Attached Link: Klez.H Virus Disinfector

Hi all, sense sams3d is a poser prop site i figured this is the best place to let you all know, if you recieve a email from Sams3d be really careful, the last one that I had recieved from him (recieved today) had the Klez.H virus attached to it and my system had gotten infected. I've wrote Sams3d about this but I thought I should warn all you other people in the meantime till he gets the email. A disinfector for this virus can be found at the attached link, run the file with /scanfiles to insure it checks your whole system for any dorment versions of the virus on your computer.

Hey there! This virus probably was NOT from Sams3D. It may have picked a random name FROM YOUR ADDRESS BOOK for the sender, to hide the real source of the infection. H:)

Attached Link: http://www.pc-cillin.com

Yes, Hogwarden is right, it doesn't mean that Sams3d is infected. I got the virus a month or so ago, and since then, my Virus scan NEVER gets turned off. I was getting e-mails from people here on the forum whom I have never contacted before, so who knows? You can also get the fix for free here, in case anyone needs it......and it will do a scan to let you know if you have it or not. Sorry to hear that you got the virus, it is a pain, I had to re-format, but now I am extra careful. Genny

sharens a dude?

nope opened it as it was recieved. it originated from SAMS3D. not the email addie in the sender header, the origin.

oh btw, sam3d isn't in my address book either.

Just so you know we have scanned our computers, all of them, we do it regularly every night, and I really mean it, every night, we have not been notified that we have the virus from Symantec or from pc-cillin, I do think you are incorrect. We get scanned from Symantec's site every week, full scan every night and update virus definitions every day, really we don't have it. We take great care when it comes to virus's and spreading them, we don't use Outlook express either, I know that doesn't really matter, but no email enters our site without being scanned and we send out our mail and it is scanned before we send it. So, please don't panic, I just don't think it came from us. Sharen (not a dude)

ok... whatever.

Guess Message Headers Really are getting good at lieing now then: Message recieved from SAMS3D After Emailing them about it: Return-Path: Delivered-To: webmaster@darkfaction.com Received: (qmail 14620 invoked by uid 508); 11 Jul 2002 22:42:28 -0000 Received: from unknown (HELO mailout5.nyroc.rr.com) (24.92.226.122) by chestnut.phpwebhosting.com with SMTP; 11 Jul 2002 22:42:28 -0000 Received: from Sharen (roc-66-66-101-140.rochester.rr.com [66.66.101.140]) by mailout5.nyroc.rr.com (8.11.6/RoadRunner 1.20) with SMTP id g6BMgML29552 for ; Thu, 11 Jul 2002 18:42:22 -0400 (EDT) MIME-Version: 1.0 Message-Id: 3D2E0965.00000D.01016@Sharen Date: Thu, 11 Jul 2002 18:40:37 -0400 -------------------------------------------------- Now, the Header of the Message containing the Virus: Return-Path: Delivered-To: webmaster@darkfaction.com Received: (qmail 21614 invoked by uid 508); 11 Jul 2002 20:39:59 -0000 Received: from unknown (HELO mailout5.nyroc.rr.com) (24.92.226.169) by chestnut.phpwebhosting.com with SMTP; 11 Jul 2002 20:39:59 -0000 Received: from Sharen (roc-66-66-101-140.rochester.rr.com [66.66.101.140]) by mailout5.nyroc.rr.com (8.11.6/RoadRunner 1.20) with SMTP id g6BLMYL177988 for ; Thu, 11 Jul 2002 13:39:29 -0700 MIME-Version: 1.0 Message-Id: 3D28B965.00000D.01016@Sharen Date: Thu, 11 Jul 2002 17:39:28 -0400

it cut out the return paths on both when posting, return paths on both were SC@SAMS3D.COM

Why does it say Received from Sharen, mine is suppose to say SAMS3D? Sharen PS: look I am not telling you that you did not get this virus, I am just saying it wasnt' from us. I don't know how to convince you. And I am sorry you were infected.

I got one this week but not from SAM's 3d. It seems someone is having a bit of fun, piggybacking viruses on people's addies here. My ISP has a trace on it. I plan to press charges ifwhen we get the bastard. Q

Un coup de dés jamais n'abolira le hazard
S Mallarmé

I don't think the sites themselves are doing it, rather a virus is scanning someone's favorites and sending out emails that emulate various domain names. Heck I got one from cnn.com a few days ago.

I came, I rendered, I'm still broke.

Attached Link: http://www.sarc.com/avcenter/venc/data/w32.klez.h@mm.html

Klez is known for email spoofing. Attached link explains.

thats part of the accual message header, i don't know why it says sharen, but that first one is a copy of the message header from the email i had just recieved, the second on is from the email that had the virus. Eather Viruses are getting really good at duping headers, and not just hiding the sender, or you guy's have one your scanners aren't picking up, thats the only thing i can think of.

