Virus Alert

[Guest guest]

I got the Klez worm, but the norton has contained and quarantined it......if

you do not have a virus protector i advise you get one, real fast. Cheryl S

Re: VIRUS ALERT

This is a HOAX

http://www.snopes.com/computer/virus/jdbgmgr.htm

Please don't continue to spread it around

Mandie

Human Development Specialist

Caitie (April 17, 1998)

and Molly (February 8, 2000)

[Guest guest]

In a message dated 4/30/2002 8:41:07 AM Central Standard Time,

rdill@... writes:

> NEVER open any attachments unless you really know what they are, even if

> they come from an on-line friend.

>

HI Rick

I keep trying to explain this to my Mom lol she says noooooooo family wont

send me a virus.......I told her any one who has her addy in their address

book makes her vulnerable lol luckily she lives close and I go over and

update her virus definitions often lol

Also I emailed Briggs and got back an attachment reply......bat file

extension. That was a dead give away she has a virus, I wonder if she even

knows

Kathy mom to Sara 10........I never open attachments unless an email comes

prior and tells me what its about...even from my Mom lol

[Guest guest]

Sue,

You reported that a virus message came through a downs list.

The good news is that the virus was removed from the message by the list

program. The list does not pass on attachments and says: " [Non-text

portions of this message have been removed] " . This won't happen in mail

you receive off-list.

That said, virus activity is at a new high. I'm getting about two

copies of the Klez virus a day. The news on line last night had an

estimate that 7% of the computers they surveyed had it. It comes with

random subject, random message, (both brief) and a huge (over 100

kbytes) pair of attachments. One is a random file shipped out of the

infected computer and the other is the payload. The return address is

hoaxed, so it is hard to tell where it came from. I also believe that

you may have trouble identifying that your computer is infected. It

seems to hide pretty well.

Klez (like many others) is aimed at users of Microsoft Outlook or

Outlook Express as their mail program. Yes, that is an excellent mail

program, but such a popular target that I don't use it ever. BTW, it

doesn't use Outlook, it has its own mailing program included.

Eveyone needs to have an anti-virus program (even on a Mac) and you

should have your computer update the virus definitions weekly. I know

it is a nuisance to get this and get it going, but you risk an awful lot

of grief if you don't. Sorry, but cyber terrorism is alive and the

challenges only increase.

Oh, yes, someone out there somewhere who has my email address got

snookered into looking at what the dwarfs had ready for Snow White's

18th birthday. I got one of those today.

NEVER open any attachments unless you really know what they are, even if

they come from an on-line friend.

[Guest guest]

I have the Teddy Bear " virus " on my computer. However, the method you

offered for deleting it doesn't do the trick. It only deletes it

temporarily. Give it a couple of minutes and it's right back!

Any other suggestions? I ran my norton scan on it, and it didn't pick it

up.

Sincerely,

Crystal Compton

virus

>

> Hi All, I just received a message from one of my friends in my address

book.

> Their address book has been infected by a virus and was passed on to my

> computer. My address book has been infected now. This virus (called

> jdbgmgr.exe) is not detected by Norton or McAfee. The virus

> sits quietly until 14 days before damaging the system. It is sent my

> messenger and by the Address Book whether or not you send e-mails to

your

> contacts.

> I have checked my system, found the virus and deleted it. Here is how to

get

> rid of it.

>

> 1, Go to Start, Find or Search option

> 2. In the files/folder option, write the name jdbgmgr.exe

> DO NOT OPEN

> 3. Be sure you search your " C " drive

> 4. Click " find now "

> 5. The virus has a teddy bear icon with the name jdbgmgr.exe

> DO NOT OPEN

> 6. RIGHT click and delete it.

> 7. Go to Recycle Bin and delete it there as well

>

> IF YOU FIND THE VIRUS, YOU MUST CONTACT ALL THE PEOPLE IN YOUR ADDRESS

> BOOK.........................

>

> Sorry about this...I got this note from my sister and am forwarding it

on to

> my address book because I checked my files and found the virus....even

> though I have an updated version of McAfee. The good news is...it was

easy

> to remove.Joy

>

> Sorry folks - it was easy to remove tho.

>

> ~Cyndy >^,,^<

>

>

>

>

>

>

>

[Guest guest]

Hi Brent,

I received a very similar email from a friend and he found this so called virus

in his computer and deleted it right away. Not long after I received an email

from a few people including this friend and said it turned out to be a hoax.

