If they are using Symantec's FixKlez, make sure they are booting up in Safe Mode. Most people I've run across that run the FixKlez tool do it in normal mode and then can't understand why it leaves 4 or 5 files. After I told them to go back and run it in Safe Mode, it cleaned all files. To effectively deal with Klez, each business should make sure that if they are using Outlook, it's fully patched. That is the main reason Klez is spreading. You think businesses would learn after getting crunched every year for not patching Outlook. Businesses should seriously consider buying a E-Mail gateway like MailSweeper or TrendMicro Virus Wall. There is no better place to kill this than as it enters the network. If you don't have web content filtering, seriously consider blocking webmail services like Hotmail. A lot of these come in when a user downloads a file from Hotmail, Yahoo, AOL, etc. From: "Heidi Henry" <mcps@private>@/var/spool/majordomo/lists/crime on 05/21/2002 05:48 PM Sent by: owner-crime@/var/spool/majordomo/lists/crime To: "Crime" <crime@private> cc: bcc: Subject: CRIME Korean spam & Klez I know of several people who have been having a big problem with receiving Korean Spam e-mails. One in particular, receives eight plus Korean spam mails per day. This has greatly disrupted their business. The information has been sent to the Korean War Project, see link below. If you are having any trouble with the Korean spam the links below will provide you with more information. www.koreanwar.org/html/korean_spam.html www.koreaherald.co.kr/servlet/kherald.article.view?id=200204250059&tpl=print Some of these people have also been infected with the Klez as well as other people they communicate with, so it has infected a number of personal and business computers, some are on networks, some are not. They have gone to the Symantec site and used their tool to remove the virus but it keeps re-appearing. The virus provider sites are so busy they are not able to respond to their requests for help. As this is greatly disrupting businesses, both by the Korean spam e-mails and the Klez virus, what is the best method for removing the virus, formatting their hard drives on the personal PCs? What about on the network drives? Klez has disabled their virus programs a number of times. Their businesses are suffering loss due to this latest situation with both the Korean Spam and the Klez virus. Any suggestions you may have that I can pass onto these businesses would be greatly appreciated. Thank you, Heidi
This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:43:19 PDT