If NetBios is up, that could be the computer name. In reference to the "From Sharon " That is if I recall my header stuff right from playing with QMail. Tom

okay, depakotez you lost me, what do you mean "In reference to the "From Sharon " That is if I recall my header stuff right from playing with QMail"...Sharen

Golly, this particular virus has been "in the news" for weeks or months. We all know the virus does its dirty work by sending infected emails to people listed in someone's address book. We know this virus does the work on its own without the knowledge or help of the owner of the infected computer. Personally I think it's every computer owner's responsibility to remain informed, and self-protected. That includes knowing that you can't accuse someone of giving you the virus just because the damned virus likes to play tricks. We're smarter than that. I think it's incredibly irresponsible to post a message that accuses someone of spreading such an infection/virus. In this case you've chosen two of the nicest and most generous people I know. Spend some time searching through any forum here at Rendeorsity, and you'll know you're totally wrong on your assumption. Then you can apologize.

Okay, just to make sure again, we downloaded the tool to get rid of all Klez's. We ran it and it came up with nothing, we scanned a full scan, nothing, I don't know what to tell you....let me ask you something though, you said it infected your computer, how did you know that, what did your computer do with this virus? I know that it is suppose to disable Virus protection, mine is still running, what else does it do? Sharen

Whatever ron, i know This virus, yes, i've read about and 1) for the virus to get sent out someone has to have it. 2) you have to be in that persons mailing list. 3) it does not modify the complete header of the email only the 'sender' address. So whatever anyone thinks, whatever anyone says, i was trying to be fucking helpful and prevent others from getting it as well. I don't give a crap if you think its irresponsible, from what im seeing this message came directly from somewhere on there server. Wheather it be there Mail server, or one of there networked machines, it orentated from there. Me apologizing? hell no, i ain't appologizing for squat at this point. Piss on it, Like i said in the begining I was TRYING TO HELP PREVENT ANYONE TO GET IT AND WAS SUPPLYING THEM WITH A TOOL SO THEY COULD MAKE SURE THEY DIDNT. Go bite off whoever's head your really upset with ronknight.

Listen, before we get into a full fledge war, I appreciate anyone notifying me that we might have a virus, they are nasty, and I for one wouldn't want it on my computer, you did notify me Caleb68, I am trying my hardest to find out what is happening, and it is just beyond me, I have tried to fix it, but keep coming up empty, I just want to know a way to find out if I have it. I do not expect an appology from you, I just don't want to panic everyone unless I do have it, and to be honest with you I just can't find proof that I do, if any one can help us out, I surely would appreciate it. Desparetly seeking solution, not war.....Sharen

BTW, I called Symantec, there tech support said, if I can run Norton Anti Virus, and have all the updates (they plugged into me while we were on the phone too), they said if I had the Klez H, Norton would not run. Any more suggestions would be helpful? Sharen

Sharen, you have two good antivirus programs. You've "done your homework" and verified you're not infected. You don't need to worry any more. I'm very sorry caleb68 chose to respond in such a violent manner. It appears he just needs to take care of business, catch his breath, regain his composure. Personally I'm pissed that someone can continue to dig in deeper once the mistake has been pointed out. But then I get a lot of that crap around here. And I find most of it totally un-necessary, assinine and childish. I either learn to live with it or I'll just say "screw you" to all the idiots. I do still care, and Sharen, you are one of the people who don't deserve this kind of treatment.

My ISP scans for viruses and initiates a trace when they find one. In my case, the virus seems to have originated from Asia and piggybacked on a email from Rosity. They have a name and they are making inquiries. If it's a Klez, it's evolved quite a bit. Stay cool, Q

Un coup de dés jamais n'abolira le hazard
S Mallarmé

Norton won't run if you have the Klez.H virus if norton gets infected with it. easiest way is to take that tool i supplied at the beginning and run it with /scanfiles, if its there it will detect it even if its laying dorment. No sam, i wasn't upset with you, i was upset with Ron for assuming something that he shouldn't have. I want to know how it got your guy's header when the virus doesn't modify the whole header, the sender wasn't even modified like its sapose to. Its really anoying yes, and being the first virus thats managed to get threw to me in over 3 years, it is something that i am concerned about. Considering its ur guy's full header, and looks to be the same besides one minor ip difference ( 24.92.226.122 vs. 24.92.226.169 meaning both machines are on the same subnet) I can only figure maybe its coming from the mail server.

