Re: [NTLK] Bizarre Dongle !

From: Woo Lee (vitcitylb_at_earthlink.net)
Date: Fri Oct 11 2002 - 18:12:26 EDT


------------------
>Unfortunately you are wrong. The klez CANNOT propogate on a mac.

Unfortunately it happened. The 'returned mail' had the correct headers.
------------------
>Your message is confusing since you refer to both mac and Pc machines.
>An up to date norton which is scanning email does not send a copy out!

I did say the PC had Norton, but the Mac has Virex. Virex froze during =
scan, Norton first said 'action.exe' has virus-like activity then 18 sec. =
later Norton says 'email infected with Klez'. Both Norton and Virex had =
up-to-date defs.
------------------
>On you mac you may have a saved attachment which is the scr file. Your
>no name text file is not anything to do with klez. Klez files have
>names and are not hidden.

'May'? That's one way to put it.
Virex always froze on those files. Since Klez is not supposed to infect =
Macs, this is the best conclusion, however CA/Virex has not replied about =
this inquiry. The Mac is for 49% email(attachments that don't open on =
Newton) and 51% Newton software. I use the PC for work-based attachments. =
 I use the Newton as the first firewall, Mac second, then email gets to =
the PC. The Newt. saved me from the 'ILOVEYOU' virus, a nice VBS that I =
opened on the Newt., read the scripts, then deleted from the email server =
from the Newt. I guess I shouldn't tell you what happened on the Newt. =
after I closed the email and a got 'system error' causing a soft reset.
------------------
> I have to wonder what these files were (probably some temp file
>created by the outlook or another program) but NO virus sends files
>this size otherwise it would cause the message to reject on almost
>every email server on the net (message size limits are usually in the
>3-6MB size) and what good would that be!

Something was created by OE because nothing else could be the cause, no =
new software around that time. The 'no name files' on the HD are MB, the =
returned emails with 'infected notice' are KB size, sorry for not making =
that clear. The ASPENET listserv gets virii at least once a week. By the =
time I download on my Newt. and see the .exe or .scr or .pif files, the =
listmom and other properly protected list members send out warnings about =
particular emails, usually Saturday or Sunday mornings so after an =
Oktoberfest weekend your guard is down and you click on attachments. Back =
in the PlanetNewton days, some NTLK list members had a rough time with =
virii, good thing Bill/Victor set this up to strip attachements.
------------------
>I might sugget a trip to Symantecs antivirus page for the Mac if you
>want to read more....

Been there, CA/Virex's too, went there before I posted here. Some =
variants are known to disable anti-virus software. I asked 'friends'(not =
the TV show, but Linux/Win/Mac users with 'experience') about this, they =
weren't sure but they had plenty of 'Trojan's(not the condoms) that worked =
thru AOL. When I had AOL on my Mac I didn't believe them, until I asked =
them to send me one, next day he had my ID and password. Ouch.
------------------

!ooW
Pres. of Los Angeles Newton Users Group.
 

-- 
Read the List FAQ/Etiquette: http://www.newtontalk.net/faq.html
Read the Newton FAQ: http://www.chuma.org/newton/faq/
This is the NewtonTalk mailing list - http://www.newtontalk.net/



This archive was generated by hypermail 2.1.2 : Thu Oct 31 2002 - 12:02:34 EST