Here's a trick for removing a virus from your Microsoft Windows system:
1. Reboot the computer into DOS mode
2. Issue the command: format /u c:
3. Install your favorite open source operating system
On Fri, 2 Aug 2002, Lawrence Walker wrote:
> It seems that I did not escape Klez. I have had a continuous memory drain
> since stupidly opening the first msg. in HTML and memory resources drain
> eventually freeze my computer. I come up clean with both the Symantic and
> Kaspersky removal tools however. One of the spoofed messages with R.E.s
> return path was from Allison warning about klez and recommending the
> Kaspersky Klez removal tool. I'd never heard about Kaspersky before. Makes
> me seriously wonder about these AV companies. Create a problem and then
> sell a solution.
>
> I saved, without opening, one of the msgs. and submitted it to Kaspersky
> on-line identification and they IDed it as Klez H. Ran their removal tool again,
> which won't run from DOS, only from a 98 Dos prompt and again it came up
> clean. I'm wondering now whether it might have removed some essential 98
> file. Any ideas on solving this problem ?
>
> A good lesson learned. Henceforth any list messages in non-ASCI format
> either get deleted or sent back to sender. No exceptions. If you can't solve
> your msg.sending problems because of your system at work or whatever ;
> DON'T SEND it !!
>
> Lawrence
>
> > I've just had a flock(5) of them and they all had the same return line as
> > yours.
> > I use Pegasus which does not automatically open HTML. I stupidly opened
> > the first one but checking with both the Symantec and Kaspersky Klez tools
> > say I'm clean. They all vary in size but average around 150k. 2 were
> > supposedly from list members but the other 3 were unknown to me.
> > I guess it is harvesting Richards mail.
> >
> > Lawrence
> >
> > > > At 07:29 PM 7/30/2002 -0700, Fred Cisin (XenoSoft) wrote:
> > > > >Can somebody more familiar with such confirm whether that is indeed
> > > > >Richard Erlacher's machine that sent the following copy of Klez? (Headers
> > > > >only follow)
> > >
> > > On Tue, 30 Jul 2002, John Foust wrote:
> > > > One trick of Klez is that it harvests e-mail addresses
> > > > from your mailboxes and uses them to spoof the From: line,
> > > > in order to make it seem (on casual inspection) that
> > > > person has the virus. They don't. Someone who received
> > > > mail from Erlacher (perhaps a list subscriber) has Klez.
> > >
> > > NO. PLEASE look again. Dick's address is in the RETURN PATH line, NOT
> > > the FROM line! It appears that Dick's computer is the one with
> > > Klez, and it put a false FROM: of JPLCSCH_at_aol.com
> > >
> > > MOST varieties of Klez put a bogus FROM:, but leave the
> > > Return-Path: intact.
> > >
> > >
> > >
> > > Return-Path: <edick_at_idcomm.com>
> > > Received: from mailhost.idcomm.com (mailhost.idcomm.com [207.40.196.14])
> > > by lmi.net (8.8.8/8.8.7) with ESMTP id TAA05488
> > > for <cisin_at_xenosoft.com>; Tue, 30 Jul 2002 19:17:42 -0700 (PDT)
> > > Received: from Dqza (dsl-res156.idcomm.com [216.98.199.156])
> > > by mailhost.idcomm.com (8.10.2/8.10.0) with SMTP id g6V2HSJ01036
> > > for <cisin_at_xenosoft.com>; Tue, 30 Jul 2002 20:17:29 -0600
> > > Date: Tue, 30 Jul 2002 20:17:29 -0600
> > > Message-Id: <200207310217.g6V2HSJ01036_at_mailhost.idcomm.com>
> > > From: JPLCSCH <JPLCSCH_at_aol.com>
> > > To: cisin_at_xenosoft.com
> > > Subject: Dialog under
> > > MIME-Version: 1.0
> > > Content-Type: multipart/alternative;
> > > boundary=Q37LE02W0269aCiF037Kl967jS3g6
> > >
> > >
> >
> >
> > lgwalker_at_mts.net
> > bigwalk_ca_at_yahoo.com
>
>
> lgwalker_at_mts.net
> bigwalk_ca_at_yahoo.com
>
Sellam Ismail Vintage Computer Festival
------------------------------------------------------------------------------
International Man of Intrigue and Danger
http://www.vintage.org
* Old computing resources for business and academia at www.VintageTech.com *
Received on Fri Aug 02 2002 - 20:11:01 BST