Warning: Another virus attack to look out for

[Kyo 2000]

I have just received a virus from the member of this board known as Neolord.
The virus came in a file called Regshell.zip
The virus is W32.Klez.H@mm

Here is the info from the e-mail:
----------
Subj: A good tool
Date: 6/23/2002 3:24:37 PM Eastern Daylight Time
From: neolord@metrocast.net
To: joshualeeclifton@aol.com
File: REGSHELL.zip 58431 bytes DL Time TCP/IP: < 1 minute
Sent from the Internet Details



This is a good tool
I wish you would like it.
---------------

After jumping to a negative conclusion, I'm going to say that more than likely everyone in Neolord's address book has been sent this virus. You all need to virus scan, as does Neolord himself.

[ June 24, 2002: Message edited by: Kyo 2000 ]

Edit: I contacted Biomotor_Unitron to help us discover where this came from, but for now my judgement is that Neolord has no idea he had sent me a virus, and probably many others as well.

[ June 24, 2002: Message edited by: Kyo 2000 ]</p>

 

[NeoLord]

I never sent you an e-mail! What the Hell are you talking about?

 

[Kyo 2000]

Watch your inbox, I'll forward it back to you. Yes, you DID send me an e-mail containing a virus.

 

[NeoLord]

Bullshit!

 

[NeoLord]

Originally posted by Kyo 2000:
<strong>Watch your inbox, I'll forward it back to you. Yes, you DID send me an e-mail containing a virus.</strong><hr></blockquote>

I sure as hell wouldn't send one using my primary e-mail address numnut!

 

[ForeverSublime]

I'm no expert, but I'm pretty sure that's how viruses work. When they are get in your email, it goes to everyone in your email box automatically... multiplying the amount of people it affects... the reason why it's called a virus. It does sound kinda fishy, but there may have been no intent for the email to have ever been sent.
-----
Edit: Noted your edit.

[ June 24, 2002: Message edited by: ForeverSublime ]</p>

 

[Tacitus]

Guys, to help you out...


go to sarc.com

Klez.H is like herpes.. it keeps coming back back and back for more. It also has a built in SMTP engine, so NeoLord might have it and not know it, all the virus needs is an email entry in his software. It's INCREDIBLY common.

The infection rate for this is incredible and most people never know they have it.

I'm not going to apss judgement, just check out that site first.

 

[Kyo 2000]

I agree with the last statement, it could have been an accident, and more than likely all of us need to watch for this virus. If no one else in his address book gets it, I'll be SO pissed.

 

[rarehero]

dude. you probably have a virus yourself mike.
same thing happened to me.
i had the sir cams virus and it sent out
viri to everyone i ever emailed anything to.
even from years ago. and i had no idea until
i got wierd emails being sent back to me
since some of the email addys were no longer being
used.
update your definitions and run a scan on your box.

 

[ForeverSublime]

Originally posted by Kyo 2000:
<strong>I agree with the last statement, it could have been an accident, and more than likely all of us need to watch for this virus. If no one else in his address book gets it, I'll be SO pissed.</strong><hr></blockquote>

Damnit, well don't tell him to send it to everyone else, sheesh!

 

[NeoLord]

I'm downloading the trial version of Norton as we speak.

 

[Kyo 2000]

Return-Path: <lfinnigan@cwcom.net>
Received: from rly-xc03.mx.aol.com (rly-xc03.mail.aol.com [172.20.105.136]) by air-xc03.mail.aol.com (v86_r1.13) with ESMTP id MAILINXC32-0623152437; Sun, 23 Jun 2002 15:24:37 -0400
Received: from mta02-svc.ntlworld.com (mta02-svc.ntlworld.com [62.253.162.42]) by rly-xc03.mx.aol.com (v86_r1.13) with ESMTP id MAILRELAYINXC38-0623152417; Sun, 23 Jun 2002 15:24:17 -0400
Received: from Uiayzh ([62.255.4.96]) by mta02-svc.ntlworld.com
(InterMail vM.4.01.03.27 201-229-121-127-20010626) with SMTP
id <20020623192303.RJDR4626.mta02-svc.ntlworld.com@Uiayzh>
for <joshualeeclifton@aol.com>; Sun, 23 Jun 2002 20:23:03 +0100
From: neolord <neolord@metrocast.net>
To: joshualeeclifton@aol.com
Subject: A good tool
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary=Z04426YeQYtuc9S2ZO3Fm31Q6O
Message-Id: <20020623192303.RJDR4626.mta02-svc.ntlworld.com@Uiayzh>
Date: Sun, 23 Jun 2002 20:24:16 +0100
<hr></blockquote>

That's the details.

