KlezFebruary 13, 2003

Time: February 13, 2003
Location:Gustavus Campus
Audience:Campus
Category:
Attendancenone
Description

Urgent Virus Warning:

The Klez virus and it's many variants are quickly becoming one of the most widely spread viruses recorded worldwide. The Gustavus population has seen many incidents of this virus in the past, and reports are now surfacing again.

Klez is a mass-mailing windows only virus that will also spread to network shares. Due to its ability to send itself with random file names and extensions, it may not be caught by the mail server filter system that Gustavus has in place. We must rely on Norton Anti-Virus on your local machine to detect and stop this virus delivery.

Additionally, Klez has the ability to forge the "From" address on email messages it sends. This forging or spoofing of addresses may cause you to receive email notification of a virus that you don't have, or notification of a message that you never sent.

To Stop the Spread of Klez:

Please be vigilant and verify your Norton Anti-Virus product is up to date.

  • Windows Users: From the Start Menu select Programs then Norton Anti Virus Corporate Edition and check the Virus Definitions Version Number (dates should be less than two weeks old).
  • Macintosh Users: From the Apple Menu, when the Norton Anti Virus product is running select About Norton Anti Virus (dates should be less than one month old.)

Scan your machine for viruses regularly and if you receive notification or email regarding a potential infection.

Don't open an attachment if you weren't expecting it, or don't know the sender.

If you don't have a copy of Norton Anti Virus or your virus protection isn't up to date, or you have other questions about virus issues, please contact the Computer Helpline at x6111.

Symantec Web Site - Virus Encyclopedia

Klez Removal Tool (local copy)

5/14/02 The Department of Information Technology has received numerous reports regarding two problem viruses this week.

The first is a hoax virus, named Jbdgmrg.exe. A user receives email that indicates that this file (Jbdgmrg.exe) is a virus and should be deleted; when, in fact, it is a legitimate Microsoft system file that is used for Java Applets, and should not be removed. For a detailed description of this hoax file, please see the Symantec Web Site.

The second is new problems with the Klez virus and it's variants. Klez is a mass mailing worm.

An infected machine will send the virus to everyone in the user's Outlook or Outlook Express address book. It will send the attachment with a random name and one of the following extensions: exe, pif, bat, scr. The Gustavus mailserver is currently blocking attachments with these extensions; however, users checking mail from other mailservers, such as Hotmail, can become infected.

A machine can become infected by simply previewing the message - no need to open it. It can also infect network shares.

The other mysterious problem people have reported is related to the virus' ability to spoof emails. It can send the virus with the "from" information being any other person in the infected person's address book. This explains why some of our users were receiving mail telling them that they sent a message that was infected and they really didn't.

Symantec has developed a removal tool for Klez.

Removal Tool for Klez from Norton and directions.
Removal Tool for Klez from Gustavus

Gustavus Adolphus College has a site license with Symantec that allows all students, faculty and staff to use the Norton Anti-Virus software while they are at Gustavus. This software, if kept up to date will play a valuable role in preventing further infections. It is available on the Connectivity CD (available from the Helpline).

ContactComputer Helpline

Related Events