IWETHEY v. 0.3.0 | TODO
1,095 registered users | 1 active user | 0 LpH | Statistics
Login | Create New User
IWETHEY Banner

Welcome to IWETHEY!

IWETHEY Home / IWETHEY Board / The Water Cooler Forum / I presume . .
Post #53,898
by Andrew Grygus
Picture of Andrew Grygus
9/30/02 12:58:23 AM
Reply
New I presume . .
. . you did your Klez.H check using a DOS based Klez tool after a fresh boot into Safe Mode. I've cleand Klez.H out of dozens of machines who's owners "Update my antivirus almost every day". By time Klez.H fixes were out, much of the world was infected, and updating your antivirus after the fact is futile - Klez.H nails it instantly - it looks like it's running, but it's just spinning of wheels.

I use the Command Software Klez cleaner (but others should work). I copy the compressed file to the hard disk and immediately reboot into Safe Mode, uncompress and run the cleaner immediately. To be quite frank, since May, I've found only one Windows computer that's used to read email that didn't have Klez.H / Elkern.C. MS Office users average about 84 infections, WordPerfect users 33. Top number 340, lowest 16.

The combo of Klez.H and Magistr is particularly annoying, as they protect each other (probably unplanned). I usually have to clean those from a DOS boot with an up-to-date DOS cleaner - and, presuming they haven't cleaned up their "Temporary Internet Files" for six months, it can take hours (no disk cache).

I have had a few cases where Klez.H was cleaned, and an up-to-date antivirus reinstalled after clean, but Klez.H reoccurred. Fortunately these are quite rare.

I'm not saying your problem is Klez.H, just cautioning that it's a tough one to pin down unless you use exactly the right procedure.

[link|http://www.aaxnet.com|AAx]
Post #53,905
by deSitter
Picture of deSitter
9/30/02 4:52:11 AM
Reply
New Re: I presume . .
Somehow I've missed it. Why do I always miss the fun? :)
-drl
Post #53,911
by orion
Picture of orion
9/30/02 6:38:13 AM
Reply
New What fun?
Nobody seems to get my jokes either, that is what I get for trying to be funny.
[link|http://games.speakeasy.net/data/files/khan.jpg|"Khan!!!" -Kirk]
Post #53,915
by ben_tilly
9/30/02 7:55:07 AM
9/30/02 7:56:48 AM
Reply
New Actually you likely didn't miss it
The fun thing about Klez is that it leaves very few telltales for the person with it that they are the one sending out the mail.

Lots of people have it and don't notice. Which is one of the reasons why it hasn't been slacking off.

cheers,
Ben
"Career politicians are inherently untrustworthy; if it spends its life buzzing around the outhouse, it\ufffds probably a fly."
- [link|http://www.nationalinterest.org/issues/58/Mead.html|Walter Mead]
Expand Edited by ben_tilly Sept. 30, 2002, 07:56:48 AM EDT
Expand All History
Post #53,957
by deSitter
Picture of deSitter
9/30/02 12:04:02 PM
Reply
New Re: Actually you likely didn't miss it
I run that Symantec safe-mode tool from time to time and have never had a report of it. I have no virus protection, because it is useless.
-drl
Post #53,912
by orion
Picture of orion
9/30/02 6:44:59 AM
Reply
New Re: I presume . .
I used the Symantec tool, apparently it was the Windows version and ran a GUI interface window as it processed the files on the hard drive. If there is a DOS version of it, please kindly point me to it. Anything to get rid of whatever is causing this thing.

You know, you pay like $70USD for the Norton AntiVirus 2003 Pro software and you'd think that it would come with a DOS based scanner that can scan before the GUI of the OS loads. Why I remember way way back when that was the case. Perhaps I missed a configuration option?

BTW any Open Sourced Virus scanners that don't charge you money for a year's worth of AntiVirus data file updates? Nothing like getting soaked for virus protection and updates when the newer ones start getting out.
[link|http://games.speakeasy.net/data/files/khan.jpg|"Khan!!!" -Kirk]
Post #53,961
by jake123
9/30/02 12:13:48 PM
Reply
New Stop using windows
It's the only way to be sure you're not going to get that stuff.

