Strange e-mails. Any info is appreciated.

The last 2 weeks I’ve been getting some really strange e-mails on my Hotmail account. It’s always from a different address.
What’s so strange is, there is no message or attachments included. They’re blank. I’ve gotten about 20 of these now.
Anyone else getting these?

I’ve gotten several. They seem to be attempts to send the Klez worm. Although mine are all from different addresses, the Klez worm fakes the From address, and they’re all coming through the same, non-hotmail, server.

It sounds like what you’re getting, but I could be wrong. Are they of large size for being blank? Mine are- that’s the worm in the header, I believe (someone more knowledgeable about computers can probably correct me on the details).

Here’s the best info I’ve been able to find on the Klez virus:

Klez often has no text in the email body, just the attachment.

The fact that you’re getting these blanks sounds like Hotmail is actually on the ball for once and is removing the infected attachment when it arrives.

We’ve discussed Klez here before.

Won’t Norton detect & zap a klez virus? I have Norton AV on my puter and it is listed as one (+ aliases) that Norton recognises.

The emails I got had text saying something like: This my first time to play this game. You like to play game …etc. I have Panda Antivirus and I had 30 files infected before it caught it. When I saw the emails (I had Klez before) I ran a fast Klez detector on the Panda site but it didn’t detect the virus; a couple of hours later my Explorer started acting funny and when I looked at the permanent scan history it had detected 30 klez-infected files. So, to give an analogy, my antivirus program did not detect the virus at the time the email was opened. My question is, I have Outlook Express version 6 and it is supposed to stop any virus, like Klez, that is activated without opening an attachment. Obviously it didn’t. Also, the Panda Klez detector says that even if the Klez detector program doesn’t detect any viruses you should scan the entire computer anyway. So what use is it? Those of you who have Norton, has it been protecting your computer from Klez?

My pre-installed internet explorer says it is IE6 and it has been acting up too … so maybe I do have klez, and although Norton recognises it, it hasn’t detected it despite a whole-system scan, but being a novice I don’t know what else to do!

I have had some viruses thru IE6 but Norton zapped them while I was still online at the infected site. So that function has worked before.

I did notice that Norton says it is scanning IE5 though. I have had a lot of ‘not responding’ from IE6 - ‘hungapp’

I haven’t received any blank mails BUT I did get a spate of returns and a delayed delivery notice (are these common?), and have just started using AOL’s Instant Message service, I wondered if that was causing a problem.

Hmmm. The plot curdles!

Suziek, how did you rid your puter of klez in the end?

so if you’re using web-based mail, klez isn’t a problem? or, it won’t infect your computer?


I’ve gotten several of these myself. I don’t think they are KLEZ related though. A guy in my e-mail “circle” got KLEZ and it sent it out to another guy with me as the sender. It had both a “RE: line” and a short text message.

The ones I think the OP is talking about have no text messages, and the “RE: line” doesn’t match the random possibilities of the KLEZ (at least not by the site I read on it).

My WAG is that it’s Spammers looking to see if you’ll open the message. If you do, they know that you’re worth sending more to. They can also look to see what kind of “RE: Lines” you’ll open and what kinds you’ll just delete. If you open all the porn related e-mails, they sell your address to porn sites…if you open the sports ones, well, ESPN and CNN/SI, here you go…

Basically, it’s a way to demograph the addresses they’ve bought. Fairly ingenious IMHO.

Well I recently received an email, at least I think I did, that had every field blank. No subject title, nothing in the body, no return email address. The only sign that it was received via Outlook Express was the envelope icon. After highlighting I tried to send a reply just to see what would happen since it usually copies the original email and its’ information. The only info it gave was that it was received at 7:09 am. Wouldn’t allow me to send response since it had noone to send it too. Quite odd. Went to get the patch referred to above but it wasn’t required so perhaps McAfee or something else caught it and all it registered was a totally empty email.

I’ve been getting these weird emails with 100-200Kb attachments. The subject title is usually weird, (random words, but often having to do with web page design - like “cell spacers” or something like that. There are usually two attachments: usually a jpg file (some random file - one was of someone’s kid, another was a web site award) and then an “exe” file or “pif” file (whatever that is). Since I am on my Mac, this does not affect me. It is annoying because I have to keep downloading the damned things. I assume this is Klez? I just emailed one of the people who sent me one of these things, telling them that they probably have a virus.

This is why I haven’t picked up email on my PC for a while. I don’t have up-to-date virus protection on it right now - who needs the grief?

I’ve been geting a few of these strange e-mails too, the one about the game and another from some stranger wanting to be my friend (got enough already thanks!). Not sure if there was text in the message as I thought they were probably some virus thing and deleted them without opening.

