If any of you use an email address @smithandlingard.fsnet.co.uk (full address not posted to avoid getting you heaps of spam from web crawlers) virus check your machine!!!.

Go here http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.removal.tool.html
and download the Klez worm removal tool.

I have had literally tens of viruses from this address for the past few weeks. Worse still, the virus makes it look like the virus is from another address, which means people have been receiving viruses claiming to come from me, which has made me rather unpopular! I know for a fact I'm not the only one getting viruses from this address, or the only one whose names are being "spoofed" (I've just got an email claiming to come from Matt Ife, for example, but I know it's not actually from him), so for your own reputation and other people's, please check your machine.

I also have been getting e-mails like this one Maria describes which makes it look like the e-mail has been sent from other forum users. I have also had some that claim to be sent from you Maria. Luckily i have deleted them as soon as they have arrived.

Thanks for the web link....

Originally posted by RDGelder
I also have been getting e-mails like this one Maria describes which makes it look like the e-mail has been sent from other forum users. I have also had some that claim to be sent from you Maria. Luckily i have deleted them as soon as they have arrived.

Thanks for the web link....

I have heard and experienced a few of those that go through your contact list - sending supposed viruses to your friends. I recently got one from Jonathans address titled 'Congratulations.'
The file sizes are like 136k, but when you open them there is nothing there. Just delete them as soon as you can!

If you use Outlook Express, highlight the email and click "file", then "properties" and then "details." The "return-path" entry at the top of all that text shows you the real address that it's come from.

Never have your PC set to automatically open files of any type. When I try to preview these mails, they ask do I want to open the attached file, so I simply click no, and delete the mail (oooh, look, I've just got another one...).

If you don't get a prompt, chances are your PC is set to try to automatically open attachments, which is not a good thing. I've never yet managed to work out how to reverse the decision to never ask you about opening things automatically, but I'll look into it.

If you've received one of these messages, run that anti-virus program anyway just to be sure.

...and I got the same "Congratulations" email claiming to be from F170 GGT earlier. I usually delete them without previewing but was caught unawares this time and it tried to execute the attachment through the preview pane.

Usual titles of the email i get from this virus include:

"Questionnaire"
"Congratulations"

and

"Abuse should be reported to the webmaster"

:eek:

One entitled "Abuse should be reported to the webmaster" was sent in my name to someone else, which resulted in a very entertaining 2 week email conversation which started with his reply to "my" mail: ":censored: off", and my reply protesting my innocence :laugh:

I got the Klez Worm virus the other week, my virus checker apparently disinfected it tho'. Thats what it told me, whether it did or not is another question. But i have had no dodgy emails as you lot mention above.

Lindsey

I got an e-mail subject heading 'Lowering advice' from a F170 GGT which I knew was a fake message as I wasn't aware he intended lowering his car :) Luckily I use hotmail as this doesn't virus your system unless you click to download attatchments and is HTML based not software as is Outlook Express.

Just this minute received an email "from RDGelder."

From :
richardgelder <richardgelder@lycos.co.uk>
To :
F170GGT@hotmail.com
Subject :
Hello,F170GGT,welcome to my hometown[
Date :
Sun, 20 Jul 2003 14:11:30 +0100 [B]

RDGelder would not send an email to me titled Subject :
Hello,F170GGT,welcome to my hometown[ and he wasn't even online at the time.

I got an e-mail subject heading 'Lowering advice' from a F170 GGT which I knew was a fake message as I wasn't aware he intended lowering his car.

Dead right there M170! I wouldn't give people advice on how to lower their cars, I'm not even sure how to go about it myself!

One entitled "Abuse should be reported to the webmaster" was sent in my name to someone else.

I have recieved email with that title often.

Ones that :censored: me off are ones titled "NEXT OF KIN, URGENT." and "BANK OF PERU NEEDS YOUR HELP." The senders of those such emails recieve a peice of my mind often, but it doesn't stop them coming.
:banghead: :mad: :censored:

Oops... why don't Computer Shops tell u these things, as opposed to saying 'oh, all your undelivered mail emails are a fault on the Server'? I'm talking high street shops not places like Comet, Currys, etc.

Anyway, have downloaded the FixKlez.com program, attempted to put the computer in 'safe' mode and then it grinds to a juddering halt. Have somehow deleted all but 2 viruses but I "need to put the computer in 'safe' mode"... which is where I thought I was...

While bytes 'in' on this session are approx 700k after 12 minutes, bytes 'out' are something like 2.5M... same figures as before I started messing about this pm with FixKlez.

Any thoughts?

The other other Rich.:confused:

Sounds like it is sending emails to those in your address book to propagate the virus.

Lindsey

Originally posted by e692wtt
I'm talking high street shops not places like Comet, Currys, etc.


Isn't that what they are?

Right... after lots of faffing around and deleting goodness-knows how many infected files with FixKlez, and having logged in again, after 14mins my comp has received approx 890kbytes and exported (ha!) 188kbytes, which is how it used to be... I am unable to delete 2 files though:

msmsgs.exe (FixKlex cannot either repair or delete, I cannot manually delete it as either 'in use' or 'write-protected' - but I have set it to 'read only' which seems to have had a positive effect...) and

Winkxr.exe (FixKlez cannot repair or delete, I cannot manually delete it because I cannot find it but can find Winkxr.lgc which I guess ain't the same).

Any clues? If the 'dodgy emails' stop, we're heading in the right direction... Further guidance gratefully received! Still not got my head round, or my computer into, this 'safe' mode though...


Currys etc 'high street shops'? Bury's gone all Trafford Park, there are very few proper computer shops, or indeed high street shops at all really (except Poundshack etc), it's all glass and concrete nowadays... whether 'town centre' or 'retail park' shopping. Isn't everywhere the same nowadays though? You find the best 'proper' shops on the main roads into- and out-of towns, including any proper computer shops that still exist. Oh, I hanker after the good old days...

After 24 mins online, the 'in' and'out' figures are just about the same. Definitely an improvement...:)

The other other Rich.:banghead:

PS Wasn't 'fixklez' a comedy series by Les Dawson, or was it something else?:laugh:

Well, my home computer seems to have stopped exporting vast amounts of info at every logon, so I guess I've sorted it for now... if not, let me know.

The other other Rich.:)

I have seen the effect of the worm that has been affecting you all - I have had weird e-mails purporting to be from from Maria, Dave Monks and someone else. I only use Webmail now (mainly so I can check my home account at work and at home and wherever else I may go) so it is very odd that Maria had one from me. Strange things are afoot.

Been logged on this session 1h20min, 'imported bytes' 7Meg, 'exported bytes' 952k approx. Much better.

Have been on for this session and another 45 mins before attempting to clear my email backlog - either 'message returned...' or 'help@maestro...' (but we all get these...). Still got 50 emails to download from approx 180... hopefully I've sorted it. Talking of my, ahem, valiant efforts on Sunday, I bet Hancock had more interesting Sunday Afternoons than this... :laugh:

If anyone still gets 'dodgy' emails from me, please let me know .

The other other Rich.:cool: