    Ruu_Old
    Closed Accounts Posts: 36,634 ✭✭✭✭Ruu_Old


    thanks guys, muchly appreciated :)


  • #6
    halfab
    Closed Accounts Posts: 157 ✭✭halfab


    If your system is infected with Klez already then installing Norton AV will do no good as klez prevents it from installing properly .. also if you virus definitions were not up to date at the time of infection then Norton AV will also be disabled .. (this doesnt just affect norton but all popular AV progs)
    but yea definitely Norton is well recommended provided you keep it updated.

    You will know if you are infected by a system slow down and a program called wink???.exe where ??? are random letters.. in your startup ( start -> run -> msconfig then startup )


  • Advertisement
  • #7
    Ruu_Old
    Closed Accounts Posts: 36,634 ✭✭✭✭Ruu_Old


    theres nothing out of place at startup..i didnt download the email or anything...i highlighted it..so i could delete it...and it came with the usual message "Some of the files maybe untrustworthy..." or whatever in Outlook...do u want to save or open the file, i clicked cancel and removed it..and deleted all the temp internet files..so i think im safe enuf...


Advertisement