subject:"A good tool\: Win32.Klez worm sent by me via The Bat\!\?"

Re[2]: A good tool: Win32.Klez worm sent by me via The Bat!?

2002-04-21 Thread Jonathan E. Brickman


 AntiVir Personal Edition (today's update, newest version)
 unfortunately cannot detect even old viruses/trojan/worms, as Weird,
 Magistr etc are.

I have found the same to be true.  I have been using Avast! for quite
some time.  I have had excellent results since I turned off its
tray-icon animation.  And its updates are very small, far better if
you are using a modem.


-- 
Jonathan E. Brickman
AIM JnBrickman; MSIM JnBrickman; Yahoo jonathanbrickman
http://joshuacorps.org



Current Ver: 1.60c
FAQ: http://faq.thebat.dutaint.com 
Unsubscribe: mailto:[EMAIL PROTECTED]
Archives   : http://tbudl.thebat.dutaint.com
Moderators : mailto:[EMAIL PROTECTED]
TBTech List: mailto:[EMAIL PROTECTED]

Re: A good tool: Win32.Klez worm sent by me via The Bat!?

2002-04-20 Thread Peter Palmreuther


Hello Mike,

On Friday, April 19, 2002 at 11:20:37 PM you wrote (at least in part):

MH A colleague of mine has just received a message from me (without my
MH knowledge of sending it) which appears to be related to the Win32.Klez
MH worm.

MH There was no attachment from me.

MH How could this happen with TB? I don't use Outlook, and I thought that
MH this worm exploited Outlook. I am VERY vigilant about attachments, and
MH have TB! set up to not allow opening of
MH *.COM,*.EML,*.CMD,*.JS,*.PL,*.BAS,*.JAVA,*.REG,
MH *.EXE,*.VBS,*.PIF,*.SCR,*.SHS files.

First: if TB! would have sent this message it will resist in your
'Sent' folder. Have a look there ... (Albeit I can't believe TB! has
been sent it, have a look to be sure).

Second: You write you're not _using_ Outlook. Do you have it installed
anyway and maybe some aeons ago configured to work properly? Does
Outlook (if installed) or Outlook Express have knowledge about your
account data (name, e-mail-address, SMTP-server)?

The 'Received:' headers look like it were your computer having sent
this mail (same IP, sadly no HELO oder EHLO string :-( ).

But there're 'In-Reply-To:' and 'References:' headers too ... quite
unusual as even if the worm could have used MAPI-interface without you
recognizing (which I can't imagine, btw) how should it know about the
original message ID? It will have to be able to read the TB! message
database format to figure out that ... and I've not read 'Klez' is able
to do so ...

You have written 'There was no attachment from me.' ... does that mean
the recipient had no attachment in the mail? If so there's no 'Klez'
issue we could talk about, as 'Klez' is spreading itself and not
sending empty messages :-)

To come to an end: I'd suggest updating the signature file and re-scan
your whole system again. Installing a second AV-software would be also
a good idea, in case there's a new variant of Klez around NAV has not
yet in the signature file.
E.g.
http://www.free-av.com/ (which is _really_ slow over here)
the (faster) direct download links are:

Win9x
http://www.free-av.de/personal/en/win9x/avwin9xp.exe

Win2000/XP
http://www.free-av.de/personal/en/winnt/avwinntp.exe
-- 
Regards
Peter Palmreuthermailto:[EMAIL PROTECTED]
(The Bat! v1.60c on Windows 2000 5.0 Build 2195 Service Pack 1)

Gone back into the darkness



Current Ver: 1.60c
FAQ: http://faq.thebat.dutaint.com 
Unsubscribe: mailto:[EMAIL PROTECTED]
Archives   : http://tbudl.thebat.dutaint.com
Moderators : mailto:[EMAIL PROTECTED]
TBTech List: mailto:[EMAIL PROTECTED]

Re: A good tool: Win32.Klez worm sent by me via The Bat!?

2002-04-20 Thread Mike Harlos


Hello Peter,

Thanks very much for your reply.

 First: if TB! would have sent this message it will resist in your
 'Sent' folder. Have a look there ... (Albeit I can't believe TB! has
 been sent it, have a look to be sure).

I believe you are correct.. it was not in my sent folder. I have been
looking for more information on this worm and I read on alt.comp.virus
that it forges the From header, making it look as though it came
from an individual.

 Second: You write you're not _using_ Outlook. Do you have it
 installed anyway and maybe some aeons ago configured to work
 properly? Does Outlook (if installed) or Outlook Express have
 knowledge about your account data (name, e-mail-address,
 SMTP-server)?

Outlook had been installed when my laptop was initially configured by
the computer folks at work. I've never actually started it up or
configured it; I've used TB! for a few years.

 You have written 'There was no attachment from me.' ... does that mean
 the recipient had no attachment in the mail? If so there's no 'Klez'
 issue we could talk about, as 'Klez' is spreading itself and not
 sending empty messages :-)

She originally indicated that there was no attachment, and upon
reexamining it in her trash folder (of her Outlook program), said
there was one. She deleted it without taking note of its name or
extension.

 To come to an end: I'd suggest updating the signature file and re-scan
 your whole system again. Installing a second AV-software would be also
 a good idea, in case there's a new variant of Klez around NAV has not
 yet in the signature file.