It's not like alternative systems don't have good software... they do, and there are several viable choices you can make.
--
-------------------------------------------------------------------
* Jack Troughton                            jake at consultron.ca *
* [link|http://consultron.ca                        |[link|http://consultron.ca|http://consultron.ca]                      ]   irc.ecomstation.ca *
* Laval Qu\ufffdbec Canada                   [link|news://news.consultron.ca|news://news.consultron.ca] *
-------------------------------------------------------------------
Post #54,800
by orion
Picture of orion
10/3/02 10:01:45 PM
Reply
New I know
but Windows is my bread and butter right now, it gets me a job. Linux, OS/2, DR-DOS, etc just don't seem to get me hired.
[link|http://games.speakeasy.net/data/files/khan.jpg|"Khan!!!" -Kirk]
Post #53,964
by Andrew Grygus
Picture of Andrew Grygus
9/30/02 12:35:28 PM
Reply
New We use Command antivirus . .
. . $24/year download. Once installed on a machine, it can make a set of three floppies runable from DOS. I just copy them all to a directory on the Service CD-ROM I carry, and run it from there, or copy it to the subject hard disk and run it from there. Of course, you have to have a DOS 7 boot floppy.

Some machines get so badly virus infected you just can't install and/or run an antivirus under Windows.
[link|http://www.aaxnet.com|AAx]
     Sorry for the troubles - (orion) - (97) - Sept. 21, 2002, 08:44:38 PM EDT
         It's not about your whining... err... troubles - (folkert) - (3) - Sept. 22, 2002, 06:56:36 PM EDT
             Well I am confused - (orion) - (2) - Sept. 22, 2002, 10:30:25 PM EDT
                 Did you get your Uncle"s hair???? - (bepatient) - Sept. 22, 2002, 10:36:52 PM EDT
                 Please distinguish... - (folkert) - Sept. 22, 2002, 11:26:22 PM EDT
         Softly softly. - (static) - (5) - Sept. 23, 2002, 12:20:57 AM EDT
             Good advice - (Silverlock) - (4) - Sept. 23, 2002, 01:09:43 AM EDT
                 That's not quite what I meant, but that's okay. :-) -NT - (static) - (2) - Sept. 23, 2002, 01:31:47 AM EDT
                     I know what you meant - (Silverlock) - (1) - Sept. 23, 2002, 09:49:40 AM EDT
                         Troublemaker.. - (Ashton) - Sept. 24, 2002, 04:03:12 PM EDT
                 Muahahaha, great one! :-) - (CRConrad) - Sept. 23, 2002, 09:26:48 AM EDT
         I personally cannot believe it - (tseliot) - (2) - Sept. 23, 2002, 01:58:24 PM EDT
             IT with kids in the house - (jake123) - (1) - Sept. 24, 2002, 04:12:14 PM EDT
                 Now imagine.. - (Ashton) - Sept. 24, 2002, 05:06:50 PM EDT
         You are set up Norm! - (Snitcherooni) - (83) - Sept. 27, 2002, 10:30:15 PM EDT
             Take it elsewhere... - (ChrisR) - (65) - Sept. 27, 2002, 10:44:14 PM EDT
                 Re: Take it elsewhere... - (deSitter) - (64) - Sept. 27, 2002, 11:19:16 PM EDT
                     seconded -NT - (boxley) - Sept. 27, 2002, 11:21:18 PM EDT
                     Doesn't change my response - (bepatient) - Sept. 28, 2002, 01:57:13 AM EDT
                     Doesn't seem like NK's writing to me. - (Another Scott) - (61) - Sept. 28, 2002, 11:16:34 AM EDT
                         Not me, but it disturbs me greatly - (orion) - Sept. 29, 2002, 11:06:38 PM EDT
                         Not me, but it disturbs me greatly - (orion) - Sept. 29, 2002, 11:05:48 PM EDT
                         No, the actual telltale sign.. - (deSitter) - (58) - Sept. 30, 2002, 04:12:33 AM EDT
                             Interesting - (orion) - (57) - Sept. 30, 2002, 07:12:08 AM EDT
                                 Re: Interesting - (deSitter) - (48) - Sept. 30, 2002, 10:57:30 AM EDT
                                     What can I do then? - (orion) - (47) - Oct. 3, 2002, 09:50:14 PM EDT
                                         get a scrip for androgel - (boxley) - (2) - Oct. 3, 2002, 10:03:51 PM EDT
                                             May not be the problem - (orion) - (1) - Oct. 4, 2002, 11:12:00 PM EDT
                                                 Not quite right. - (Another Scott) - Oct. 7, 2002, 08:22:46 PM EDT
                                         Re: What can I do then? - (deSitter) - (43) - Oct. 3, 2002, 11:03:16 PM EDT
                                             Re: What can I do then? - (deSitter) - (42) - Oct. 3, 2002, 11:06:58 PM EDT
