Hello Jonathan, The problem with KLEZ is that it has its own built in SMTP server and sends out mails (all from the WAB - Windows Address Book) as if they come directly from the person whose address is used. You can't determine where the message actually came from. The safest course is to REMOVE Outlook AND the Windows Address Book ENTIRELY. Those are the targets of 99.99% of the virus code!
With The Bat!, as long as you don't right click and save the attachments, and then get even dumber and run them, they can usually do nothing. Absent Outlook and WAB, there is virtually nothing the virus can do, other than whatever destructive code it runs locally. Tuesday, May 7, 2002, 4:44:13 AM, in a galaxy far, far away, Jonathan wrote: Jonathan Angliss> On Tue, 7 May 2002 [EMAIL PROTECTED] wrote: >> As the subject says I *might* have a copy of klez in The Bat. >> Norton detected it as it came into my mailbox, but the message >> still has an attachment in it, so not sure if its a replaced >> klez or the real thing. Needless to say I'm reluctant to open >> the email. >> I know Bat shouldnt be suspectible to Klez, but if I have >> Outlook and Outlook express also installed on the same pc (i'm >> looking to move away from them to The_Bat) but I'm concerned >> that I could be vunerable. >> Any thoughts? Jonathan Angliss> To answer your subject.. simply no. TB! Jonathan Angliss> doesn't have the code processing ability to Jonathan Angliss> handle the <iframe> tag that causes the problem Jonathan Angliss> in Outlook/Outlook Express. Which is good for Jonathan Angliss> us ;) Norton normally would replace your Jonathan Angliss> infected attachment with a text document that Jonathan Angliss> with a name like "Norton Anti Virus alert.txt" Jonathan Angliss> (I don't remember the full name). That file is Jonathan Angliss> safe to open... it just contains the original Jonathan Angliss> file NAME, and what virus it was infected with. Jonathan Angliss> I do advise you before opening your inbox with Jonathan Angliss> Outlook/Outlook Express, delete that particular Jonathan Angliss> message off of your mail server if you've not Jonathan Angliss> done it already. Jonathan Angliss> And if you're feeling really nice... you could Jonathan Angliss> see if you can guess which friend is infected Jonathan Angliss> by tracing the headers backwards... and see if Jonathan Angliss> you know the person... if so... drop them a Jonathan Angliss> mail, and notify them. Note that the From: Jonathan Angliss> field is NOT a reliable source to work out who Jonathan Angliss> sent it. In some cases, the "Return-Path" tag Jonathan Angliss> is set, which is the first place to start... if Jonathan Angliss> that is not set, try guessing from the ISP. In Jonathan Angliss> the number of cases I've been sent it, I've Jonathan Angliss> been able to work out which few people have Jonathan Angliss> been infected by ISP alone (sad I know most of Jonathan Angliss> my friend's ISPs). Jonathan Angliss> Good luck :) -- Regards -------------------------------------------------- Get a PERMANENT 100MB capacity mailbox for ONLY $29.95/year. No more lost mail due to mailbox capacity restrictions. Access by POP3 or Webmail! Earn a FREE mailbox with their referral program. (HINT - You get $11.00 towards your mailbox for each referral who signs up!) Apply NOW at http://1110.runbox.com -------------------------------------------------- Tired of getting every virus that comes along? Get The Bat! Virtually immune to virus attack. Does not use the Windows Address Book! http://www.ritlabs.com/the_bat/index.html -------------------------------------------------- ________________________________________________________ Current Ver: 1.60i FAQ : http://faq.thebat.dutaint.com Unsubscribe: mailto:[EMAIL PROTECTED] Archives : http://tbudl.thebat.dutaint.com Moderators : mailto:[EMAIL PROTECTED] TBTech List: mailto:[EMAIL PROTECTED] Bug Reports: https://bt.ritlabs.com
