FAO Jack Clark or other AV experts!
#1
Scooby Regular
Thread Starter
Join Date: May 2000
Location: MY00,MY01,RX-8, Alfa 147 & Focus ST :-)
Posts: 10,371
Likes: 0
Received 0 Likes
on
0 Posts
Bit of a problem:
Sal received an email from Richard Askew this morning that she had unknowingly sent him an email with the title - "Welcome to my hometown". This I know refers to the W32/Klez.h@MM virus. This would appear to have originated from Sal's 'Scoobychick@scoobynet.co.uk' email address.
What we are not sure is where it came from. I run McAfee AV Clinic on the PC at home. I did a full system sweep last week and it found nothing. I know that this is a clever virus and it can turn itself off to avoid detection, so I have been following the instructions on the McAfee Clinic homepage to do a manual sweep, just to check.
I've had a look at the suggested registry entries and there is no reference to the infected file. I've also checked to make sure I'm running the latest DAT files.
I was trying to run the manual sweep from a command prompt following the instructions for W2K. In these it asks you to open the following path:
cd \progra~1\common~1\networ~1\viruss~1\4.0.xx
The problem is I don't have a 'networ~1' sub directory (I'm assuming this would refer to networked drives or something similar (which I don't have)?) Also I can't find the 'scan.exe' file that the instructions refer to aswell.
My question is: Is there another way of running the manual sweep to check our PC?
Details of the McAfee instructions can be found here
Any help appreciated.
Cheers
Chris
Sal received an email from Richard Askew this morning that she had unknowingly sent him an email with the title - "Welcome to my hometown". This I know refers to the W32/Klez.h@MM virus. This would appear to have originated from Sal's 'Scoobychick@scoobynet.co.uk' email address.
What we are not sure is where it came from. I run McAfee AV Clinic on the PC at home. I did a full system sweep last week and it found nothing. I know that this is a clever virus and it can turn itself off to avoid detection, so I have been following the instructions on the McAfee Clinic homepage to do a manual sweep, just to check.
I've had a look at the suggested registry entries and there is no reference to the infected file. I've also checked to make sure I'm running the latest DAT files.
I was trying to run the manual sweep from a command prompt following the instructions for W2K. In these it asks you to open the following path:
cd \progra~1\common~1\networ~1\viruss~1\4.0.xx
The problem is I don't have a 'networ~1' sub directory (I'm assuming this would refer to networked drives or something similar (which I don't have)?) Also I can't find the 'scan.exe' file that the instructions refer to aswell.
My question is: Is there another way of running the manual sweep to check our PC?
Details of the McAfee instructions can be found here
Any help appreciated.
Cheers
Chris
#2
Its will probably be very hard to track down the source of the email, the virus changes the senders address to a random one from the victims address book.
You could look in the email header and try to work out from which isp the email came from. Thus, maybe, finding out the actual sender and warn them.
As for removing it, I have no idea, sorry.
H
You could look in the email header and try to work out from which isp the email came from. Thus, maybe, finding out the actual sender and warn them.
As for removing it, I have no idea, sorry.
H
#3
Scooby Senior
H is correct. Even if your version of McAfee is a month or more out of date it would pick up this 'pain in the butt' virus.
There are infected mails floating around that appear to come from my work email address as well. I can assure you that my machine is clean although it did cause me a major headache.
There are infected mails floating around that appear to come from my work email address as well. I can assure you that my machine is clean although it did cause me a major headache.
#6
Just had the same happen to me...
The message sender was
Scooby@cxi.org.uk
The message was titled Hello,meeting notice
The message recipients were
GraemeF@teletext.co.uk
The message date is Sun, 12 May 2002 14:14:44 +0100
Found the W32/Klez.h@MM virus !!!
Impressive considering I was about 20 miles from my PC sat in the front garden at Michelle's enjoying the sun.
Does Klex pull addresses from your IE Cache? That's my published ScoobyNet addy and not one I use a lot.
The message sender was
Scooby@cxi.org.uk
The message was titled Hello,meeting notice
The message recipients were
GraemeF@teletext.co.uk
The message date is Sun, 12 May 2002 14:14:44 +0100
Found the W32/Klez.h@MM virus !!!
Impressive considering I was about 20 miles from my PC sat in the front garden at Michelle's enjoying the sun.
Does Klex pull addresses from your IE Cache? That's my published ScoobyNet addy and not one I use a lot.
#7
KLEZ is a very tricky one to pinpoint. We had one arrive here that got stopped. Was pretending to be sent from the recipient here and contained text that he had put up on a BBS about 2 years ago!! The headers were all full of crap. Latest patterns will protect you.
Trending Topics
#9
Scooby Regular
iTrader: (1)
Join Date: Feb 2001
Location: Nobbering about...
Posts: 16,067
Likes: 0
Received 0 Likes
on
0 Posts
Chris
Yep same thing here, I apparantly sent one to myself when I was nowhere near my pc too
Had another today from someone I don't know, deleted it without reading tho'.
What a git of a virus [img]images/smilies/mad.gif[/img]
Sal
Yep same thing here, I apparantly sent one to myself when I was nowhere near my pc too
Had another today from someone I don't know, deleted it without reading tho'.
What a git of a virus [img]images/smilies/mad.gif[/img]
Sal
Thread
Thread Starter
Forum
Replies
Last Post
Mattybr5@MB Developments
Full Cars Breaking For Spares
28
28 December 2015 11:07 PM
Mattybr5@MB Developments
Full Cars Breaking For Spares
12
18 November 2015 07:03 AM