hrm... nope don't see any information there that says it modifies the 'full message header'. also i do not see it saying that this is a outlook only virus, but that it does depend on the WAB for email addresses at that site, it also states that it goes after a internet explorer security hole. keep in mind the version that im refering to is klez.h commonly identified as w32/klez.h@mm

Attached Link: http://www.viruslist.com/click?_URL=http://www.viruslist.com/eng/viruslist.html?id=4292

yep thats the link i followed Virus

ohhh Okie dokie :) hope you can fix that

Here's a quick way on Windows Systems to see if you're infected with a Klez variant, according to VirusList.com: Go to Start: Find: Files or Folders. (It may be Start: Search: Files or Folders depending on your OS.) In the Named field, type: krn132.exe Make sure you are looking on your C drive and looking in all subfolders. (If somehow you got your OS on something other than the C drive, change the drive letter accordingly.) krn132.exe is the source file for the virus. If you're feeling adventurous, you can go look in your registry in: H_Key_Local_MachineSoftwareMicrosoftWindowsCurrentVersionRun Krn132 = %System%Krn132.exe (If you don't know how to look in your registry, you shouldn't be in there.) :-) Unfortunately, some viruses can disable your antivirus software, or tell the software to ignore it. At least in Symantec, you can check the Exclusion List and see if there's anything wacky in there. I have XP and only have *.nch and *.dbx in the Exclusion List which Symantec says should be ignored. AFAIK, the virus will show up on the Exclusion List if it is screwing with Symantec. (I check the List every so often to make sure nothing added itself in.) Hope this helps!

I really haven't paid too much attention to this one - as I use Explorer and Eudora (less security risks) The only way to be safer is to use Linux or a Mac :) The above info was copied from info sent to me by a friend who works for UUNET. From what I understand the new klez is just a tweaked version of the old one, the old definition still works. I'd just like to make sure that noone goes around slinging mud at people for no good reason. :)

not true cresent, thats why i supplied the utility, it file name is not always krn132, the utitily will scan for the normal klez files, removing them if it can or setting it to remove them on a reboot, then searches for infected files and disinfects them. I ran the utility 4 times because of knowing of past virus activity. the first time it removed the majority of the infections, reboot removed the main klez files, then i ran it again, nothing showed, did the /scanfiles and it began cleaning the klez file infections again. then did the same thing, ran it again after a reboot with /scanfiles and nothing showed. emailed sams, posted the uitility here for others, and that where all this rucus got started. Anyhoo will be waiting to hear back from sams, see if anythings found out, and on to better things.

I do not have that file, I went and looked and my friend checked my email and said it was clean.....I did another scan, all is well it says. I looked in the registry also, and it is not there, thank you so much for your help Cresent.....Sharen

I am going to run your tool Caleb just to really make sure, when it is done I will let you know the results. Sharen

Not too sure how this tool works though? Could you help me on this? Sharen

Lyrra wasn't slinging mud was trying to say 'hey people watch out, if your not sure grab this' not gonna take the blame for people reading into things that aren't there. anyhoo thx lyrra :)

its pretty easy to use, just running it does the normal scan, running it as kleztool /? will give you a list of things you can do (network scans, all drives, etc.), and running it as kleztool /scanfiles forces it to scan all files on the local machine.

um... thats not how that works but... ok ... if thats what you think. See its not the person sending it out, the Virus is sending out its OWN emails, sorry Genny.

Ok, Caleb68, so, if the Virus is sending out it's own e-mails, then how can Sharen's e-mails not be affected, if her computer is somehow infected? I guess I really don't understand how it works. I know I did get it a month or so ago, and I don't know who sent it, but I was lax and didn't keep up with the up-dates on my Virus program.......my fault for being lazy. But I still don't believe Sharen has it and passed it along to you. Just my opinion, so please don't take offense. (: Take care all. Genny

like this genny... think your tray programs, the ones down there by the clock, that just sit there doing nothing until a certain event takes place, weather it be a mouse movement, a incoming webpage, or a secheduled event. This virus works kinda along the same line, it waits looks for a event, spreads, sometimes sends a email if it can. :) hope that helps you understand a bit better :) p.s. no offense taken :)

This is nasty shit. Update your antivirus programs and scan to beat the band. Keep away from unsafe websites. Watch out for that damned Kazaa and any file sharing software. There are some freaky, nasty people out there. Backup and pray!

