Re: HELP! KLEZ & PE_ELKERN.A Virus
From: Debra Earle (theboss@intranet-works.com)
Date: 05/12/02
- Next message: caijia: "How to?"
- Previous message: kk7gw: "Security -one PC -multiple drives"
- In reply to: Rosie: "HELP! KLEZ & PE_ELKERN.A Virus"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 12 May 2002 00:46:04 -0700 From: Debra Earle <theboss@intranet-works.com>
Rosie wrote:
>
> Can anybody help me?
>
> I have Windows XP Microsoft Outlook Express. I have
> recently contaminated KLEZ & PE_ELKERN viruses which I
> keep deleting with Trend Micro's PC-Cillin and they keep
> coming back. The problem, I think, lies with the virus
> changing my POP3 account settings to localhost in the
> Tools/Accounts/Mail/Servers section.
>
> How can I prevent these settings from changing?
> Can this virus intercept my incoming/outgoing e-mails?
> Can the virus contaminate the computers of people in my
> outlook address book?
> Can anyone recommend virus protection software that can
> protect my computer now & in the future from these and
> newer viruses?
>
> Many thanks to anyone who can help me with a solution.
>
> Rosie
You haven't completely removed the virus, or it wouldn't keep coming
back like that. Yes, it can be sent to everyone in your address book,
and if they are foolish enough to open it, it can contaminate them.
Symantec has a removal tool at
http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.removal.tool.html
READ THE INSTRUCTIONS FULLY AND CAREFULLY. This is not an easy virus to
clean up. For example, if you don't disable system restore as they
instruct, then you will not completely clean it.
Almost any virus protection software would protect you from something
like this, IF YOU ALSO PRACTISE SAFE COMPUTING. NO****** anti-virus
software can protect you from the latest viruses (whatever they may be)
because the definitions aren't available until enough people become
infected. So you have to decide to protect yourself, and not just rely
on anti-virus software.
A few important ways to do this:
- DO NOT OPEN EMAIL ATTACHMENTS unless you know *exactly* what the
attachment is, that the sender really meant to send it to you, and that
it is something you need to open. Keep in mind that virtually ALL
virus-infected messages come from someone you know, since those are the
people who are going to have you in their address book & that's how most
of these spread.
- When you get email with an attachment that you know is something
you're expecting, save the attachment and then open it from the program
that is supposed to open it -- and not from Windows explorer either --
as this way, if the attachment is a trojan, there is a good chance the
program will complain that the file is not really in the right format.
It's VERY common, for example, to have a trojan that looks like
"FILENAME.JPG" but is really "FILENAME.JPG.EXE"; you won't know that
unless you try to open it in the program you use to open JPG files.
- Turn on the viewing of ALL files and ALL file extensions in Windows
explorer.
- Get anti-virus software from a major source (Symantec, Trend, or
whatever) that is designed for use under XP. Then, MORE IMPORTANT!!!!,
make sure to update the definitions regularly. (At the rate things are
going now, daily updates are worth checking.) If you had anti-virus
software with up-to-date definitions, you'd never have this virus which
is over 4 months old by now.
- You will find that you have less vulnerabilities if you use another
email program instead of Outlook Express. There are a wide range of
alternate (free) mail programs available, so you really should check
into this as an option. If you are going to use OE, turn off any
options to allow attachments to preview or auto-execute, no matter how
"inconvenient" that may be.
- Update Windows regularly; MS posts frequent security fixes for
Internet Explorer, OE, and operating system components. You don't need
to risk driver updates if not needed for some other reason, but you
should always seriously consider any security-related updates.
For example, MS has had an update to protect against Klez (which is 4
months old by now) for quite some time:
http://www.microsoft.com/technet/security/bulletin/MS01-020.asp
- When in doubt, check any of the major vendor anti-virus sites for
information. For example, you can see many posts here from people who
deleted a basic windows file due to a virus hoax; ALWAYS check out any
messages you receive, before taking such actions. Hoaxes cause almost
as much disruption as some of the real viruses, because people
immediately react and also seem to listen to the "send this to everyone
in your address book" BS that most hoaxes include. Be smart!
....
Anyway, those are some places to start. Hope that helps. Klez is a
nasty one, and you will need to be VERY scrupulous about cleaning it
up; you also should -- AFTER the cleanup, or from a clean computer --
send an email to everyone in your address book just telling them that
you were infected, not to excite them but to be honest and to provide an
apology for sending infected email.
-- DE
- Next message: caijia: "How to?"
- Previous message: kk7gw: "Security -one PC -multiple drives"
- In reply to: Rosie: "HELP! KLEZ & PE_ELKERN.A Virus"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