A virus can pick up someone's email list and use that list to send out more viruses supposedly coming from that person's email. I just got a blank email from Renderosity.com with a virus attached to it. I've also had emails bounce back to me (supposedly one's that I have sent) saying the address can't be found. So what happens is, a virus can stay on various servers, spreading itself, long after the virus has been cleaned off of your computer - if you even had it to begin with. So please don't go jumping to conclusions, I'm sure the more reputable websites and brokers around here have better things to do than scare away their own customers by sending out viruses to them.

Sharen, The part of the header that says: " Received: from Sharen (roc-66-66-101-140.rochester.rr.com [66.66.101.140]) by mailout5.nyroc.rr.com (8.11.6/RoadRunner 1.20) with SMTP id g6BLMYL177988 : You'll see where it says Sharen there. That doesn't have to be the return email address but rather the computer's name, or the user's name on the computer. Basicaly, the computer identifies itself. Now, that header is very difficult to fake. But, the only real pointer would be the ip 66.66.101.140. Then again, I'm not sure, if Klez is able to fake headers that indepth or not. So I ain't saying it's you. Was just replying to where I lost you :) The thing you can do is test your computer's IP. If on a windows machine on Win98 you can go to Run and type in winipcfg. In the box that pops up it will give you the ip. If an NT based, like Win2k or XP go to Run and type in cmd, then when the command line pops up type in ipconfig, hit enter and it'll give you your IP there. Hope that helps some. If on a MAC, sorry I haven't done anything with them in too long to tell you how to navigate it's TCP anymore. Tom

Sharon, it may be on your isp's machine, to duplicate the header completely, though, unless your isp is stupid enough to be running m$ security hole central serverware, it shouldn't be vulnerable. I know that with the email's I have received from you there has never been any virus problems....netscape 7 doesn't seem to like html mail but that is a bug in the browser not a virus. ~g~ My isp (Shaw Cable) is stupid enough to prefer m$ products for their servers. so it is within the rane of possibilities that your isp uses them also. with me always interfacing online though a linux box, no virus gets through the unix security, never mind the av ware.

taken from : http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.gen@mm.html Email spoofing Some variants of this worm use a technique known as "spoofing." If so, the worm randomly selects an address that it finds on an infected computer. It uses this address as the "From" address that it uses when it performs its mass-mailing routine. Numerous cases have been reported in which users of uninfected computers received complaints that they sent an infected message to someone else. For example, Linda Anderson is using a computer that is infected with W32.Klez.E@mm; Linda is not using an antivirus program or does not have current virus definitions. When W32.Klez.gen@mm performs its emailing routine, it finds the email address of Harold Logan. It inserts Harold's email address into the "From" portion of an infected message that it then sends to Janet Bishop. Janet then contacts Harold and complains that he sent her an infected message, but when Harold scans his computer, Norton AntiVirus does not find anything--as would be expected--because his computer is not infected. If you are using a current version of Norton AntiVirus and you have the most recent virus definitions, and a full system scan with Norton AntiVirus set to scan all files does not find anything, you can be confident that your computer is not infected with this worm.

Caleb68, you're assuming your faulty knowledge is correct, and accusing someone publicly of being infected. You're causing them undue stress by insisting on this. Why not just shut up, fix your own computer, and call it a night.

oops realm of possibilities not rane of possiblilities

Meant to bold this part. This is where the FROM SHARON is coming from I would bet. For example, Linda Anderson is using a computer that is infected with W32.Klez.E@mm; Linda is not using an antivirus program or does not have current virus definitions. When W32.Klez.gen@mm performs its emailing routine, it finds the email address of Harold Logan. It inserts Harold's email address into the "From" portion of an infected message that it then sends to Janet Bishop. Janet then contacts Harold and complains that he sent her an infected message, but when Harold scans his computer, Norton AntiVirus does not find anything--as would be expected--because his computer is not infected.

Jaqui - exactly what i've been trying to say, thank you :). Ronkinghts - go talk to someone who cares what you have to say. no its not faulty knowlege about the virus, go read up on it before you shove your entire leg down your throat.

Hello, Just my two cents, but... There are new derivatives of existing computer virii popping up on a daily basis. So just because the anti-virus manufacturers, new sites, etc. say that a virus doesn't fake the entire header doesn't mean that someone out there hasn't "improved" upon the original virus. In my opinion, someone out there has your e-mail address and Sharen's e-mail address. The virus originated from that person's PC, faking the header to report that it came from Sharen's PC. I had this happen to me with a different virus. But that's just my opinion. Brian

storm rage - thats just the 'from' field, not the accual header.

Not entirely up to date on the virus since I don't get a lot of them.. 4 in the last 8 years or so. But Klex might have been "evolved" to spoof the header too If a new version is out and about. Not entirely hard to do for the right programmer who likes to cause problems. Anythings possible any more.