It seems to me caleb68, if you caught it, Sams3d would have also caught it.

...I also remember reading something about people spreading virus' with bogus virus protection/fix programs...

um... yeah ming... like i would be stupid enough to do that... datafellows is a company that Developes Virus Scanners.

you know what, forget it, next time i see something thats just not right and think about trying to help people, im just gonna say to hell with it. I do nice stuff for people all the time, and you know what... next to none ever say thanks or someone has to start some weird thing out of it and twist the original meaning... so, forget it, i give up.

It's worse than that, ragmaniac. Just watched "The Screen Savers" and they have alerted of a problem with HTML in Explorer 6 and Outlook that would allow malicious code to run JUST BY OPENING A WEB PAGE OR HTML E-MAIL. Boy, I bet I could walk right into MicroSoft with a M-1 Abrams assault tank and the entire Chinese army and they wouldn't notice. MS's internet security SUCKS!!! More holes than the space between atoms in a loosely binded gas. I get one or two Klez.h virus attachments every few days that are caught by Norton AV. People are idiots (sorry to those who aren't ;). Every computer sold should have a big sticker on the monitor that can't be removed that says: NEVER OPEN ATTACHMENTS - ALWAYS SCAN FOR VIRUSES - TRUST NO ONE. The only thing I hate more than spam are viruses. Kuroyume

Gosh, does that sound awfully familiar or what. Let's see "you have a messiah complex." Listen, you're wrong on this issue. Your premise is wrong. SAMS3D doesn't have the virus, and it wasn't right for you to mention this publicly. It wasn't right for you to be so abusive and profane when I and others tried to set you straight. On the other hand you did right by lettting Sharen know privately about the issue....Again you should know the nature of "the beast," and realize it's not on Sharen's computer. Now catch your breath, settle your mind down, and get some sleep.

Pzrite, what type of a virus did you get with that blank email from Renderosity? Cuz I got a blank email from Renderosity yesterday, but my program didn't pick anything up and there was no attachment. I would be interested to know so I could look for it specifically. Pendy

Pendy, here is the link for you where tim is talking about it being his fault and a mistake (the blank emails): http://www.renderosity.com/messages.ez?ForumID=12357&Form.ShowMessage=780859

Very nice caleb68. I personally have had several "arguments" with various people within these forums but none of them EVER had to resort to that kind of language. I actually use that language every day but NOT in a public forum. Regardless of how angry you are you do NOT need to use profanity. I would bet that the VAST majority of posters here would rather not see it as well. Either cool your jets or leave. It is obvious that your intentions were good, unfortunately you went about it the wrong way. Had you not been so combative, you could have learned the proper way to make everyone aware of the problem. But you HAD TO BE RIGHT and so you fought back. Now you look childish and irresponsible. Your best bet would be just to apologize (especially to ronknights for the language) and say you'll do better next time. That way everyone can get "back to work" and forget this nasty episode. Don't compound the problem and continue to be belligerent to everyone and play the victim. Everyone has a bad day - today was yours. God knows I have enough of them. Get some sleep and be fresh tomorrow! Best of Luck!

quiet franky, i dont give a shit anymore.. i try to do something nice and everyone has to make it out to a evil attack on eveyone, so personally, i could care less what people think anymore, im tired of trying to help people just so i open myself to be attacked by others... its really quiet stupid on there part and they ruin it for those who want to be helpful.... is this the first time this has happened? no... and has it happened at any other site then renderosity? no... ok yes... i am analizing the renderosity people but, from the responces that i recieve when im trying to be helpful, yes i do get irate at the people.... When people start turning thinngs around twisting the truth, its does really erk my chain and at lasss... i have finnally had enough of it... can i spell hell no, never have been able to and everyon who's ever chatted with me knows the same so don't come in here and hash on me about my spelling too. im really sick of it.. im not going to bother to try to help out anymore ... every time i've tried people attack over and over again, even if they have been proven wrong time and time again... its sickening. and well... good bye forums.. you've all shown me how stupid and self centered and idiotic you can really be.

