TranceAddict Forums Archive > Main Forums > Chill Out Room Some sorta "Love" Email virus???? View this Thread in Original format dj_mdma basically i keep on getting sent these annoying little emails with the subject being something associated with "love" or wanting u to "Check them out" They are all 46kb in size and are usually from an unknown sender. I thought it was some sorta junk mail, but then my friend called me up to say thanks for the screensaver, but it didn't work. It then dawned on me that it got AUTOMATICALLY sent to her. More info on this is that the file is called love.scr, it is a screensaver, but if u save it on your comp and try and work it, it doesnt work. I've sent the error reports to microsoft, hopefully they will sort it out. I think that if u get something like this you should delete it straight off, as i think that it gets sent to everyone in your address book if u either a) open the message to read it, or b) save it on your comp. Also the McAfee virus scanner doesn't come up with anything either, so it might be just an annoying little bug , but I'd thought i'd warn u all. Nicke i got some of these to my hotmail address too.. tecman Sorry to be the breaker of bad news, but its W32.Klez. dj_mdma what is that, what does it do, and how can i get rid of it? tecman http://[email protected] W32.Klez.gen@mm is a mass-mailing worm that searches the Windows address book for email addresses and sends messages to all recipients that it finds. The worm uses its own SMTP engine to send the messages. The subject and attachment name of incoming emails are randomly chosen. The attachment will have one of the following extensions: .bat, .exe, .pif or .scr. The worm exploits a vulnerability in Microsoft Outlook and Outlook Express in an attempt to execute itself when you open or even preview the message. Information and a patch for the vulnerability can be found at http://www.microsoft.com/technet/security/bulletin/MS01-020.asp. W32.Klez.gen@mm attempts to copy itself to all network shared drives that it finds. Depending on the variant of the worm, the worm will drop one of the following viruses: W32.Elkern.3326 W32.Elkern.3587 W32.Elkern.4926 which then infects the system. dj_mdma ! Thanks for that! tecman NP. :D Hope your computer recoveres quickly. :cool: KilldaDJ dont u ever delete that kinda ? i delete anything that bears no relevance to my internet life which is pretty much everything :D CygnusX quote: Originally posted by tecman Sorry to be the breaker of bad news, but its W32.Klez. That could be right, but just to make sure, I'll post my thoughts. I think it's not w32.Klez, but w32.Yaha.K. My g/f and some other friends had it yesterday. It's around 46kb (whereas Klez is 60kb) and acts the same way. You can find a removal tool here: http://www.symantec.com/avcenter/ve...moval.tool.html My g/f used this and it said the virus was succesfully removed. Is your IE home page one of these? http://www.unixhideout.com http://www.hirosh.tk http://www.neworder.box.sk http://www.blacksun.box.sk http://www.coderz.net http://www.hackers.com/html/neohaven.html http://www.ankitfadia.com http://www.hrvg.tk http://www.hackersclub.up.to http://geocities.com/snak33y3s Then you can be sure it's that motherf*cker w32.Yaha.K Good luck! Hope I helped you! More information can be found here : http://www.bitdefender.com/index.php tecman Um, yeah... whatever. :D Double-check the file size, and get an antivirus that detects both, or just update your virus definitions. Just take the neccesary actions. Hopefully you'll get rid of the bugger. ;) dj_mdma all done, turns out it was indeed w32.yaha! just gonna run Norton again just in case :D CLICK TO RETURN TO TOP OF PAGE

Privacy Statement