The first time I knew I had Klez was when I got emails returned saying it had been detected. The virus had sent emails to my address book and some of them were government servers so they rejected them. I tried to download an antivirus program but they wouldn’t install, which is a symptom of Klez. I then ran an over the internet scan on and got rid of it. I installed the trial version of Panda Platimum and two days later my Explorer was again acting weird. Apparently the Panda didn’t catch the next Klez in my email and I had 30 infected files that it finally detected and eliminated a couple of hours after I got the second weird email. I don’t know why it didn’t catch it when I opened the email; but, Klez is supposed to open if you just open the preview window without having to have an attachment opened. BUT, I have Explorer 6 which is supposed to eliminate this vulnerability. Anyway, I had to go to Windows Update, click Uninstall on Explorer 6 and run Repair. I also did Registry Healer several times. I am still having trouble: I can’t open files from my desktop and the longer my computer runs the slower it gets, until it is impossible and I just get can’t reach server. There is a quick detector on the panda site and also the full internet scan so if the virus disables your antivirus program you can still do a scan. It’s

I am having so much trouble with IE, I don’t know if it’s Klez related or not. I tried about 6 times to get my last reply on this page. I can’t seem to use the YOUR REPLY section at the bottom here.

But back to the plot … PANDA …

suziek, I don’t know how effective the PandaScan is if your puter is still acting up. I went to their website and couldn’t go beyond the first page. I just kept getting ‘done but with errors on page’ which quickly shifted to simply ‘Error’, but whatever I clicked on the page never changed. Which antivirus type application was it that notified you of your having sent infected mails?

English Cid

To see if the problem is Explorer, try going to Start and Windows Update; then get to the Products page where you usually do your updates. Click where it says to show all the updates you have done previously. Go down to Explorer 6 and click on “Uninstall” and it will give you the option of repairing Explorer. If your computer came with Explorer 6 or you haven’t updated it then it won’t be there of course. If that is the case, then you will have to reinstall Explorer so just go to the Products page and do that.

The notification I got was from the server that was trying to receive my email, e.g. IRS server. It rejected it because it found a virus and wouldn’t let it through to IRS so it sent it back to me with that information.

I’ll give you the direct link to the scan and hopefully you can do it that way. Click on How Can I Find Out… and after the inital scan, even if it says there are no viruses, continue on and let it scan your entire computer, as it suggests. GOOD Luck!

[[I am having so much trouble with IE, I don’t know if it’s Klez related or not. I tried about 6 times to get my last reply on this page. I can’t seem to use the YOUR REPLY section at the bottom here. ]]

Make sure you are logged in before you compose and try to send a message in that reply box. If you are not logged in, you’ll see “unregistered” after “Logged in User” instead of your screen name.

Don’t bother trying to reply to the people who apparently sent it to you, because they didn’t do any such thing - the reply addresses are all spoofed, randomly chosen from their big list. Today my manager got a virus email from himself, for example.

Luckily, we do not use MS email software, so we are safe from auto-infection (at least, I bloody hope so).

Anyways, if you do send email to the apparent sender, all they’ll do is reply back to you saying “who the hell are you anyway?” and it causes more unnecessary email jams.

That’s all this worm seems to do - make a gazillion emails designed to confuse us and piss us all off.

I got three more “rejected” emails today; one of them said the Klez virus was detected and the others that the address was unknown. I don’t have the virus according to my antivirus program so I’m wondering what the heck is going on with that email I got back. Of course I didn’t send it. Is it just using my address to send?

It’s finally happened! The number of bogus warnings to me from ISP’s virus scanners has exceeded the number of Klez.h copies I received today!

Here’s what I think is happening:

The klez.h grabs two addresses from an infected computer’s email address book (and other sources), puts one addr in the “TO” field, and the other in the “FROM” field, then sends it out.

(See Tech info from

The anti-virus scanner employed by the well-meaning and frustrated ISP detects the virus signature, modifies the message body, and sends out a nasty message to the “FROM” person telling them they are infected, and what a terrible thing they are doing to the world.

Since the “FROM” field does NOT tell where the message came FROM, one more confusing and junk message goes out over the Internet.

Geez. Deliver me from such intent. :rolleyes: Which is worse, the virus itself or the anti-virus program? Mr. Klez must really be laughing.

The strangest thing that is happening to me is that I get all the email addressed to another person at Camp Ronald McDonald. I also get any email sent out from several people at Camp Ronald McDonald. I have told them about it but so far I’m still getting all of the above. I believe it’s all from Klez. We do both have Earthlink.