Right Caleb, The "Received: from Sharen (roc-66-66-101-140.rochester.rr.com [66.66.101.140]) by mailout5.nyroc.rr.com (8.11.6/RoadRunner 1.20) with SMTP id g6BLMYL177988" bit of the header doesn't mean the person's email address but their actual IP etc. It's not the from field, this is part of the mail header that usually only shows up if you ask for it because usally only mail servers have to worry about it. Though I know that QMail is a Linux/Unix app. And that's what this particular mail server was using. So, unless I'm behind on QMail it's not running on a Windows server and the serverhole on NT. Tom

thats feaseable but, they would have to have more then just sharens email address, they would need a header from one of sharens emails, as well as have my email address, to duplicate the full header of origination thats what would be needed. Not to mention 1/2 the header information is added in at the send server, so that would be a really intresting trick if a virus could pull it off, to change the header as it passes threw servers to get to where it needs to go, and at the same time keeping there modified header there as keeping the passthrew route. header spoofing has been going along for years now with email viruses, to try to hide who it came from, but like i said, for them to be able to match two emails to allmost pinpoint accuracy, thats pretty damn difficult, its alot harder then what it sounds.

Stormrage, I read that too, I downloaded the tool to get rid of it, it said we don't have it, Jaqui if my server (ISP) is infected should I contact them? Caleb, I will get to the bottom of this and will contact you, it won't be by email until I know for sure. Okay, gotta go get some more info. Sharen

Sharen, Your mail server is not infected. They are running QMail, which is impervious to Window viri like Klez. If in fact that was your IP etc. :) Tom

That's why my ISP's so agressive on this one Tom, I think. They feel it was aimed at them more than me. How a computer in Asia can bounce it off my ISP in Canada is beyond my limited understanding of such things. But I'm glad for the service. The first line of defence worked. Worth the 2 extra $ a month. Q

Un coup de dés jamais n'abolira le hazard
S Mallarmé

Attached Link: http://www.kasperskylabs.com

Something that I don't like about Norton antivirus is that in some sircumstances it is not able to find a virus, even with deepht scans or you can get false alarms with it. I'm not making free publicity, but the best antivirus software available in the market, from my point of view is the Kaspersky labs one, it has daily updates and it really stops the viruses before they can make any harm. There is nothing more anoying that get a virus from a friend. Ron I guess you should read first carefully the messages before jump and make statements, from my point of view Caleb68 was trying to make a service for this community, he was not trying to hurt Sharon or Mike. I just hope that you guys don't got that nasty bug. If you want further information just follow the Kaspersky labs antivirus link.

SAL9000 - Hello Dr. Chandra, Will I've dream?

I am pretty sure Caleb put the right one down, so how did you learn that? But now what is the next step? Sharen

thanks sharen, would like to know whats up, I think it would be a good idea to contact the server. depakotez - yeah thats why I posted the full header from both emailings, to show im not being mental here.

Virus, I am off to read your link, thank you...Sharen

Folks! I got one from myself to myself! It really can happen. I run Norton on both my desktops and update every friday when the new defs come out. My work system email runs some godawful mil spec spyware and it told me my Yahoo webmail account sent one to my work address. I scanned the entire contents all files and inside zips on both systems and they were clean. If either were actually infected I would be getting a lot of complaints from people in my address books and I'm not. Yahoo is supposed to be running norton and scans all incoming attachments. None of us had it, but there is a webpage I generated that has both addresses. Klez not only scans the outlook mailbox it checks my documents and windows temp includinng webpages you visit. It reads text files and looks for the name@xxx.yyy pattern and trys all it finds as addresses. It will change the from in the message but usually shows the true sender if you show the routing information (press Bla,Bla,Bla button in Eudora). However, the one I got from myself still said the sender was me. This is just another way the virus pisses people off! They really could have not sent it. Lets all just agree to scan all our systems tonight.

Caleb68, if this takes all night, we will find out the solution, also a good friend of mine is testing my mail now also.....thank you Genny...Share

Now every body take a deep breath. 1) the KLEZ virus fakes all header info 2) the KLEZ virus takes email info from the address book for both 'to' and 'from' headers. Ergo, someone who you both know has KLEZ 3) KLEZ is an Outlook only virus. Your chances of having it if you do not use Outlook are very, very small 4) KLEZ is old, and easily detected by most virus scanning software Okay? so every body chill out some. Lyrra

Klez is old, klez.h is newer, along with a few other klez.xx versions. anyhow... its cool sams3d.. theres a tool posted... people can take it or leave it, i managed to get rid of it from mine. lyrra - I still still can't see how it can change a full header before a email is sent, considering that the header info is made up along the way. P.S. were did you get your info from? i'ld like to read what your reading considering everyone else i've read is saying partial info, not full. thx in advance

Sharen (sorry about the Spell mistake in my previous message)I Hope the information there will be usefull for you. Caleb's link fo the removing tool is usefull too. Hope your system is clean. Best Regardings

SAL9000 - Hello Dr. Chandra, Will I've dream?

