Jump to content
About Feng Shui at Geomancy.Net
Sponsored Link
 

Klez Virus Alert & Useful Tools!


Recommended Posts

  • Staff

Dear Users,
It is good you constantly update your antivirus data file with your latest anti-virus software.
It will help to stamp out virus such as this new stealth virus making virus seemly appearing to come from uninfected e-mail address.
The following details is extracted courtesy from Tend Micro Weekly Virus Report dated April 26, 2002.
URL:
http://www.antivirus.com
--- Begin Extract ---
WORM_KLEZ.H continues to hold steady in the #1 position in Trend Micro's World Virus Tracking Center http://wtc.trendmicro.com/wtc/. At the time of this writing, more than 134,000 computers worldwide have been infected with WORM_KLEZ.H. Europe, Asia, and North America have been hardest hit.
This destructive, memory-resident variant of the WORM_KLEZ.A mass-mailing worm uses SMTP
to propagate via email. The subject line of the email it arrives with is randomly selected from a long list of possible choices. This worm can change or spoof the original email address in the FROM:
field. It obtains email addresses (that it places in the FROM: field) from the infected user's address book. This causes a non-infected user to appear as the person who has sent this worm's malicious email, and hides the real address of the sender of the infected email.
Upon execution, this worm decodes its data in memory. It then copies itself to a WINK*.EXE file in the Windows System directory. The copy has a hidden attribute and the * is a random number of random characters. It also infects .EXE files.
The worm drops a randomly named file in the ProgramFilesDir (usually C:\Program Files).
Approximately 10KB in size, this program can infect files in network-shared folders and disable system file protection. Trend Micro detects this program as PE_ELKERN.D.
The worm also disables the running processes, and occasionally deletes the executable files, of programs associated with several popular antivirus products.
On Windows 98/95 systems, the worm registers itself as a service process to hide itself from the taskbar. On Windows 2000 systems, the worm creates a system service and registers it as a service control dispatcher. This worm does not execute its payload on systems running Windows
NT 4.0 and earlier versions, although infection of machines with this operating system is possible if the machine has shared folders. The dropped virus, PE_ELKERN.D, infects files in shared drives.
When this happens, a full infection of the system may result, since PE_ELKERN.D executes on any Windows platform.
If you would like to scan your computer for WORM_KLEZ.H or thousands of other worms, viruses, Trojans and malicious code, visit HouseCall, Trend Micro's free online virus scanner at:
http://housecall.antivirus.com/
WORM_KLEZ.H is detected and cleaned by Trend Micro pattern file #265 and above.
For additional information about WORM_KLEZ.H, please visit Trend Micro
at: http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=WORM_KLEZ.H
--- End Extract ---
If you have not updated your virus data in a long while, please do so and perform a scan of your PC to make sure you are not hit by this virus.
Please note since 1998, GEOMANCY.NET does not allow any executable files (ie .exe, .com, .bat, .scr & more) from any users and have been keeping it's antivirus & firewall software constantly updated.
In many of the new antivirus software or firewall have a feature to disable executable files from being accidentially run on your PCs.
These are some of the useful Third Party Software that we use which you may find helpful for yourself.
Free Antivirus Scan:
URL: http://housecall.antivirus.com/
Trend Micro's Antivirus:
URL: http://www.antivirus.com
ZoneAlarm Firewall Protection & auto renaming of dangerous file attachment:
URL: http://www.zonelabs.com
Hope you find this information useful!
As part of the community effort, we will continue to post selected virus warning notice.
Warmest Regards
Robert Lee
GEOMANCY.NET - Center for Applied Feng Shui Research
Link to post
Share on other sites

  • 17 years later...
Sponsored Link
 

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...