Apparently, if everyone checked this out then they too would automatically find

this program or file on their computer as I assume it should be there.

So you might want to check any hoax websites to check into this because this is

a hoax from what I have been told.

Hope this helps.

Marilyn

mhogg69@...

virus

Hi All, I just received a message from one of my friends in my address book.

Their address book has been infected by a virus and was passed on to my

computer. My address book has been infected now. This virus (called

jdbgmgr.exe) is not detected by Norton or McAfee. The virus

sits quietly until 14 days before damaging the system. It is sent my

messenger and by the Address Book whether or not you send e-mails to your

contacts.

I have checked my system, found the virus and deleted it. Here is how to get

rid of it.

1, Go to Start, Find or Search option

2. In the files/folder option, write the name jdbgmgr.exe

DO NOT OPEN

3. Be sure you search your " C " drive

4. Click " find now "

5. The virus has a teddy bear icon with the name jdbgmgr.exe

DO NOT OPEN

6. RIGHT click and delete it.

7. Go to Recycle Bin and delete it there as well

IF YOU FIND THE VIRUS, YOU MUST CONTACT ALL THE PEOPLE IN YOUR ADDRESS

BOOK.........................

Sorry about this...I got this note from my sister and am forwarding it on to

my address book because I checked my files and found the virus....even

though I have an updated version of McAfee. The good news is...it was easy

to remove.Joy

Sorry folks - it was easy to remove tho.

~Cyndy >^,,^<

[Guest guest]

I have been receiving all kinds of mail with files attached and just deleting

them. All from email addresses I don't recognize.

Thanks for the warning Kathy!

Cheryl

[Guest guest]

But Kathy,

I just received two from you that say a funny web site in the subject line

and had files attached. Did you send files to the list?

Cheryl

[Guest guest]

In a message dated 5/19/2002 9:15:42 AM Central Standard Time, Wildwards

writes:

> But Kathy,

> I just received two from you that say a funny web site in the subject line

> and had files attached. Did you send files to the list?

>

HI

Nope, just checked my send box too, this new virus will steal addy's from

their address book and make it look like they are the sender of the

virus........so someone has a virus with my name in their address book lol

does this make sense??? lolol

This latest virus is tricky then others, you really cant be sure who has the

virus but it is a virus so don't open

Kathy mom to Sara 10..........now some attachments are coming form when

folks post from the web site.........I usually get 2 posts (the same) so I

delete the one with the attachment

[Guest guest]

I have been receiving mail with files also. I don't download anything, i just

delete also. I can't get a virus if i'm not downloading the files correct?

[Guest guest]

Now I see the same subject line in an email from Kent

Cheryl in VA

[Guest guest]

Until today I haven't received any viruses of the Klez variety. I have on

my account for the last week or so. My virus scan has picked up

everyone and 's virus scan has caught them also. From work I have

received warnings of this one. It has infected more than 7% of the worlds

computers to date. Not good news I know but at least the virus scanners

will catch it.

(Elaine's other half and dad to 16 DS)

VIRUS ALERT

> HI

>

> Just in the last 5 minutes I deleted 4 emails from 4 different folks, 3 on

> this list containing the Klez virus.

>

> I might suggested everyone do a virus scan or update your virus

definitions.

> The subject line was the give away lol my sister got the virus and I was

> searching the subject line that was sent to her to it was fresh in my mind

> the subject lines used.

>

> ** FROM THE NORTON SITE ---> As a result, the email message would have 2

> attachments, the first being the worm and the second being the

> randomly-selected file.

>

> The email message that this worms sends is composed of " random " strings.

The

> subject can be one of the following:

>

> Undeliverable mail-- " [Random word] "

> Returned mail-- " [Random word] "

> a [Random word] [Random word] game

> a [Random word] [Random word] tool

> a [Random word] [Random word] website

> a [Random word] [Random word] patch

> [Random word] removal tools

> how are you

> let's be friends

> darling

> so cool a flash,enjoy it

> your password

> honey

> some questions

> please try again

> welcome to my hometown

> the Garden of Eden

> introduction on ADSL

> meeting notice

> questionnaire

> congratulations

> sos!

