2 Aug
2002
2 Aug
'02
6:18 p.m.
Thanks Sellam. You always were a smartass.
And if I delete the the years of collecting how-to's, in order to get my old
boxes working, I can simply refer folks to you claiming that now I have a
superior system running, I'm sure they will understand.
I guess NOW is the time to burn a CD before a HD failure or virus wipes it all.
Lawrence
Here's a trick for removing a virus from your Microsoft Windows system:
1. Reboot the computer into DOS mode
2. Issue the command: format /u c:
3. Install your favorite open source operating system
On Fri, 2 Aug 2002, Lawrence Walker wrote:
lgwalker(a)mts.net
bigwalk_ca(a)yahoo.com
It seems that I did not escape Klez. I have had
a continuous memory drain
since stupidly opening the first msg. in HTML and memory resources drain
eventually freeze my computer. I come up clean with both the Symantic and
Kaspersky removal tools however. One of the spoofed messages with R.E.s return
path was from Allison warning about klez and recommending the Kaspersky Klez
removal tool. I'd never heard about Kaspersky before. Makes me seriously
wonder about these AV companies. Create a problem and then sell a solution.
I saved, without opening, one of the msgs. and submitted it to Kaspersky
on-line identification and they IDed it as Klez H. Ran their removal tool
again, which won't run from DOS, only from a 98 Dos prompt and again it came
up clean. I'm wondering now whether it might have removed some essential 98
file. Any ideas on solving this problem ?
A good lesson learned. Henceforth any list messages in non-ASCI format
either get deleted or sent back to sender. No exceptions. If you can't solve
your msg.sending problems because of your system at work or whatever ;
DON'T SEND it !!
Lawrence
Sellam Ismail Vintage Computer Festival
------------------------------------------------------------------------------
International Man of Intrigue and Danger http://www.vintage.org
* Old computing resources for business and academia at www.VintageTech.com *
I've just had a flock(5) of them and they
all had the same return line as
yours.
I use Pegasus which does not automatically open HTML. I stupidly opened the
first one but checking with both the Symantec and Kaspersky Klez tools say
I'm clean. They all vary in size but average around 150k. 2 were supposedly
from list members but the other 3 were unknown to me.
I guess it is harvesting Richards mail.
Lawrence
lgwalker(a)mts.net
bigwalk_ca(a)yahoo.com
> At 07:29 PM 7/30/2002 -0700, Fred Cisin
(XenoSoft) wrote:
> >Can somebody more familiar with such confirm whether that is indeed
> >Richard Erlacher's machine that sent the following copy of Klez?
> >(Headers only follow)
On Tue, 30 Jul 2002, John Foust wrote:
> One trick of Klez is that it harvests e-mail addresses
> from your mailboxes and uses them to spoof the From: line,
> in order to make it seem (on casual inspection) that
> person has the virus. They don't. Someone who received
> mail from Erlacher (perhaps a list subscriber) has Klez.
NO. PLEASE look again. Dick's address is in the RETURN PATH line, NOT
the FROM line! It appears that Dick's computer is the one with Klez, and
it put a false FROM: of JPLCSCH(a)aol.com
MOST varieties of Klez put a bogus FROM:, but leave the
Return-Path: intact.
Return-Path: <edick(a)idcomm.com>
Received: from mailhost.idcomm.com (mailhost.idcomm.com [207.40.196.14])
by lmi.net (8.8.8/8.8.7) with ESMTP id TAA05488
for <cisin(a)xenosoft.com>om>; Tue, 30 Jul 2002 19:17:42 -0700 (PDT)
Received: from Dqza (dsl-res156.idcomm.com [216.98.199.156])
by mailhost.idcomm.com (8.10.2/8.10.0) with SMTP id g6V2HSJ01036
for <cisin(a)xenosoft.com>om>; Tue, 30 Jul 2002 20:17:29 -0600
Date: Tue, 30 Jul 2002 20:17:29 -0600
Message-Id: <200207310217.g6V2HSJ01036(a)mailhost.idcomm.com>
From: JPLCSCH <JPLCSCH(a)aol.com>
To: cisin(a)xenosoft.com
Subject: Dialog under
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary=Q37LE02W0269aCiF037Kl967jS3g6
lgwalker(a)mts.net
bigwalk_ca(a)yahoo.com