Virus Hoax

Discussion in 'NOD32 version 2 Forum' started by Bowtieman, Oct 23, 2003.

Thread Status:
Not open for further replies.
  1. Bowtieman

    Bowtieman Registered Member

    Joined:
    Oct 23, 2003
    Posts:
    4
    I recieved a message in my email that had attachements hooked in with it. My virus scanner picked up a Klez virus. I ran my virus scan and below is what has happened.

    None of my virus protectors could find this virus in my files. Used a high power one online and it could not find one.

    So I tracked it back to where the virus file was located in my computer. As soon as I did it came up as the Klez virus and I deleted the file thinking this would get rid of it.

    It got rid of it allright but I can no longer open my email. The file was obviously one that was needed to open my ISP's email program.

    This was all a disguise that there was a Klez virus in your system and there was a pop up coming up in my window constantly saying that my virus protector had found a virus and I needed to use it immmediately. Even though I had already used it and another online.

    The ruse was to get you to remove that file where your email would no longer work. Do not open that email that says Happy Allhalowenmas. I believe that is how it is spelled but can't get into my email to be sure. It must be embeded in the email itself. As I never opened the attachments.

    So must now figure out how to get that file back to make my email work. I now know that I am missing a "NewBinary 19" if that will help anyone give me an idea on how to get my email back working.
     
  2. Bowtieman

    Bowtieman Registered Member

    Joined:
    Oct 23, 2003
    Posts:
    4
    New Virus Hoax Continued

    SEE Virus Hoax on this page for complete message

    I just noticed that I can open the composing and sending part of my email and every time I open it this attachment is already hooked up and ready to be sent.

    Emailing: wCR.EE.EV.EFg.OKfFnw.FBJEg.CylOYPwE

    I am not sure what this. I wondered if it's what was sent to me and now is ready for me to send it somewhere else.
     
  3. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Have you run a scan with Nod? It will show you what the name of the infected email is and where it is, including the message header. Once this is known delete the infected file.

    Should this fail, slave your infected drive of off a CLEAN and virus free computer and have Nod scan the infected drive.

    Hope this helps...

    Cheers :D
     
  4. testg

    testg Guest

    Ok then go through an array of online scanners.
    First find the e-mail and send it to Kaspersky Online. at www.kaspersky.com
    Then go to www.bitdefender.com, www.pandasoftware.com, www.symantec.com, or www.antivirus.com and do the free online scan of your system.

    Cheers,
     
  5. Bowtieman

    Bowtieman Registered Member

    Joined:
    Oct 23, 2003
    Posts:
    4
    First off I ran my personal antivirus scanner (AVG). I found no viruses using it. I then went online and used www.antivirus scanner and it also found no viruses.

    All the time I am doing this about every 30 seconds there is a pop up window coming up and telling me that I have a Klez virus and to run my virus tools.

    When niether of these scanners found any viruses I decided I would follow the trail to where the pop up says the so called virus is located. I get there and soon as I open the folder a message pops up saying the file in the foleder has a Klez virus. I am doing this in between popup warnings which are now coming even faster and becoming more annoying. I deleted the file and all became peaceful again.

    Until I tried to use Outlook Express and found that I could no longer open it. In the meantime the popups are starting again. I would imagine that it was due to the original email was still in my Outlook Express inbox. I had not deleted it because I wanted to report it the proper people when I had erradicated it off my computer.

    Final chapter I went to MSN and found an updated version of my OE and downloaded it and installed it and all was good. I took no chances I went in to the inbox and cut the viruses (?) head off immediately.

    This is the readers digest version of what went on but in all I spent around 4 hours messing with thing and hoped I could prevent some of you from having this problem.
     
  6. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    For starters, Klez is a very OLD virus, and any up-to-date AV should have immediatly picked it up.

    With AVG as your AV, I'm not surprised it found nothing...

    Installing OE over the top of your exisiting OE probably overrode your OE DBX files.

    Download the FixKlez.com file from http://securityresponse.symantec.com/avcenter/FixKlez.com

    I would then download the Nod32 Trial version from www.nod32.com AFTER uninstalling AVG and any other AV product you have used, and then makes sure Nod is up-to-date and run a scan with Nod.

    Klez is not usually as simple as what you have described to get rid of.

    Cheers :D
     
  7. Bowtieman

    Bowtieman Registered Member

    Joined:
    Oct 23, 2003
    Posts:
    4
    First off B/Spear thanks for you information and response.

    I did download the Symantec Klez remover. It also came up blank.

    I did take it the last step you recommended and removed the AVG and installled not.32. It also came up with a goose egg.

    This is what makes me think it was never a Klez but was designed to make one think it was. Where out of desperation you will remove the file that it points you toward.

    Oh well. It's over now and feel relative sure that if nothing else I did upgrade my AV considerable.
     
Thread Status:
Not open for further replies.