[Fourlanders] Re: RED ALERT
Jim Worsham
wa4kxy at bellsouth.net
Fri Apr 4 01:49:57 EST 2003
I am back folks and all clean. Yes it was w32.klez.h at mm. For information
and tools to get rid of this bastard go to securityresponse.symantec.com
using an uninfected machine (I used mine at work). You CAN NOT use the
antivirus software installed on your PC to get rid of it because one of the
first things it does when it infects your PC is disable any antivirus
software that is installed. You have to use an uninfected machine to
download a special tool onto a floppy and then use it to clean your PC. You
then uninstall and reinstall your antivirus software. Don't forget to
update your antivirus software with the latest virus definitions and while
you are at it click the Start button and select Windows Update. Download
and install all the critical security patches (you will be amazed at how
many there are). I know I am sounding preachy but I just blew away two
evenings I could have been doing something else like spending time with my
kids to recover from this thing. I apologise to all I may have infected.
73
Jim W4KXY
----- Original Message -----
From: "Bert Rollen" <k4ar at arrl.net>
To: "Jim Worsham" <wa4kxy at bellsouth.net>; <fourlanders at contesting.com>;
"Reflector, SVHFS" <svhfs at contesting.com>; <svhfs at svhfs.org>;
<committee at svhfs.org>; <wa4njp at bellsouth.net>; <w4ru at bellsouth.net>; "Dick
Hanson" <k5and at adelphia.net>; "Brian McCarthy" <rfacres at akorn.net>
Sent: Wednesday, April 02, 2003 4:12 AM
Subject: Re: [SVHFS] RED ALERT
> Norton 2003 says that it is w32.klez.h at mm. If someone is infected, they
> must remove it prior to installing Norton updates (it blocks installation
> otherwise)
>
> The latest Definition is 3/26/03
>
> To remove Kleze, see the Symantec site
>
>
http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.removal.too
l.html
>
> BTW, this worm spoofs return email addresses, and contains its own SMTP
> generator, so it will look like it originates from anyone & everyone.
>
> Bert
>
> At 01:34 AM 4/2/2003 -0800, Jim Worsham wrote:
> >Guys something really bad is bouncing around between our PCs. DO NOT
open
> >anything from me with an attachment. Whatever it is Norton can't detect
> >it. To make it more interesting when I tryto go to the Norton website to
> >download updated virus definition files SOMETHING in my PC blocks the
> >connection. THE BASTARDS! I am ready to start lobbying for the death
> >penalty for folks that write these malicious programs. From the large
> >number of emails I have been receiving from EVERYONE I believe most
> >everyones PC is compromised. I am dropping off the internet for a few
> >days until I can figure out what this is, get my PC clean and figure out
> >how to protect myself. I suggest everyone else do the same. If you need
> >to contact me about this our any other business such as contesting and
the
> >conference you will have to contact me the old fashioned way via the
telephone.
> >
> >73
> >Jim W4KXY
> >_______________________________________________
> >SVHFS mailing list
> >SVHFS at contesting.com
> >http://lists.contesting.com/mailman/listinfo/svhfs
>
>
More information about the Fourlanders
mailing list