Attached Link: http://www.viruslist.com/eng/index.html?tnews=1001&id=48733

For more infromation about the Klez h virus you can follow the link here:

SAL9000 - Hello Dr. Chandra, Will I've dream?

hrm... nope don't see any information there that says it modifies the 'full message header'. also i do not see it saying that this is a outlook only virus, but that it does depend on the WAB for email addresses at that site, it also states that it goes after a internet explorer security hole. keep in mind the version that im refering to is klez.h commonly identified as w32/klez.h@mm

Attached Link: http://www.viruslist.com/click?_URL=http://www.viruslist.com/eng/viruslist.html?id=4292

here is a more explaining link:

SAL9000 - Hello Dr. Chandra, Will I've dream?

yep thats the link i followed Virus

ohhh Okie dokie :) hope you can fix that

SAL9000 - Hello Dr. Chandra, Will I've dream?

Here's a quick way on Windows Systems to see if you're infected with a Klez variant, according to VirusList.com: Go to Start: Find: Files or Folders. (It may be Start: Search: Files or Folders depending on your OS.) In the Named field, type: krn132.exe Make sure you are looking on your C drive and looking in all subfolders. (If somehow you got your OS on something other than the C drive, change the drive letter accordingly.) krn132.exe is the source file for the virus. If you're feeling adventurous, you can go look in your registry in: H_Key_Local_MachineSoftwareMicrosoftWindowsCurrentVersionRun Krn132 = %System%Krn132.exe (If you don't know how to look in your registry, you shouldn't be in there.) :-) Unfortunately, some viruses can disable your antivirus software, or tell the software to ignore it. At least in Symantec, you can check the Exclusion List and see if there's anything wacky in there. I have XP and only have *.nch and *.dbx in the Exclusion List which Symantec says should be ignored. AFAIK, the virus will show up on the Exclusion List if it is screwing with Symantec. (I check the List every so often to make sure nothing added itself in.) Hope this helps!

I really haven't paid too much attention to this one - as I use Explorer and Eudora (less security risks) The only way to be safer is to use Linux or a Mac :) The above info was copied from info sent to me by a friend who works for UUNET. From what I understand the new klez is just a tweaked version of the old one, the old definition still works. I'd just like to make sure that noone goes around slinging mud at people for no good reason. :)

not true cresent, thats why i supplied the utility, it file name is not always krn132, the utitily will scan for the normal klez files, removing them if it can or setting it to remove them on a reboot, then searches for infected files and disinfects them. I ran the utility 4 times because of knowing of past virus activity. the first time it removed the majority of the infections, reboot removed the main klez files, then i ran it again, nothing showed, did the /scanfiles and it began cleaning the klez file infections again. then did the same thing, ran it again after a reboot with /scanfiles and nothing showed. emailed sams, posted the uitility here for others, and that where all this rucus got started. Anyhoo will be waiting to hear back from sams, see if anythings found out, and on to better things.

I do not have that file, I went and looked and my friend checked my email and said it was clean.....I did another scan, all is well it says. I looked in the registry also, and it is not there, thank you so much for your help Cresent.....Sharen

I am going to run your tool Caleb just to really make sure, when it is done I will let you know the results. Sharen

Not too sure how this tool works though? Could you help me on this? Sharen

Lyrra wasn't slinging mud was trying to say 'hey people watch out, if your not sure grab this' not gonna take the blame for people reading into things that aren't there. anyhoo thx lyrra :)

its pretty easy to use, just running it does the normal scan, running it as kleztool /? will give you a list of things you can do (network scans, all drives, etc.), and running it as kleztool /scanfiles forces it to scan all files on the local machine.

I told Sharen to send me an e-mail and the results were: She has no virus! All is well on her computer and mine. I recieved the mail, my real-time monitor "ON", and then to make doubly sure, I copied the e-mail to a file and ran it thru the virus scan, and I also checked my e-mail program with the virus scan, and still nothing. I don't know how all this virus stuff works, but I am POSITIVE THAT Sharen is NOT infected. Take care, Genny

um... thats not how that works but... ok ... if thats what you think. See its not the person sending it out, the Virus is sending out its OWN emails, sorry Genny.