Emotions are getting pretty high at this point but this topic can still be discussed with civility. Everyone take a deep breathe and step back from it for a while. You don't want me to use the 'smite' button. :)

Caleb: I agreed with you, and it will be a real lost if you leave the forums, please don't pay attention to people who is trying to make an issue from everything. We know how easy is to be attacked from someone over this forums, must of the time is to get the attention from other people, I think you were doing a good thing and I know you for our little chats we had, and I could say that I respect you as a member of this community as a modeler, so please think twice before leave, If you were able to help one person the day was not lost, even for those who think that they are deffending people who are not able to deffend themselfs, In this post I have not seen an attack from you or Sharen and Mike, too bad that sudenly merge from the shadows palantines to defend something that it is not defensible. I can't spell either :) the English is not my native language so I leave this message to be ript off for those language puritanes.

Just made me grab for my nitro glyc pills, and perform every scan on the planet. I received 3 blank rosity newsletters this week then 2 full copies?????? all within half an hour, Norton antivirus checked them all but none had attachments. I regularly get infected email attachments from people I've never had any contact with but who are in the same interest circles and have been blatantly accused and crucified on boards as the perp of others misery due to a virus using my email address gained from my website. My two pennies worth is that Sharen is one of the most helpful and complimentary people here, she has performed all the scans without result, has more than adequate protection and updates daily. Some diplomacy and respect is in order. Tommy.

Gee, Golly, Gosh, caleb68, you're sounding a lot like I sound sometimes. You are wrong on this issue, and you've chosen to compound your error by embarassing some fine people publicly, and becoming so damned abusive with your profanity and stubborness. You will not be proven right in your mistaken understanding about who has the virus. The facts have already proven you wrong. I only got involved in this discussion because I care very deeply for SAMS3D. I don't like to see Sharen feeling nervous or guilty. I also don't like people making public accusations that are wrong, and spreading paranoia or misinformation. I too get damned sick of all the people like yourself who think they have the right to insult, swear, persecute, send me threatening emails, piss on my grief at losing a family member, etc. The hell of it is that I usually don't act anywhere near as hostile or immature as those who attack me... So cool off, and take care of your computer and yourself.

Ron: I guess you are making a mistake trying to play the victime defendant on this treath, with my all due respect, if you don't have nothing positive to add, please remain quiet, you are not helping but raise the rage. Sincerly Virus

I'll be god-damned if I'll let someone tell me I've done something wrong here. I've been pissed on and I'll damned well tell someone I don't like it. It's my damned right.

Sheez talking about childish attitudes?

Bushi... Put this thread out of its misery, will you please... Disgraceful. Peace. Q

But you have the right to point that someone is wrong right? I've found this quite Interesting.

Love that Quixote nick :) Don Quijote de la Mancha le dice a Sancho Panza cuando al paso le salen unos perros: "Ladran porque cabalgamos" :) Sorry love that part of the Quijote.

If the parties involved want to continue this free-for-all they can do it via e-mail. Stop now!

And spreading more viruses trough e-mail? :) J/K bushi :)

You know, reading this whole string through from a safe distance is morbidly fascinating, like rubber-necking at a car accident. You've got a reasonably civil discussion trying to track down the source of a virus and prevent others from getting it, and then a firedancer jumps in and WHOOSH. Flare up. That starts to calm down, then more firedancing and WHOOSH. Absolutely fascinating. I've got to keep this in mind next time I go firedancing. And just so everyone understands my terminology and that I'm not trying to insult anyone, a firedancer is NOT the same as a troll, which is a common mistake. A troll purposely tries to create misery. A firedancer is someone who jumps into an argument that doesn't directly involve them. Often (usually?) the firedancer is trying to HELP settle the argument, although it's very easy for the argument to escalate rather than settle. I firedance quite often myself, as evidenced by the fact that I'm writing this message. (I find my dancing works better if I don't let myself get personally involved and know when it's getting too hot and I need to just leave, but that's just me.)

FyreSpirit, I appreciate your statement here. I can see how you'd be a firedancer. Situations like this are like situations when someone thinks a copyright has been violated. They're best handled privately. Obviosly those directly involved want to be informed, even if they might not be "infected or guilty." However any resolutions or solutions will be done between the involved parties themselves, and not in a public forum. It's also not a good idea to make public announcements and responses when one's emotions are in an uproar. At the same time it's not healthy to continually accept public flogging without standing up to be counted. I'm done here.