Thanks. I registered KAV (because of its integration with TB!), and
scanned my system. It identified Exploit.IFrame.FileDownload in the
trash folder of TB! (I had deleted the message that she had sent me,
which had a copy of the original message that I was alleged to have
sent her). Interestingly, I had set KAV to delete infected files, and
it deleted all the messages in the trash (not a huge problem
obviously, but I usually keep 5000 messages there).

-- 
Regards,
  Mike

Using The Bat! 1.60d
under Windows 98 4.10 Build   A 
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = 
Mike Harlos  Winnipeg, Manitoba, Canada
PGP Keys: DH/DSS- 0x8CD85BCERSA- 0xBBDB40B1
= = = = = = = = = = = = = = = = = = = = = = = = = = = = =



Current Ver: 1.60c
FAQ: http://faq.thebat.dutaint.com 
Unsubscribe: mailto:[EMAIL PROTECTED]
Archives   : http://tbudl.thebat.dutaint.com
Moderators : mailto:[EMAIL PROTECTED]
TBTech List: mailto:[EMAIL PROTECTED]

Re: A good tool: Win32.Klez worm sent by me via The Bat!?

2002-04-20 Thread Mandara


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Sat, 20 Apr 2002, at 18:31:39  +0200 Peter wrote:

PP Win9x http://www.free-av.de/personal/en/win9x/avwin9xp.exe

AntiVir Personal Edition (today's update, newest version)
unfortunately cannot detect even old viruses/trojan/worms, as Weird,
Magistr etc are.


Mandara
- --
(__) If you need this key:
('') mailto:[EMAIL PROTECTED]?subject=0x257DFF36
 \/
-BEGIN PGP SIGNATURE-

iD8DBQE8wkeKvgcu6yV9/zYRAvGdAJ4nIN0nyqRVl2VVP+sDB/UZWS31ewCePhUB
bJMg1vAB/1UhpeEwI56O4Ww=
=R6Ml
-END PGP SIGNATURE-



Current Ver: 1.60c
FAQ: http://faq.thebat.dutaint.com 
Unsubscribe: mailto:[EMAIL PROTECTED]
Archives   : http://tbudl.thebat.dutaint.com
Moderators : mailto:[EMAIL PROTECTED]
TBTech List: mailto:[EMAIL PROTECTED]

A good tool: Win32.Klez worm sent by me via The Bat!?

2002-04-19 Thread Mike Harlos


Hi,

A colleague of mine has just received a message from me (without my
knowledge of sending it) which appears to be related to the Win32.Klez
worm.

There was no attachment from me.

How could this happen with TB? I don't use Outlook, and I thought that
this worm exploited Outlook. I am VERY vigilant about attachments, and
have TB! set up to not allow opening of
*.COM,*.EML,*.CMD,*.JS,*.PL,*.BAS,*.JAVA,*.REG,
*.EXE,*.VBS,*.PIF,*.SCR,*.SHS files.

It appears that I have somehow been infected, though NAV has not
picked up anything.

The following includes the original message. Where you see X is
where I have tried to avoid posting her contact info publicly:

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Delivered-To: XX
Received: from outbox.attcanada.ca (outbox.attcanada.ca [207.245.244.41])
by fep6.cogeco.net (Postfix) with ESMTP id 07EEB6D5E
for XX; Fri, 19 Apr 2002 16:29:07 -0400 (EDT)
Received: from win-mb50-139.netcom.ca (win-mb50-139.netcom.ca
[216.191.162.11])
by outbox.attcanada.ca (Postfix) with ESMTP id 4567332E2
for XX; Fri, 19 Apr 2002 16:29:06 -0400 (EDT)
Date: Fri, 19 Apr 2002 15:29:05 -0500
From: Mike Harlos [EMAIL PROTECTED]
X-Mailer: The Bat! (v1.60d)
Reply-To: Mike Harlos [EMAIL PROTECTED]
X-Priority: 3 (Normal)
Message-ID: [EMAIL PROTECTED]
To: XX
Subject: Re: A  good tool
In-Reply-To: [EMAIL PROTECTED]
References: [EMAIL PROTECTED]
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bitriginal Message-
From: Mike Harlos [mailto:[EMAIL PROTECTED]]
Sent: April 19, 2002 4:29 PM
To: XX
Subject: Re: A good tool

  This is a good tool
  I expect you would like it. 


+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+


-- 
Regards,
  Mike

Using The Bat! 1.60d
under Windows 98 4.10 Build   A 
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = 
Mike Harlos  Winnipeg, Manitoba, Canada
PGP Keys: DH/DSS- 0x8CD85BCERSA- 0xBBDB40B1
= = = = = = = = = = = = = = = = = = = = = = = = = = = = =



Current Ver: 1.60c
FAQ: http://faq.thebat.dutaint.com 
Unsubscribe: mailto:[EMAIL PROTECTED]
Archives   : http://tbudl.thebat.dutaint.com
Moderators : mailto:[EMAIL PROTECTED]
TBTech List: mailto:[EMAIL PROTECTED]

Re[2]: A good tool: Win32.Klez worm sent by me via The Bat!?

Re: A good tool: Win32.Klez worm sent by me via The Bat!?

Re: A good tool: Win32.Klez worm sent by me via The Bat!?

Re: A good tool: Win32.Klez worm sent by me via The Bat!?

A good tool: Win32.Klez worm sent by me via The Bat!?

5 matches

Site Navigation

Mail list logo

Footer information