Ok, Caleb68, so, if the Virus is sending out it's own e-mails, then how can Sharen's e-mails not be affected, if her computer is somehow infected? I guess I really don't understand how it works. I know I did get it a month or so ago, and I don't know who sent it, but I was lax and didn't keep up with the up-dates on my Virus program.......my fault for being lazy. But I still don't believe Sharen has it and passed it along to you. Just my opinion, so please don't take offense. (: Take care all. Genny

like this genny... think your tray programs, the ones down there by the clock, that just sit there doing nothing until a certain event takes place, weather it be a mouse movement, a incoming webpage, or a secheduled event. This virus works kinda along the same line, it waits looks for a event, spreads, sometimes sends a email if it can. :) hope that helps you understand a bit better :) p.s. no offense taken :)

This is nasty shit. Update your antivirus programs and scan to beat the band. Keep away from unsafe websites. Watch out for that damned Kazaa and any file sharing software. There are some freaky, nasty people out there. Backup and pray!

It seems to me caleb68, if you caught it, Sams3d would have also caught it.

...I also remember reading something about people spreading virus' with bogus virus protection/fix programs...

um... yeah ming... like i would be stupid enough to do that... datafellows is a company that Developes Virus Scanners.

you know what, forget it, next time i see something thats just not right and think about trying to help people, im just gonna say to hell with it. I do nice stuff for people all the time, and you know what... next to none ever say thanks or someone has to start some weird thing out of it and twist the original meaning... so, forget it, i give up.

It's worse than that, ragmaniac. Just watched "The Screen Savers" and they have alerted of a problem with HTML in Explorer 6 and Outlook that would allow malicious code to run JUST BY OPENING A WEB PAGE OR HTML E-MAIL. Boy, I bet I could walk right into MicroSoft with a M-1 Abrams assault tank and the entire Chinese army and they wouldn't notice. MS's internet security SUCKS!!! More holes than the space between atoms in a loosely binded gas. I get one or two Klez.h virus attachments every few days that are caught by Norton AV. People are idiots (sorry to those who aren't ;). Every computer sold should have a big sticker on the monitor that can't be removed that says: NEVER OPEN ATTACHMENTS - ALWAYS SCAN FOR VIRUSES - TRUST NO ONE. The only thing I hate more than spam are viruses. Kuroyume

C makes it easy to shoot yourself in the foot. C++ makes it harder, but when you do, you blow your whole leg off.

-- Bjarne Stroustrup

Contact Me | Kuroyume's DevelopmentZone

Gosh, does that sound awfully familiar or what. Let's see "you have a messiah complex." Listen, you're wrong on this issue. Your premise is wrong. SAMS3D doesn't have the virus, and it wasn't right for you to mention this publicly. It wasn't right for you to be so abusive and profane when I and others tried to set you straight. On the other hand you did right by lettting Sharen know privately about the issue....Again you should know the nature of "the beast," and realize it's not on Sharen's computer. Now catch your breath, settle your mind down, and get some sleep.

Pzrite, what type of a virus did you get with that blank email from Renderosity? Cuz I got a blank email from Renderosity yesterday, but my program didn't pick anything up and there was no attachment. I would be interested to know so I could look for it specifically. Pendy

Pendy, here is the link for you where tim is talking about it being his fault and a mistake (the blank emails): http://www.renderosity.com/messages.ez?ForumID=12357&Form.ShowMessage=780859

Very nice caleb68. I personally have had several "arguments" with various people within these forums but none of them EVER had to resort to that kind of language. I actually use that language every day but NOT in a public forum. Regardless of how angry you are you do NOT need to use profanity. I would bet that the VAST majority of posters here would rather not see it as well. Either cool your jets or leave. It is obvious that your intentions were good, unfortunately you went about it the wrong way. Had you not been so combative, you could have learned the proper way to make everyone aware of the problem. But you HAD TO BE RIGHT and so you fought back. Now you look childish and irresponsible. Your best bet would be just to apologize (especially to ronknights for the language) and say you'll do better next time. That way everyone can get "back to work" and forget this nasty episode. Don't compound the problem and continue to be belligerent to everyone and play the victim. Everyone has a bad day - today was yours. God knows I have enough of them. Get some sleep and be fresh tomorrow! Best of Luck!

quiet franky, i dont give a shit anymore.. i try to do something nice and everyone has to make it out to a evil attack on eveyone, so personally, i could care less what people think anymore, im tired of trying to help people just so i open myself to be attacked by others... its really quiet stupid on there part and they ruin it for those who want to be helpful.... is this the first time this has happened? no... and has it happened at any other site then renderosity? no... ok yes... i am analizing the renderosity people but, from the responces that i recieve when im trying to be helpful, yes i do get irate at the people.... When people start turning thinngs around twisting the truth, its does really erk my chain and at lasss... i have finnally had enough of it... can i spell hell no, never have been able to and everyon who's ever chatted with me knows the same so don't come in here and hash on me about my spelling too. im really sick of it.. im not going to bother to try to help out anymore ... every time i've tried people attack over and over again, even if they have been proven wrong time and time again... its sickening. and well... good bye forums.. you've all shown me how stupid and self centered and idiotic you can really be.

