Virus Warning: nasty Klez32 worm, and what to do about it

[Chris Hurd]

Howdy from Texas,

There is a bad little virus running around, I'm getting hit several times a day with it, and many other people are too. Here's what it is and what to do about it.

Klez32 is a bugger of a worm which corrupts all of the .JPG images on your system and then harvests new victioms out of your e-mail program.

The damn thing about this garbage is that when it comes in to you from your mail server, it pulls a random name from your e-mail program and places it in the "from" field. So it's disguised as coming from someone possibly already known to you. For instance, community moderator Rob Lohman received it as coming from me. That's because it pulled my name randomly out of his e-mail program and put it in the "from" field as if it came from me, someone he trusts.

I've been scanning everything going in and out of my system, so I'm not infected. If you get one of these and it has an unknown attachment from somebody you know, most likely it didn't come from them at all. Click "show all headers" in the Options menu of your e-mail program, and the first line will usually reveal where it's coming from.

If by chance you unfortunately clicked open the attachment that comes with this, then you're most likely infected and you've lost a bunch of your .JPG images. There are a couple of clean-up utilities which will repair the corrupted files and remove the virus:

http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.removal.tool.html
If you have trouble with this then try another detection and removal program:
http://www.europe.f-secure.com/v-descs/klez.shtml

Now you should thinking about a scanning utility which detects this nasty bug when it comes in. Download a free virus scanner from http://www.norton.com/ -- mine has been picking out and deleting about twenty of these damn things per day for the last week or so.

Also watch out for this nonsense: an e-mail titled "Worm Klez.E immunity" which reads: Klez.E is the most common world-wide spreading worm. It's very dangerous by corrupting your files. Because of its very smart stealth and anti-anti-virus technic, most common AV software can't detect or clean it. We developed this free immunity tool to defeat the malicious virus. You only need to run this tool once,and then Klez will never come into your PC. NOTE: Because this tool acts as a fake Klez to fool the real worm, some AV monitor maybe cry when you run it. If so, Ignore the warning,and select 'continue'."

It's bogus! And it's just another actual Klez virus. The phrase "monitor maybe cry when you run it" should be a dead giveaway. Hope this helps folks,

[Ken Tanaka]

Thank you for the warning, Chris. Am doing everything to ensure that my Apples are worm-free.

[Justin Chin]

Hi Chris,

Yeah, I actually started getting those kinds of emails. You have to be careful, because even if you just open the email some virus' can take hold.

[Rob Lohman]

It is indeed a nasty one, and it tries to open itself automatically.
Luckely, my mail program stops it before it does that. So you
could be auto infected if your having an older Outlook or Outlook
Express. The mails I usually get are with the .EXE, .SCR or .PIF
extension. I'll never run this files anyway.

[Vic Owen]

Yawn............You're putting us MAC guys asleep!! :)

Cheers

[Rob Lohman]

Vic... I could send you a Mac virus if you want.... Never wise to
let down your guard messa thinks (to quote a now famous
Star Wars character).

[Vic Owen]

Yeah, there are a few out there, although you could probably list them all on a couple of pages. I'm guessing, though, that more might start popping up since Unix has been around so long and soon all MACS will be operating with the Unix shell.

That's why I keep Norton current & running -- cheap insurance, even if seldom needed.

[Rob Lohman]

Good to hear! Wise advise.