Thanks Sellam. You always were a smartass.
And if I delete the the years of collecting how-to's, in order to get my old
boxes working, I can simply refer folks to you claiming that now I have a
superior system running, I'm sure they will understand.
I guess NOW is the time to burn a CD before a HD failure or virus wipes it all.
Lawrence
>
> Here's a trick for removing a virus from your Microsoft Windows system:
>
> 1. Reboot the computer into DOS mode
> 2. Issue the command: format /u c:
> 3. Install your favorite open source operating system
>
> On Fri, 2 Aug 2002, Lawrence Walker wrote:
>
> > It seems that I did not escape Klez. I have had a continuous memory drain
> > since stupidly opening the first msg. in HTML and memory resources drain
> > eventually freeze my computer. I come up clean with both the Symantic and
> > Kaspersky removal tools however. One of the spoofed messages with R.E.s return
> > path was from Allison warning about klez and recommending the Kaspersky Klez
> > removal tool. I'd never heard about Kaspersky before. Makes me seriously
> > wonder about these AV companies. Create a problem and then sell a solution.
> >
> > I saved, without opening, one of the msgs. and submitted it to Kaspersky
> > on-line identification and they IDed it as Klez H. Ran their removal tool
> > again, which won't run from DOS, only from a 98 Dos prompt and again it came
> > up clean. I'm wondering now whether it might have removed some essential 98
> > file. Any ideas on solving this problem ?
> >
> > A good lesson learned. Henceforth any list messages in non-ASCI format
> > either get deleted or sent back to sender. No exceptions. If you can't solve
> > your msg.sending problems because of your system at work or whatever ;
> > DON'T SEND it !!
> >
> > Lawrence
> >
> > > I've just had a flock(5) of them and they all had the same return line as
> > > yours.
> > > I use Pegasus which does not automatically open HTML. I stupidly opened the
> > > first one but checking with both the Symantec and Kaspersky Klez tools say
> > > I'm clean. They all vary in size but average around 150k. 2 were supposedly
> > > from list members but the other 3 were unknown to me.
> > > I guess it is harvesting Richards mail.
> > >
> > > Lawrence
> > >
> > > > > At 07:29 PM 7/30/2002 -0700, Fred Cisin (XenoSoft) wrote:
> > > > > >Can somebody more familiar with such confirm whether that is indeed
> > > > > >Richard Erlacher's machine that sent the following copy of Klez?
> > > > > >(Headers only follow)
> > > >
> > > > On Tue, 30 Jul 2002, John Foust wrote:
> > > > > One trick of Klez is that it harvests e-mail addresses
> > > > > from your mailboxes and uses them to spoof the From: line,
> > > > > in order to make it seem (on casual inspection) that
> > > > > person has the virus. They don't. Someone who received
> > > > > mail from Erlacher (perhaps a list subscriber) has Klez.
> > > >
> > > > NO. PLEASE look again. Dick's address is in the RETURN PATH line, NOT
> > > > the FROM line! It appears that Dick's computer is the one with Klez, and
> > > > it put a false FROM: of JPLCSCH_at_aol.com
> > > >
> > > > MOST varieties of Klez put a bogus FROM:, but leave the
> > > > Return-Path: intact.
> > > >
> > > >
> > > >
> > > > Return-Path: <edick_at_idcomm.com>
> > > > Received: from mailhost.idcomm.com (mailhost.idcomm.com [207.40.196.14])
> > > > by lmi.net (8.8.8/8.8.7) with ESMTP id TAA05488
> > > > for <cisin_at_xenosoft.com>; Tue, 30 Jul 2002 19:17:42 -0700 (PDT)
> > > > Received: from Dqza (dsl-res156.idcomm.com [216.98.199.156])
> > > > by mailhost.idcomm.com (8.10.2/8.10.0) with SMTP id g6V2HSJ01036
> > > > for <cisin_at_xenosoft.com>; Tue, 30 Jul 2002 20:17:29 -0600
> > > > Date: Tue, 30 Jul 2002 20:17:29 -0600
> > > > Message-Id: <200207310217.g6V2HSJ01036_at_mailhost.idcomm.com>
> > > > From: JPLCSCH <JPLCSCH_at_aol.com>
> > > > To: cisin_at_xenosoft.com
> > > > Subject: Dialog under
> > > > MIME-Version: 1.0
> > > > Content-Type: multipart/alternative;
> > > > boundary=Q37LE02W0269aCiF037Kl967jS3g6
> > > >
> > > >
> > >
> > >
> > > lgwalker_at_mts.net
> > > bigwalk_ca_at_yahoo.com
> >
> >
> > lgwalker_at_mts.net
> > bigwalk_ca_at_yahoo.com
> >
>
>
> Sellam Ismail Vintage Computer Festival
> ------------------------------------------------------------------------------
> International Man of Intrigue and Danger http://www.vintage.org
>
> * Old computing resources for business and academia at www.VintageTech.com *
>
lgwalker_at_mts.net
bigwalk_ca_at_yahoo.com
Received on Sat Aug 03 2002 - 01:18:27 BST