My computer was infected by Klez months ago. I got rid of it but my computer still gets glitchy once in a while and I’ve had to run a repair on Windows several times. I have AVG but whenever I get a funny email which I know is Klez no window pops up or anything. I know it’s running in the background, at least it tells me it is. And there is nothing in the history. How can I find out if it’s detected and eliminated a virus? Also, I’m still getting 3-4 times a week returned emails ostensibly from me (not of course) that are undeliverable due to a bad address or contain a virus. I know the unable to deliver messages are automatic but some of them are very threatening and I’m tired of getting them. Is anyone else experiencing this? I used to get all the email from Ronald MacDonald Camp but that finally stopped. Today I got a message from a university professor saying her email address had changed (?). It is scary in a way how much we depend on the net and how screwed up and unsecure it is.
>>Also, I’m still getting 3-4 times a week returned emails ostensibly from me (not of course) that are undeliverable due to a bad address or contain a virus. I know the unable to deliver messages are automatic but some of them are very threatening and I’m tired of getting them.<<
It sounds very much like you have a virus that is sending mail to your email addresses without your knowledge. That is what viruses do. If you put me in your address book I can tell you pretty soon if that is happening. (tc399@xemaps.com)
You need to make sure your AVG is up to date and working. Run it now and check for updates, please.
Hi tcburnett. As a matter of fact, the AVG program checks for and downloads updates automatically and just did that two nights ago. It’s just that I never know it’s there; it’s so quiet. The icon just sits in the tray and doesn’t talk to me unless I click on it. When I do, it says everything is running and protecting my computer. It just seems strange it never alerts me when it has found an infected file and doesn’t record it.
I heard the Klez virus initially sends out email to your address book, but after that perpetuates itself by finding new addresses on those computers, and it goes from there. I am of this opinion because the addresses that I get returned are not from my address book; and some of them are obviously random. Whoever made this virus, the program creates email addresses in the hope that some of them will get into a system, is my opinion, because some of the addresses are nonsensical, for example: nfl_20011202_ind@bal.htm. Could this even be a legitimate address?
this is an example of a typical message when an email is “sent back”: A Illegal attachment type was found in an Email message you sent.
This Email scanner intercepted it and stopped the entire message
reaching it’s destination.
The Illegal attachment type was reported to be:
EXE attachemnts disallowed
I thought by now this thing would have run itself out, but NOOOO.
Thanks for your thoughts tcburnett.
>>It just seems strange it never alerts me when it has found an infected file and doesn’t record it.<<
Yes, that seems strange to me as well. I have AVG on one machine and it seems a little more energetic. That is why I suggested that you make sure the program had not been defeated.
<<I am of this opinion because the addresses that I get returned are not from my address book; and some of them are obviously random. <snip> This is an example of a typical message when an email is “sent back”: A Illegal attachment type was found in an Email message you sent. This Email scanner intercepted it and stopped the entire message reaching it’s destination.<<
Ok. I just had a little trouble figuring out how emails that did not originate from you were being were being ‘returned’ to you. I guess that is why ‘returned’ is in quotes. Sorry I was not more helpful!
To check if AVG is working properly, download the EICAR test file. This is a file that’s detected by all antivirus software as a virus (though it is not – it’s harmless). Your AVG should give you a warning if you download it and click on it. No warning – reinstall AVG.
You may also want to go to http://housecall.antivirus.com to check your computer. In addition, there are Klez removal tools at http://www.sarc.com
Klez “spoofs” the return address when it sends itself out. In other words, if John Doe’s computer is infected, the messages containing the virus don’t appear to be sent from johndoe666@dayglohel.com, intead they look like they are from someone else, possibly someone in John Doe’s address book.
So, when you get a “we detected a virus” from someone you don’t recognize it probably means that some third party with both your e-mail and the unknown person’s e-mail in their address book is infected.
You might also like to know that one of Klez’ dirtier tricks is that it will disable anti-virus software if it is able to get past it in the first place (this happened to my wife’s computer) and it prevents the AV software from being reloaded. There are a couple of dedicated Klez removers out there that exist so you can get it off your system then reload your AV.
Thank you all for your help. Today I’m going to run the program to remove Klez, if it is indeed on my computer; also, the test program to see if AVG is actually running.
Last night, during my daily scan, AVG found a Klez variant in Opera’s cache. If some dipwad actually put the file on a web server, I’m going to find them and kill them.
Any reason why it would appear there, as opposed to in an email?