[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

FW: KLEZ - Norton AntiVirus SupportNow News Bulletin: Apr. 26, 2002



Original poster: "Wall Richard Wayne by way of Terry Fritz <twftesla-at-qwest-dot-net>" <rwall-at-ix-dot-netcom-dot-com>

 
>
> ----- Original Message ----- 
> From:<mailto:es-at-symantec-dot-com> 
> To: <mailto:es-at-symantec-dot-com>NAV-TECHINFO-L-at-lserver.symantec-dot-com
> Sent: 4/26/02 9:16:47 AM 
> Subject: Norton AntiVirus SupportNow News Bulletin: Apr. 26, 2002
>
> April 26, 2002
> _____________________________
>  
> In this issue:
>  
> 1. W32.Klez.gen-at-mm
> 2. Removal utility
> ........................
> 1. W32.Klez.gen-at-mm
>  
> W32.Klez.gen-at-mm is a mass-mailing worm that searches the Windows
> address book for email addresses and sends messages to all recipients
> that it finds. The worm uses its own SMTP engine to send the messages.
>  
> The subject and attachment name of incoming email is chosen randomly.
> The attachment will have one of the following extensions: .bat, .exe,
> .pif or .scr.
>  
> The worm exploits a vulnerability in Microsoft Outlook and Outlook
> Express in an attempt to execute itself when you open or even preview
> the message.
>  
> W32.Klez.gen-at-mm attempts to copy itself to all network shared drives
> that it finds.
>  
> Depending on the variant of the worm, the worm will infect the system
> with one of the following viruses:
>  
> W32.Klez.gen-at-mm is a generic detection that detects variants of
> W32.Klez. Computers that are infected with W32.Klez.gen-at-mm are most
> likely infected with either W32.Klez.E-at-mm or W32.Klez.H-at-mm. Please
> refer to the following write-ups for more information.
>  
> W32.Klez.E-at-mm
>  
>
> <http://www.symantec-dot-com/techsupp/vURL.cgi/nav115>http://www.symantec-dot-com/
> techsupp/vURL.cgi/nav115
>  
> W32.Klez.H-at-mm
>  
>
> <http://www.symantec-dot-com/techsupp/vURL.cgi/nav116>http://www.symantec-dot-com/
> techsupp/vURL.cgi/nav116
>  
> _____________________________
>  
> 2. Removal utility
>  
> Symantec has provided a utility to remove infections of
> W32.Klez.E-at-mm, W32.Klez.H-at-mm, W32.ElKern.3587, and W32.ElKern.4926.
> If your computer is detected as infected with W32.Klez.gen-at-mm,
> download and run the utility. In most case, to utility can remove the
> infection. To download the W32.Klez removal utility, point your Web
> browser to:
>  
>
> <http://www.symantec-dot-com/techsupp/vURL.cgi/nav117>http://www.symantec-dot-com/
> techsupp/vURL.cgi/nav117
>  
> This is the easiest way to remove these threats and should be tried
> first.
>  
> Virus definitions dated April 17, 2002, or later will detect this
> worm.
>  
> For additional information, point your Web browser to:
>  
>
> <http://www.symantec-dot-com/techsupp/vURL.cgi/nav118>http://www.symantec-dot-com/
> techsupp/vURL.cgi/nav118
>  
> _____________________________
>  
> 3. Feedback

..............