> japanese girl VS playboy

> look,my beautiful girl friend

> eager to see you

> spice girls' vocal concert

> japanese lass' sexy pictures

>

> The random word will be one of the following:

> new

> funny

> nice

> humour

> excite

> good

> powful

> WinXP

> IE 6.0

> W32.Elkern

> W32.Klez.E

> Symantec

> Mcafee

> F-Secure

> Sophos

> Trendmicro

> Kaspersky

> The body of the email message is random.

>

>

>

>

>

> Norton says this virus is at high distribution

>

> Check this link out and see the subject lines used

>

> <A

HREF= " http://www.symantec.com/avcenter/venc/data/w32.klez.hmm (DOT) html " >Symante

c Security Response - W32.Klez.H@mm</A>

>

> http://www.symantec.com/avcenter/venc/data/w32.klez.hmm (DOT) html

>

> This is the message my sister got and opened ;

> This is a special humour game

> This game is my first work.

> You're the first player.

> I expect you would like it.

>

> Kathy mom to Sara 10

>

>

>

>

>

>

>

>

[Guest guest]

on 5/19/02 1:07 PM, wildwards@... at wildwards@... wrote:

> Now I see the same subject line in an email from Kent

> Cheryl in VA

Hi!

What was the email? I have a Mac, I use Eudora and I haven't downloaded any

unknown attachments.

Take care,

Kent

[Guest guest]

I have been cleaning this KLEZ virus off of my sister and mom's computers for

the last couple of weeks. I have gotten emails with attachments from people

who have been on forwarded emails from them, or who have been sent emails

from them. The worm just takes over and sends emails and attachments.

I have been informing everyone that I am NOT accepting attachments or

forwards from people.

So far, I have escaped the virus.

If you go to either the MacAffee or Norton sites, there both have a program

that you can download so to clean out the Klez virus. I have it and I run it

on a daily basis. On top of my regular virus scan which I am also running

overtime these days.

[Guest guest]

In a message dated 05/20/2002 1:41:52 PM Pacific Daylight Time,

cmcquarter@... writes:

<< Hi Group, Please be careful, I am recieving emails from various group

members asking me to look at this web site & etc. and they are virus

launchers. Do not open any attachments. I have recieved 3 today

alone.

>>

I'm getting them too.

Thanks, !

in OK

[Guest guest]

I have also received three today! Thanks for the warning .

Flo

> ** Original Subject: RE: Virus alert

> ** Original Sender: " cmcquarter2001 " <cmcquarter@...>

> ** Original Date: 20 May 2002 20:37:22 -0000

> ** Original Message follows...

>

> <html><body>

>

>

> <tt>

> Hi Group, Please be careful, I am recieving emails from various group <BR>

> members asking me to look at this web site & amp; etc. and they are virus <BR>

> launchers. & nbsp; Do not open any attachments. & nbsp; I have recieved 3 today

<BR>

> alone.<BR>

> <BR>

> <BR>

> <BR>

> </tt>

>

> <br>

>

> <!-- |**|begin egp html banner|**| -->

>

> <table border=0 cellspacing=0 cellpadding=2>

> <tr bgcolor=#FFFFCC>

> <td align=center><font size= " -1 " color=#003399><b>

Sponsor</b></font></td>

> </tr>

> <tr bgcolor=#FFFFFF>

> <td align=center width=470><table border=0 cellpadding=0 cellspacing=0><tr><td

align=center><font face=arial size=-2>ADVERTISEMENT</font><br><a

href= " http://rd./M=226014.2032696.3508022.1829184/D=egroupweb/S=1705061\

104:HM/A=1000239/R=0/*http://ads.x10.com/?bHlhaG9vaG0xLmRhd=1021927245%3eM=22601\

4.2032696.3508022.1829184/D=egroupweb/S=1705061104:HM/A=1000239/R=1 "

target=_top><img

src= " http://ads.x10.com/?Z3lhaG9vaG0xLmRhd=1021927245%3eM=226014.2032696.3508022\

..1829184/D=egroupweb/S=1705061104:HM/A=1000239/R=2 " alt= " " width= " 300 "

height= " 250 " border= " 0 " ></a></td></tr></table></td>

> </tr>

> <tr><td><img alt= " " width=1 height=1

src= " http://us.adserver./l?M=226014.2032696.3508022.1829184/D=egroupmai\

l/S=1705061104:HM/A=1000239/rand=188350189 " ></td></tr>

> </table>

>

> <!-- |**|end egp html banner|**| -->

>

>

> <br>

> <tt>

>

[Guest guest]

I have been getting the same type of emails. I havent downloaded them because

I didnt know who they were. Thanks for the warning

Pat Iurato

[Guest guest]

Hi Sue,

The bad thing about the klez virus' is that when they attach to the address book

they can make the outgoing mail appear to be from someone else in your address

book, so the infected mail you received was probably not from anderson72. For

example, if I had the virus and you were in my address book, my computer could

send out an infected virus w/ you listed as the sender and I would never know. I

am glad your virus protection software caught it. Everyone needs to have a good

virus detection program and keep it updated.