 

[Kyo 2000]

Biomotor_Unitron, I think you can help us out. You can generally identify members by IP, correct? Neolord tells me that the domain and IP that sent this e-mail isn't him at all.

His is: d-216-195-131-150.metrocast.net

Can anyone tell us who is screwing with us? The common ground between Neolord and I is found in very few places, that being HERE and the site led by LWK, which has menbers from HERE.

 

[s2112d]

That virus is very common, I received that same virus a few days ago (my anti-virus detected it) and it came from gwtrading@sales.com, I doubt they knew it was even sent to me by them, thats how viruses get around.

 

[Kyo 2000]

Nevermind... I'm told that Neolord found the firus on his computer.

Everyone receiving e-mail from Neoviruslord... Err... Neolord, run a virus scan before we infect the entire of Neo-Geo.com

 

[NeoLord]

My damn computer is infected! My apologies to all those infected -- I had no idea my system was infected. The last e-mail I received today was from someone named Jason, and the title of his email read 'An WinXP Patch'. I deleted the e-mail (I wasn't stupid enough to download the attachment), but apparently it didn't do any good. <img src="graemlins/veryangry.gif" border="0" alt="[Very Angry]" />

 

[NeoLord]

Originally posted by Kyo 2000:
<strong>Nevermind... I'm told that Neolord found the firus on his computer.

Everyone receiving e-mail from Neoviruslord... Err... Neolord, run a virus scan before we infect the entire of Neo-Geo.com</strong><hr></blockquote>

Very funny. <img src="graemlins/ohno.gif" border="0" alt="[Oh No]" />

 

[Kyo 2000]

About as funny as an e-mail virus?

 

[NeoLord]

Originally posted by Kyo 2000:
<strong>About as funny as an e-mail virus?</strong><hr></blockquote>

Yeah, its a riot. <img src="graemlins/ohno.gif" border="0" alt="[Oh No]" />

 

[Kyo 2000]

At the risk of spamming:
A laugh riot or an LA riot?

 

[Kyo 2000]

To be HELPFUL... Go to this link to learn how to fix your computer if you have this virus...
<a href="http://www.symantec.com/avcenter/venc/data/w32.klez.h@mm.html" target="_blank">A Symantec details site</a>

W32.Klez.H@mm is a modified variant of the worm W32.Klez.E@mm. This variant is capable of spreading by email and network shares. It is also capable of infecting files.

Removal tool
Symantec has provided a tool to remove infections of all known variants of W32.Klez and W32.ElKern. Click here to obtain the tool.
This is the easiest way to remove these threats and should be tried first.

Note on W32.Klez.gen@mm detections:
W32.Klez.gen@mm is a generic detection that detects variants of W32.Klez. Computers that are infected with W32.Klez.gen@mm have most likely been exposed to either W32.Klez.E@mm or W32.Klez.H@mm. If your computer is detected as infected with W32.Klez.gen@mm, download and run the tool. In most cases, the tool will be able to remove the infection.


Also Known As: W32/Klez.h@MM, WORM_KLEZ.H, W32/Klez-G, I-Worm.Klez.h, Klez.H, W32/Klez.H, Win32.Klez.H, WORM_KLEZ.I
Type: Worm
Systems Affected: Windows 95, Windows 98, Windows NT, Windows 2000, Windows XP, Windows Me
Systems Not Affected: Macintosh

<hr></blockquote>

*Note: You'll have to visit the site for the links*

 

[NeoLord]

First, I would like to thank s2112d
for his advice on protecting my computer system from viruses. As for Kyo: <img src="graemlins/shame.gif" border="0" alt="[Shame]" />

(Fixed spelling error)

[ June 24, 2002: Message edited by: NeoLord ]</p>

 

[Kyo 2000]

And Michael you should probably watch for the return of said Virii. I did forward it back to you when you accused me of lieing.

 

[NeoLord]

Originally posted by Kyo 2000:
<strong>And Michael you should probably watch for the return of said Virii. I did forward it back to you when you accused me of lieing.</strong><hr></blockquote>

The virus has been contained and deleted! Now its time for bed... <img src="graemlins/multi.gif" border="0" alt="[Multi Color Bouncey]" />

 

[Kyo 2000]

Quoting Terry from Batman Beyond Return of the Joker
"Who sleeps anymore?"