ML Archiv: Re: [OM] Possible virus warning

Subject:	Re: [OM] Possible virus warning
From:	"Bryan Pilati" <bryan223@xxxxxxx>
Date:	Thu, 9 May 2002 23:55:39 -0400

I have been running Norton AntiVirus on  my machine for years, and it's
always current.  I'm clean, it ain't me.  :)

Bryan Pilati
bryan223@xxxxxxx

----- Original Message -----
From: "John A. Lind" <jlind@xxxxxxxxxxxx>
To: <olympus@xxxxxxxxxxxxxxx>
Sent: Thursday, May 09, 2002 9:13 PM
Subject: Re: [OM] Possible virus warning


> Don't trust the "From" in these things.  They often use fill the "From"
> with one address from the address book and the "To" with another.
>
> The headers on the two I just received originated from within the
"cox.net"
> domain (by the mail server headers).  A scan of the last two months of
list
> postings showed two individuals with their postings originating from the
> "cox.net" domains:
>    Bryan Pilati
>    Phillip Franklin
>
> That's not to say it's either of them, just that they have email addresses
> in the same domain as it originated from.  I strongly recommend both of
> them scan their machines quite thoroughly with the most current *updated*
> virus detection software.  Both contained a W32/Klez.?@MM (don't recall
the
> variant; very likely the Klez.h) worm in executable attachments (which
were
> promptly ensnared and deleted during my mail download).  One of the two
> attachments was supposedly a "W32.Klez.E removal tool" and the message
text
> urged using it to prevent infection from the worm!!!!  The Klez.h variant
> is a *new* worm discovered in mid-April this year.
>
> IMPORTANT NOTE:
> This email worm is rather insidious about blocking known virus scanning
> software from working correctly.  If you even think you might have this
> worm, see McAfee's remarks about detection and removal, and the variants:
>    http://vil.nai.com/vil/content/v_99455.htm
> DETECTION AND REMOVAL IS **NOT** STRAIGHTFORWARD!
>
>
> -- John
>
> At 19:23 5/9/02, Paul Schings wrote:
> >As soon as I got wind of this this morning I updated my virus signatures
and
> >scanned everything. I received warnings from agschnozz and tscales saying
I
> >was infected with either W32.Elkern or Klez.E (both worms). My AV
software
> >(CA Unicenters Advanced Antivirus Option) says that both of these should
be
> >detected by the signatures I downloaded, but nothing was found - and no,
that
> >doesn't give me a warm and fuzzy.
> >
> >If anyone receives anything unusual from me, please let me know.
> >
> >Paul Schings
>
>
> < This message was delivered via the Olympus Mailing List >
> < For questions, mailto:owner-olympus@xxxxxxxxxxxxxxx >
> < Web Page: http://Zuiko.sls.bc.ca/swright/olympuslist.html >
>
>


< This message was delivered via the Olympus Mailing List >
< For questions, mailto:owner-olympus@xxxxxxxxxxxxxxx >
< Web Page: http://Zuiko.sls.bc.ca/swright/olympuslist.html >

<Prev in Thread]	Current Thread	[Next in Thread>
Re: [OM] Possible virus warning, (continued) Re: [OM] Possible virus warning, AG Schnozz Re: [OM] Possible virus warning, Bryan Pilati Re: [OM] Possible virus warning, Bryan Pilati Re: Re: [OM] Possible virus warning, Wayne Harridge Re: Re: [OM] Possible virus warning, Johnny Johnson Re: Re: [OM] Possible virus warning, Tom Scales Re: [OM] Possible virus warning, Pschings Re: [OM] Possible virus warning, John A. Lind Re: [OM] Possible virus warning, Johnny Johnson Re: [OM] Possible virus warning, --p.j. Re: [OM] Possible virus warning, Bryan Pilati <= Re: [OM] Possible virus warning, Tom Scales Re: [OM] Possible virus warning, Jim Brokaw Re: [OM] Possible virus warning, Johan Malmström Re: [OM] Possible virus warning, David Thatcher Re: [OM] Possible virus warning, Lee Penzias Re: [OM] Possible virus warning, Tom Trottier

Previous by Date:	Re: [OM] Possible virus warning, Tom Trottier
Next by Date:	Re: [OM] Possible virus warning, Bryan Pilati
Previous by Thread:	Re: [OM] Possible virus warning, --p.j.
Next by Thread:	Re: [OM] Possible virus warning, Tom Scales
Indexes:	[Date] [Thread] [Top] [All Lists]