Okay, I took Caleb and Virus's advice and used their tool, it stated I was clean (in so many words) after that I also used Symantec's Klez tool to remove all Klez virus's if I had one, including the Klez H, that also stated I did not have the Klez or any form of the Klez virus or any virus, last thing I had Symantec scan my computer via cable link up, took 2 hours and the outcome was....I do not have the virus. I wish I could help you Caleb to track it down to find out where it came from but I just have no idea. Unfortunately alot of unessasarry comments were made, some just not warranted and some with a great deal of information, I learned alot through this as far as virus's go and will always keep that information, I also learned that Caleb was just trying to help, I would have preferred it not have been as public as it was, but since it was, let us understand Caleb's intentions were good. I thank all who tried to help and add more information....now lets go do what we do best here, and create. Thank you to all.....Sharen :-)

Wowah....sheesh...some folks need to chill out some....PEACE! Hey-as...only reason I am even adding my rusty pennies to this thread is cause of some similarities....a small time ago I started getting a heap load of viruses sent to me....one after another...I didn't know what fuckin' hit me...weird messages....always had a virus attached...fortunatly I have a very secure virus scan that intercepted each and every one and quaranteened it so's I could delete it after....just set up that way...;-) I was pissed....really pissed....mainly because this just wouldn't STOP!! I was so mad I had my isp trace it down and yeah....you know...it came from someone that belongs to the community. First instinct....post a big friggen message!!....WARN others....slay, destroy, how dare someone fuck around with my computer like this!! Well....hindsite told me to ponder another option...I messaged Audrie...Audrie has a sensible head and she gave me a very sensible answer...I followed through and it turned out that this person did not only not even KNOW, but it was actually a friend of a friends server, (something like that, not sure now), that was going all funky and sending out this virus not only to me, but possibly even others...who knows...who cares....no harm done really...but....maybe there might have been had I jumped on my hormones and posted my first instincts here. caleb68...I "do" understand your intent...I felt it myself...but on the other hand "maybe" it may have been wise to just wait a tad more till Sharen did get back to you...something like this could "innocently" blow into quite a fiasco...I mean....look at what's already happened here just from the fallout. You don't really need to defend yourself...or apologize...you meant well...but Sharen deserves the respect of letting this die now because in all actuality this don't seem like something she had anything to do with...and she has tried to be most gracious and helpful and concerning. SOMEONE ELSE may have been really pissed about this thread....it has worked out...why squabble with ruffled side effects, I don't think anyone needs that....huh..? Stay cool,....beautiful days... -Me

DragonWalk - Excellent!

I see these long threads in every major message board, and I wonder which is worse, the people who start them or the tens of know-it-alls who suddenly think they are newtorking/virus gurus who have the definitive explanation of what really happened.

There are posts in this thread from Genny, hogwarden, lyrra, ronknights and others that are making statements about Klez.H that are neither true nor helpful. While I don't agree with caleb68's approach in instantly making this a public issue, his intentions were at least honorable. I cannot say the same for the intentions of the people that then attacked him, armed only with what little they know about how email worms work (which clearly isn't much in the case of the aformentioned folks). What is the motivation of non-technical people to so openly display their ignorance?

Assuming caleb68 did not maliciously create those headers he posted (and I don't believe he did) he is correct about where his copy of the worm came from--from Sharen. The Klez worm is not server-based and it is not sophisticated enough to fake the header information he posted. Every copy of Klez.h that I have received has had the correct and true source IP address in the headers--only the "From:" field is spoofed, which is enough to fool most people. The rest of the header is an accurate account of the email routing. In fact, the rest of the email routing header information is added to the email as the message propagates the net. The Klez worm excutes ONLY on the infected end-user Windoze machine, and it DOES NOT have any effect on the servers that hop the mail and add the headers (Sorry Lyrra, I don't know who told you otherwise, but you're flat out wrong).

I've also examined the headers of numerous emails from people who claim I sent them the Klez. My email address was in the "from" field surely enough, but none of the other routing information matched my computer, which is a Unix-based Macintosh BTW, not even capable of executing Klez's code.

I was especially moved by Ron Knights telling caleb68 to "shut up" with his "faulty knowledge". The irony of this had me doubled over with laughter. From a debate standpoint, when you have reduced someone's defense solely to "shut up" and profanities, you have won!

-Adam

I think it's time to put this one to bed. From all appearences it's going to start heating up again and at this point it is serving no useful purpose.