                                                 That would've been my suggestion. -NT - (bepatient) - Oct. 3, 2002, 11:08:22 PM EDT
                                                 Apologizing - (orion) - (40) - Oct. 4, 2002, 11:10:33 PM EDT
                                                     No - (deSitter) - (38) - Oct. 4, 2002, 11:49:52 PM EDT
                                                         Apology again - (orion) - (37) - Oct. 7, 2002, 07:35:41 PM EDT
                                                             no prob norm -NT - (boxley) - Oct. 7, 2002, 07:38:45 PM EDT
                                                             Of Course! - (deSitter) - (30) - Oct. 7, 2002, 07:44:51 PM EDT
                                                                 There is a fine line - (orion) - (29) - Oct. 7, 2002, 08:16:13 PM EDT
                                                                     Heh - I'm still looking for the pencil to draw it with... -NT - (imric) - Oct. 7, 2002, 08:21:06 PM EDT
                                                                     Bullshit - (deSitter) - (27) - Oct. 7, 2002, 08:22:05 PM EDT
                                                                         I dunno... - (imric) - (25) - Oct. 7, 2002, 08:33:15 PM EDT
                                                                             Very nice - (Ashton) - Oct. 7, 2002, 10:40:00 PM EDT
                                                                             Stupid request - (ben_tilly) - (23) - Oct. 8, 2002, 07:04:00 AM EDT
                                                                                 Sure... - (imric) - (5) - Oct. 8, 2002, 08:31:58 AM EDT
                                                                                     Re: Sure... - (deSitter) - (4) - Oct. 8, 2002, 09:46:38 AM EDT
                                                                                         Nice to be appreciated - thanks! -NT - (imric) - (3) - Oct. 8, 2002, 07:01:08 PM EDT
                                                                                             Re: Nice to be appreciated - thanks! - (deSitter) - Oct. 8, 2002, 08:27:00 PM EDT
                                                                                             Re: Nice to be appreciated - (deSitter) - (1) - Oct. 8, 2002, 11:30:34 PM EDT
                                                                                                 *blush* -NT - (imric) - Oct. 9, 2002, 09:06:54 AM EDT
                                                                                 Targets & tags -- annoying as hell - (kmself) - (16) - Oct. 8, 2002, 01:30:46 PM EDT
                                                                                     *shrug* Tell you what. Let's vote on it. - (imric) - (15) - Oct. 8, 2002, 06:31:23 PM EDT
                                                                                         What he's talking about - (drewk) - (3) - Oct. 8, 2002, 06:52:45 PM EDT
                                                                                             So - you don't mind targets? 'K.. - (imric) - (1) - Oct. 8, 2002, 06:59:25 PM EDT
                                                                                                 Sure, I see why - (drewk) - Oct. 8, 2002, 07:40:18 PM EDT
                                                                                             What he said - (ben_tilly) - Oct. 8, 2002, 07:11:47 PM EDT
                                                                                         FWIW, I've always disliked targeted links. - (admin) - (2) - Oct. 8, 2002, 07:04:54 PM EDT
                                                                                             Bribes... - (imric) - (1) - Oct. 8, 2002, 07:29:32 PM EDT
                                                                                                 Bah. - (admin) - Oct. 8, 2002, 07:34:15 PM EDT
                                                                                         If I see a link in Imric's post I know a new window will pop - (boxley) - Oct. 8, 2002, 07:54:11 PM EDT
                                                                                         Re: *shrug* Tell you what. Let's vote on it. - (deSitter) - (1) - Oct. 8, 2002, 08:16:53 PM EDT
                                                                                             your target did not link :-) -NT - (boxley) - Oct. 8, 2002, 08:44:42 PM EDT