Hope

virus alert

Hi, my norton virus scan picked up a virus in an email, it was sent privately

rather than thro the list I think but wasn't anyone I know so may be one of

those that attaches to the adress book and sends out an attachment

automatically. Its a kletz or something like that and opens up into a word

document rather than as an email with an attachment. It came from alanderson72

so if thats you you need to check your machine for viruses please.

sue wong

[Guest guest]

Viruses and all attachments are filtered out of the list, so none will ever come

from here. The only thing that shows up as an attachment are those darn

ads at the end of the emails.

Don't be surprised if you find bounced emails in your email in box one day.

This Kletz virus picked up my address from someones address book and has been

used to forward the virus on. Those emails did not come from my computer --

just my email address was used. All of my emails are scanned for viruses when

they come in and when they go out.

virus alert

Hi, my norton virus scan picked up a virus in an email, it was sent privately

rather than thro the list I think but wasn't anyone I know so may be one of

those that attaches to the adress book and sends out an attachment

automatically. Its a kletz or something like that and opens up into a word

document rather than as an email with an attachment. It came from alanderson72

so if thats you you need to check your machine for viruses please.

sue wong

[Guest guest]

Thanks , Your quite a techie these days. Hope I won't need their

help. Ruth

Virus alert

> More problems for home PC users.

> > A new worm known as W32.Blaster.Worm (also known as MBlaster,

> > W32/Lovsan.worm, MSBlast, W32.blaster.worm, Win32.posa.worm,

> > Win32.poza.worm) has been identified that is seeking to exploit the

> > vulnerability that was addressed by Microsoft Security Bulletin

MS03-026.

> > Blaster is designed to launch a denial of service attack against

> > Microsoft's Windows Update Web site. This worm results in the host PC

> > initiating a RPC service shutdown which in turn causes the PC to close

> > down. (a service window - NT Authority - is displayed with a minute

count

> > to shutdown).

> > For more information on how to fix this problem please follow the link

> > http://www.microsoft.com/security/incident/blast.asp

> >

> > best wishes

>

>

>

>

>

>

[Guest guest]

Thanks , Your quite a techie these days. Hope I won't need their

help. Ruth

Virus alert

> More problems for home PC users.

> > A new worm known as W32.Blaster.Worm (also known as MBlaster,

> > W32/Lovsan.worm, MSBlast, W32.blaster.worm, Win32.posa.worm,

> > Win32.poza.worm) has been identified that is seeking to exploit the

> > vulnerability that was addressed by Microsoft Security Bulletin

MS03-026.

> > Blaster is designed to launch a denial of service attack against

> > Microsoft's Windows Update Web site. This worm results in the host PC

> > initiating a RPC service shutdown which in turn causes the PC to close

> > down. (a service window - NT Authority - is displayed with a minute

count

> > to shutdown).

> > For more information on how to fix this problem please follow the link

> > http://www.microsoft.com/security/incident/blast.asp

> >

> > best wishes

>

>

>

>

>

>

[Guest guest]

It's all a front Ruth: I just pass on information from my work IT services!

Their latest guide provides more detailed help:

The Blaster Worm

----------------

The Blaster (aka LoveSAN and MSBlast) worm has been widely

reported, eg http://news.bbc.co.uk/1/hi/technology/3154117.stm.

Vulnerable computers are those using Microsoft Windows XP, Windows 2000 or

Windows NT.

Computers are not vulnerable if they use Windows 95, Windows 98, Windows

98 Second Edition (SE) or Windows Millennium (Me).

Macs are similarly unaffected.

If your PC is one of the vulnerable ones, you should read this message and

follow the advice given.

Please act now - even if you don't think that you are affected - by downloading

patch MS03-026, release date 16 July 2003, which prevents the worm from exploiting

your system.

Please choose the appropriate link below. The link will take you to a step-by-step

guide on how to identify if you have the worm, what to do to recover your

computer and how to protect it on an ongoing basis.