Emotions are getting pretty high at this point but this topic can still be discussed with civility. Everyone take a deep breathe and step back from it for a while. You don't want me to use the 'smite' button. :)

Caleb: I agreed with you, and it will be a real lost if you leave the forums, please don't pay attention to people who is trying to make an issue from everything. We know how easy is to be attacked from someone over this forums, must of the time is to get the attention from other people, I think you were doing a good thing and I know you for our little chats we had, and I could say that I respect you as a member of this community as a modeler, so please think twice before leave, If you were able to help one person the day was not lost, even for those who think that they are deffending people who are not able to deffend themselfs, In this post I have not seen an attack from you or Sharen and Mike, too bad that sudenly merge from the shadows palantines to defend something that it is not defensible. I can't spell either :) the English is not my native language so I leave this message to be ript off for those language puritanes.

SAL9000 - Hello Dr. Chandra, Will I've dream?

Just made me grab for my nitro glyc pills, and perform every scan on the planet. I received 3 blank rosity newsletters this week then 2 full copies?????? all within half an hour, Norton antivirus checked them all but none had attachments. I regularly get infected email attachments from people I've never had any contact with but who are in the same interest circles and have been blatantly accused and crucified on boards as the perp of others misery due to a virus using my email address gained from my website. My two pennies worth is that Sharen is one of the most helpful and complimentary people here, she has performed all the scans without result, has more than adequate protection and updates daily. Some diplomacy and respect is in order. Tommy.

Gee, Golly, Gosh, caleb68, you're sounding a lot like I sound sometimes. You are wrong on this issue, and you've chosen to compound your error by embarassing some fine people publicly, and becoming so damned abusive with your profanity and stubborness. You will not be proven right in your mistaken understanding about who has the virus. The facts have already proven you wrong. I only got involved in this discussion because I care very deeply for SAMS3D. I don't like to see Sharen feeling nervous or guilty. I also don't like people making public accusations that are wrong, and spreading paranoia or misinformation. I too get damned sick of all the people like yourself who think they have the right to insult, swear, persecute, send me threatening emails, piss on my grief at losing a family member, etc. The hell of it is that I usually don't act anywhere near as hostile or immature as those who attack me... So cool off, and take care of your computer and yourself.

Ron: I guess you are making a mistake trying to play the victime defendant on this treath, with my all due respect, if you don't have nothing positive to add, please remain quiet, you are not helping but raise the rage. Sincerly Virus

SAL9000 - Hello Dr. Chandra, Will I've dream?

I'll be god-damned if I'll let someone tell me I've done something wrong here. I've been pissed on and I'll damned well tell someone I don't like it. It's my damned right.

Sheez talking about childish attitudes?

SAL9000 - Hello Dr. Chandra, Will I've dream?

Bushi... Put this thread out of its misery, will you please... Disgraceful. Peace. Q

Un coup de dés jamais n'abolira le hazard
S Mallarmé

But you have the right to point that someone is wrong right? I've found this quite Interesting.

SAL9000 - Hello Dr. Chandra, Will I've dream?

Love that Quixote nick :) Don Quijote de la Mancha le dice a Sancho Panza cuando al paso le salen unos perros: "Ladran porque cabalgamos" :) Sorry love that part of the Quijote.

SAL9000 - Hello Dr. Chandra, Will I've dream?

If the parties involved want to continue this free-for-all they can do it via e-mail. Stop now!

And spreading more viruses trough e-mail? :) J/K bushi :)

SAL9000 - Hello Dr. Chandra, Will I've dream?

You know, reading this whole string through from a safe distance is morbidly fascinating, like rubber-necking at a car accident. You've got a reasonably civil discussion trying to track down the source of a virus and prevent others from getting it, and then a firedancer jumps in and WHOOSH. Flare up. That starts to calm down, then more firedancing and WHOOSH. Absolutely fascinating. I've got to keep this in mind next time I go firedancing. And just so everyone understands my terminology and that I'm not trying to insult anyone, a firedancer is NOT the same as a troll, which is a common mistake. A troll purposely tries to create misery. A firedancer is someone who jumps into an argument that doesn't directly involve them. Often (usually?) the firedancer is trying to HELP settle the argument, although it's very easy for the argument to escalate rather than settle. I firedance quite often myself, as evidenced by the fact that I'm writing this message. (I find my dancing works better if I don't let myself get personally involved and know when it's getting too hot and I need to just leave, but that's just me.)

FyreSpirit, I appreciate your statement here. I can see how you'd be a firedancer. Situations like this are like situations when someone thinks a copyright has been violated. They're best handled privately. Obviosly those directly involved want to be informed, even if they might not be "infected or guilty." However any resolutions or solutions will be done between the involved parties themselves, and not in a public forum. It's also not a good idea to make public announcements and responses when one's emotions are in an uproar. At the same time it's not healthy to continually accept public flogging without standing up to be counted. I'm done here.