                                                                                         Can see both sides. - (Another Scott) - Oct. 8, 2002, 08:56:11 PM EDT
                                                                                         How to open in new windows, block target-generated windows - (kmself) - (3) - Oct. 9, 2002, 03:31:10 AM EDT
                                                                                             *smile* OK, then, no problems anymore? Ben, anyone? - (imric) - (2) - Oct. 9, 2002, 09:05:33 AM EDT
                                                                                                 I can't use Karsten's solution - (ben_tilly) - (1) - Oct. 9, 2002, 06:48:43 PM EDT
                                                                                                     Hmmm. - (imric) - Oct. 9, 2002, 07:58:14 PM EDT
                                                                         absolutely true Im quite off brand myself - (boxley) - Oct. 8, 2002, 07:51:55 AM EDT
                                                             *smile* - (imric) - Oct. 7, 2002, 08:19:05 PM EDT
                                                             Sure thing, man. -NT - (bepatient) - Oct. 7, 2002, 08:22:29 PM EDT
                                                             Much better - (ben_tilly) - Oct. 7, 2002, 09:27:41 PM EDT
                                                             De nada. -NT - (Ashton) - Oct. 7, 2002, 10:42:44 PM EDT
                                                             Yes, and Thanks. -NT - (Steve Lowe) - Oct. 8, 2002, 03:44:48 AM EDT
                                                     A tip - (ben_tilly) - Oct. 5, 2002, 07:36:01 AM EDT
                                 What's really interesting... - (admin) - (7) - Sept. 30, 2002, 12:39:34 PM EDT
                                     That address responds to ping - (SpiceWare) - (5) - Sept. 30, 2002, 01:51:48 PM EDT
                                         Re: That address responds to ping - (deSitter) - (4) - Sept. 30, 2002, 02:17:35 PM EDT
                                             Some personal accountability would be nice. - (admin) - (2) - Sept. 30, 2002, 02:20:47 PM EDT
                                                 Any chance of a 3rd person in STL - (boxley) - (1) - Sept. 30, 2002, 09:10:48 PM EDT
                                                     ... - (admin) - Sept. 30, 2002, 09:30:45 PM EDT
                                             ? - (SpiceWare) - Sept. 30, 2002, 10:15:22 PM EDT
                                     Interesting enough - (orion) - Oct. 3, 2002, 09:58:40 PM EDT
             Fsck off bucko! -NT - (bepatient) - Oct. 5, 2002, 11:13:14 AM EDT
             Right. - (pwhysall) - (15) - Sept. 28, 2002, 02:28:40 AM EDT
                 What do I know - (orion) - (14) - Sept. 29, 2002, 08:35:46 PM EDT
                     time to adjust again, working again has changed - (boxley) - Sept. 29, 2002, 08:38:56 PM EDT
                     Forgive me if I don't see a problem... - (bepatient) - (11) - Sept. 29, 2002, 09:15:33 PM EDT
                         Apparently not Klez - (orion) - (10) - Sept. 29, 2002, 11:01:16 PM EDT
                             Klez spoofs sender - (kmself) - Sept. 30, 2002, 12:14:56 AM EDT
                             I presume . . - (Andrew Grygus) - (8) - Sept. 30, 2002, 12:58:23 AM EDT
                                 Re: I presume . . - (deSitter) - (3) - Sept. 30, 2002, 04:52:11 AM EDT
                                     What fun? - (orion) - Sept. 30, 2002, 06:38:13 AM EDT
                                     Actually you likely didn't miss it - (ben_tilly) - (1) - Sept. 30, 2002, 07:56:48 AM EDT
                                         Re: Actually you likely didn't miss it - (deSitter) - Sept. 30, 2002, 12:04:02 PM EDT
                                 Re: I presume . . - (orion) - (3) - Sept. 30, 2002, 06:44:59 AM EDT
                                     Stop using windows - (jake123) - (1) - Sept. 30, 2002, 12:13:48 PM EDT
                                         I know - (orion) - Oct. 3, 2002, 10:01:45 PM EDT
                                     We use Command antivirus . . - (Andrew Grygus) - Sept. 30, 2002, 12:35:28 PM EDT
                     Fair weather friends? - (a6l6e6x) - Sept. 29, 2002, 09:25:05 PM EDT

I made it through almost 20 minutes of this before coming out of my skin and destroying the TV with my mad shrieking.
120 ms