Windows XP users:

http://go.microsoft.com/?linkid=221401

Windows NT and Windows 2000 users:

http://go.microsoft.com/?linkid=221402

best wishes sarah

Ruth Grant wrote:

Thanks , Your quite a techie these days. Hope I won't need their

help. Ruth

[Guest guest]

Get Postini - you won't have to worry about viruses anymore.

Kombuchally yours,

Virus Alert

> Hi Folks, Got this from one of the boards I'm on.

> I've check it out on Snopes and it's listed as REAL.

> Kathann

>

>

>

> Warning = this is real & confirmed at Snopes.com link below

>

> Emails with pictures of Osama Bin-Laden hanged are being sent and the

> moment that you open these emails your computer will crash and you will

> not be able to fix it!!!

>

> This e-mail is being distributed through countries around the globe, but

> mainly in the US and Israel.

>

> Don't be inconsiderate; send this warning to whomever you know.

>

> Confirmed at: http://www.snopes.com/computer/virus/osama.asp

>

> Origins: There are few headlines that would grab the attention of more

> computer users around the world than " Osama bin Laden Captured, " and

> that's exactly what whoever created this lure was counting on to snare

> unsuspecting victims who use Microsoft platforms.

>

> " Osama bin Laden Captured " isn't a virus in itself; it's the text of a

> message that includes a link to a file called EXPLOIT.EXE. When a message

> recipient clicks on this link to view what he thinks are pictures of Osama

> bin Laden's capture, he can end up downloading an executable Trojan known

> as Backdoor-AZU, BKDR_LARSLP.A, Download.Trojan,

> TrojanProxy.Win32.Small.b,or Win32.Slarp. Clicking the embedded link in

> the " Osama bin Laden Captured " message auto-executes a file called

> " EXPLOIT.EXE, " which exploits a known security hole to download the

> Trojan. According to McAfee Security:

>

>

> The Trojan opens a random port on the victim's machine. It sends the Port

> information to a webpage at IP address 66.139.77.145. The Trojan listens

> on the open port for instructions and redirects traffic to other IP

> addresses. Spammers and hackers can take advantage of compromised systems

> by using the infected computer as a middleman, allowing them to pass

> information through it and remain anonymous.

>

> Microsoft has made available updates that close the hole exploited by this

> Trojan.

>

>

[Guest guest]

Off topic - however, I've received about 50 of these email messages containing

viruses - beware... keep your virus protection software up to date (link to

remove this virus appears below).

TruthOrFiction.com Subscribers

RE: Virus Alert

There have not been many viruses of late worth sending an alert about, but one

is circulating right now that we all need to be aware of.

Most virus companies are referring to it as WORM_SOBER.AG or some variation with

the word SOBER.

There is a potential for some damage to your computer from this virus.

It affects computers running Windows 98, ME, NT, 2000, XP, and Server 2000.

According to the experts at Trend Micro, it is spreading the most today in the

U.S., Canada, Brazil, New Zealand, Belgium, and Germany.

It comes to you via email and may have one of several different messages.

Some say that it has a picture of a celebrity attached. Some warn you that your

computer has been identified by the FBI or the CIA as having accessed some

illegal web sites. A German version of the email spoofs Bundeskriminalert and

threatens legal action.

The virus is activated when you click the attachment that it has tried to trick

you into executing. It then displays a fake message that says " Error in packed

Header " to make you think that when you clicked the file, it did not really work

correctly.

It also displays another fake message that says " No Viruses, Trojans or Spyware

Found! Status: OK

The virus does several things:

1.. Searches for email addresses on the computer.

2.. Sends an infected email to all the addresses it has found. It does not

use your email software. It has its own software so you will not be aware all

of this is happening.

3.. Terminates several processes on the computer including the Windows

Malicious Software Removal Tool.

4.. Creates entries in the system registry, which makes sure that it will

run every time you reboot the computer.

If you think you may have the virus, Symantec has a removal tool at:

http://securityresponse.symantec.com/avcenter/venc/data/w32.sober.removal.tool.h\

tml

As always, make sure you have good virus protection software from as for

example from McAfee, Symantec, or Trend Micro and make sure your virus

definitions for the software are up to date.

[Guest guest]

 

Through Facebook my computer sent out emails to all in my address book

 

Don't open:

 

From the bottom of my heart

 

Present for you

 

Nice Present

 

Exclusively for you