Okay, I took Caleb and Virus's advice and used their tool, it stated I was clean (in so many words) after that I also used Symantec's Klez tool to remove all Klez virus's if I had one, including the Klez H, that also stated I did not have the Klez or any form of the Klez virus or any virus, last thing I had Symantec scan my computer via cable link up, took 2 hours and the outcome was....I do not have the virus. I wish I could help you Caleb to track it down to find out where it came from but I just have no idea. Unfortunately alot of unessasarry comments were made, some just not warranted and some with a great deal of information, I learned alot through this as far as virus's go and will always keep that information, I also learned that Caleb was just trying to help, I would have preferred it not have been as public as it was, but since it was, let us understand Caleb's intentions were good. I thank all who tried to help and add more information....now lets go do what we do best here, and create. Thank you to all.....Sharen :-)

Wowah....sheesh...some folks need to chill out some....PEACE! Hey-as...only reason I am even adding my rusty pennies to this thread is cause of some similarities....a small time ago I started getting a heap load of viruses sent to me....one after another...I didn't know what fuckin' hit me...weird messages....always had a virus attached...fortunatly I have a very secure virus scan that intercepted each and every one and quaranteened it so's I could delete it after....just set up that way...;-) I was pissed....really pissed....mainly because this just wouldn't STOP!! I was so mad I had my isp trace it down and yeah....you know...it came from someone that belongs to the community. First instinct....post a big friggen message!!....WARN others....slay, destroy, how dare someone fuck around with my computer like this!! Well....hindsite told me to ponder another option...I messaged Audrie...Audrie has a sensible head and she gave me a very sensible answer...I followed through and it turned out that this person did not only not even KNOW, but it was actually a friend of a friends server, (something like that, not sure now), that was going all funky and sending out this virus not only to me, but possibly even others...who knows...who cares....no harm done really...but....maybe there might have been had I jumped on my hormones and posted my first instincts here. caleb68...I "do" understand your intent...I felt it myself...but on the other hand "maybe" it may have been wise to just wait a tad more till Sharen did get back to you...something like this could "innocently" blow into quite a fiasco...I mean....look at what's already happened here just from the fallout. You don't really need to defend yourself...or apologize...you meant well...but Sharen deserves the respect of letting this die now because in all actuality this don't seem like something she had anything to do with...and she has tried to be most gracious and helpful and concerning. SOMEONE ELSE may have been really pissed about this thread....it has worked out...why squabble with ruffled side effects, I don't think anyone needs that....huh..? Stay cool,....beautiful days... -Me

DragonWalk - Excellent!

I see these long threads in every major message board, and I wonder which is worse, the people who start them or the tens of know-it-alls who suddenly think they are newtorking/virus gurus who have the definitive explanation of what really happened.

There are posts in this thread from Genny, hogwarden, lyrra, ronknights and others that are making statements about Klez.H that are neither true nor helpful. While I don't agree with caleb68's approach in instantly making this a public issue, his intentions were at least honorable. I cannot say the same for the intentions of the people that then attacked him, armed only with what little they know about how email worms work (which clearly isn't much in the case of the aformentioned folks). What is the motivation of non-technical people to so openly display their ignorance?

Assuming caleb68 did not maliciously create those headers he posted (and I don't believe he did) he is correct about where his copy of the worm came from--from Sharen. The Klez worm is not server-based and it is not sophisticated enough to fake the header information he posted. Every copy of Klez.h that I have received has had the correct and true source IP address in the headers--only the "From:" field is spoofed, which is enough to fool most people. The rest of the header is an accurate account of the email routing. In fact, the rest of the email routing header information is added to the email as the message propagates the net. The Klez worm excutes ONLY on the infected end-user Windoze machine, and it DOES NOT have any effect on the servers that hop the mail and add the headers (Sorry Lyrra, I don't know who told you otherwise, but you're flat out wrong).

I've also examined the headers of numerous emails from people who claim I sent them the Klez. My email address was in the "from" field surely enough, but none of the other routing information matched my computer, which is a Unix-based Macintosh BTW, not even capable of executing Klez's code.

I was especially moved by Ron Knights telling caleb68 to "shut up" with his "faulty knowledge". The irony of this had me doubled over with laughter. From a debate standpoint, when you have reduced someone's defense solely to "shut up" and profanities, you have won!

-Adam

I think it's time to put this one to bed. From all appearences it's going to start heating up again and at this point it is serving no useful purpose.

Forum: Poser - OFFICIAL

Subject: VIRUS WARNING - Emails from Sams3d