Help....I have a virus!

myself

[rwfromkansas]

Okay, I am about ready to throw something at my PC. I got a virus off of an e-mail even though I did not open an attachment and quite frankly, am close to losing it.

Whenever I start the computer, the virus, w32.klez.e@mm, takes up all my space on teh C drive and screws my memory over, embedding itself in the C/Windows/Sytem folder. I can't even download virus software to fix the problem. I am EXTREMELY frustrated. I can't even start my e-mail because I don't have enough memory!!!!

I do not have any anti-virus software because we had some old software on here but we could not update it. They wanted money for every update and we just decided the heck with virus software since it is money-grubbing anyway. But, now I am in a serious bind. I did not even know you could get a virus from previewing a message.

I have looked at removal instructions at symantec, but am not able to do that since I need to download their software to remove the virus. i have wasted about 80 bucks in teh last six hours attempting to download software that has only failed due to the virus screwing me over.

I need some help here, if anyone can do so.

I guess otherwise, I am stuck with this thing and it will never go away.

[John Robinson]

Buffer overflows. Programs copy text buffers around in memory. If the destination buffer is not big enough to hold the source data bytes of data are copied outside of the buffer into other areas of memory. Hence buffer overflow. Data purposely overflowing buffers can be carefully constructed to insert new program code into memory, which will then get executed.

It's not terribly difficult to make these types of programming mistakes which open code to attack. Even worse, all it takes is ONE byte getting copied outside a buffer to possibly open a program to such an exploit. These off-by-one errors are pretty common.

To compound the problem, Microsoft has historically (hysterically?) been very lax in securing their programs against such attacks. Microsoft has 90% or better of the marketshare, historically lax security, and people hate them. The best way not to get hacked is to use as few of their programs as possible.

[Northern Yankee]

Another good virus protector,on line, is McAffee. ($30.00 a year. Well worth it!)

Good Luck!

[HairOfTheDog]

Thanks for that explanation, though I am still not sure how it executes from text.

I use Outlook, and the other MS products (confession - I love 'em).

I keep PC-cillan updated, but I have a feeling you may tell me PC-cillan can't detect something like this because it is not an attachment...

When I have had my morning coffee, I will check out the Trend website and find out what I can.

[rwfromkansas]

Yes, it was a bug in outlook express that let's one have a virus just by previewing an e-mail. Needless to say, I wish I knew about that one. I can my e-mail program when I first start teh comp, but later the virus takes up so much space it just gobbles everything up and about the only thing I can do is word processing or the web. I have deleted lots of junk off my comp and the virus still takes up all the space somehow...I am not quite sure what it does to do this. Anyway, after looking at Symantec's info on this virus, I think I can do the manual removal first and then hopefully the virus will be gone and I will not have problems with space. Before I would shut down I would have to get new virus software installed to fix the problem or it will infect me again according to symantec instructions.

The only good news is the only software the stuff deletes is anything that has to do with anti-virus software. Unless it is on an the 6 of an odd-numbered month, in which it screws up every software program on your computer.

[rwfromkansas]

I believe it is worth it now...no kidding. I basically thought the most likely way I could get a virus would be to open an attachment. Virus e-mails look so obvious I always can spot the suckers and don't need software. But, Outlook Express has a bug that lets them send it to you just by previewing a message.

[rwfromkansas]

I tried to do that but it said I failed its qualifications by not having cookies and Java enabled.....utter nonsense, I always do. So, I blew some more money...and it may be the virus that is screwing me up on that also...

[rwfromkansas]

I have found a patch online that will remove the virus I have and so this is VERY GOOD NEWS. I probably will not need to reinstall everything. I have also found out the I-Worm is an alias for the Klez.e that I have on my system. You must have had it on your computer on March 6....that is when it REALLY gets nasty.....

The other good news is that this virus is not smart enough to infect both my C and D hard drive partitions....so if only this patch software would let me download it to the D drive instead of forcing it to the C drive, I will be fine....

[Eska]

I have been sent viruses without attachments also. Boy, that 35 bucks I spent on norton internet security at costco (20 dolar rebate) sure was worth it, at least I think so, so far.

Friend was telling me that XP is very susceptable to hackers. Anybody have any believeable info on this?

[John Farson]

web viruses, malicious Java codes, and some nasty Trojan horses. I'm using Norton Antivirus software

I may live to regret it, but I don't keep anti-virus software running. Some anti-virus packages perform so poorly that they are almost like having a virus.

Instead, I don't read email with Outlook, disable all Active-X, Java, & javascript on all but a few trusted pages, disabled file sharing, and deleted Microsoft Scripting Host -- and I regularly back-up files I can't afford to lose. My computer runs much faster without Antivirus software running all the time.

[XBob]

the best way I would suggest is to upgrade your system.

1. Select a new, larger, faster hard drive
2. Remove your old hard drive from the system.
3. Install your new hard drive, in it's place, make it the 'active' drive, and then format the drive, and then install minimal software, eg, windows only, or what ever.
4. Buy and install a good anti-virus - I use McAffee, it seems to be more compliant than Norton.
5. Once that is done, install your old hard drive as a slave 2nd drive. (note - this may get somewhat tricky, depending on whether you use the same cable or another port and another cable - and you may have to change jumper settings) None of this is hard to do, but should not be taken lightly.
6. Run the anti-virus on your old drive
7. Pull your important data files off the old hard drive, and onto the new hard drive.
8. Format your old hard drive to kill all virus stuff and ALL files, period, on your old hard drive, just in case. (if you don't know how, learn, as it is important if you are going to stay with computers)
9. Leave all your hard drives in place, and keep all important your data on a separate hard drive (which ever you decide should be a secondary drive) so that in the future, if you need to format your hard drive, your important data will be on a separate drive.

This is not really hard to do, but it would be easier if you had a 'guru' friend, who knows how, and who would step you through it the first time. EG, go to a computer club, if you don't have a 'guru friend'.

[Jen]

If you use Outlook Express as your usenet newsreader you can get infected simply by retrieving and reading the post.

That's what happened. The title of the post was 'Are You Stupid?' and my *maroon* hubby opened it! LOL! I have the data from our hard drive saved on CDs, I deleted Win98 and Office2000 and reinstalled. But, Outlook Express still isn't working correctly. I get an error that says OE could not be started because MSOE.DLL could not be loaded. I don't know what to do to fix it. Do you know???

I'll tell him about the Free Agent news reader. And if I don't get OE to work, he can use Eudora for his email. I use Outlook and we like to use different email programs.

[Ramius]

The Klez worm takes advantage of a known (and old, and patched) vulnerability that allowed automatic execution of an attachment, without necessarily even opening the file.

Klez Worm Info

Good lesson in keeping AV up to date and keeping up with patches. I think even JohnRob would agree that this rule applies to ALL OS's and software. Right John?? :-)

[HairOfTheDog]

Thanks for coming around... Glad I don't have to worry about this one at least.

Are you in the Beta? - You finding it to be pretty nifty?

[Ramius]

Don't have an opinion on the beta just yet. Looks nice. Seems to work pretty well.

[HairOfTheDog]

Well I love that you can see whether there is anything new in "My Comments" without doing a separate Self-Search, so I can browse around elsewhere and keep checking for replies. I don't have to feel like I am watching a pot that isn't boiling.

[Ramius]

Aaaahh... so THAT's how that works. Nifty.

[rwfromkansas]

I have gotten rid of the virus with some software programs, but now I am going to have to re-install Windows 98 (or I may upgrade) since it got rid of my ethernet drivers and I can't do anything online (I am writing to you all from a library computer).