Worm using own SMTP engine
Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: Worm using own SMTP engine

  1. #1
    AntiOnline Newbie
    Join Date
    Apr 2002
    Posts
    91

    Worm using own SMTP engine

    This question is also about W32.Klez. When my friend, whose computer was infected with this worm, called her ISP, she was told by the technician that she could go on the Internet to get the removal tool and instructions, but she should not open her Outlook Express, as that would send out more infected messages. Is that accurate?

    Since Klez uses its own SMTP engine, does Outlook Express have anything to do with it once the computer is already infected? Or would just turning on her computer and making the dial up connection send off the next round of infected messages which is in the code?

    Sorry I just don't comprehend how such things work.

  2. #2
    Senior Member
    Join Date
    Jan 2002
    Posts
    227
    Go here and you will find almost everything about this virus.

    good luck
    http://promote.opera.com/small/opera94x15.gif

    [gloworange]Sun7dots[/gloworange]

  3. #3
    Senior Member
    Join Date
    Feb 2002
    Posts
    253
    Here ia another article on Klez.H:
    http://www.antivirus.com/vinfo/virus...me=WORM_KLEZ.H

  4. #4
    AntiOnline Newbie
    Join Date
    Apr 2002
    Posts
    91
    sun7dots - Thanks, but I've already been there, maybe a dozen times. And also to the other 13 sources I got when I did a search on the Symantec website for w32.Klez. And to the information at Panda Software, too.

    No where did I find an answer to this specific question. The literature says that Klez uses its own SMTP engine, but I just don't understand the details of how that would work, nor the implications.

    Now that a computer of the secretary of a large organization to which I belong has been infected, I expect I'll have to answer a lot more questions, since there are many members whom I suspect don't have antivirus programs to protect them.

  5. #5
    Junior Member
    Join Date
    Mar 2002
    Posts
    5
    Something's got to launch the code for it to start the SMTP engine, such as double-clicking the attachment; hence the advice not to start OE, since using the preview pane will cause the code to launch.

  6. #6
    Senior Member
    Join Date
    Apr 2002
    Posts
    380

    Use an updated antivirus

    Use an updated antivirus and patch outlook and you won't have any problems anymore with klez
    [shadow]Scorp666, the Infamous Orgasmatron[/shadow]

  7. #7
    AntiOnline Newbie
    Join Date
    Apr 2002
    Posts
    91
    m4ilm4n - Is this true each time the worm is executed? I'm talking now about a computer on which it has already executed once.

  8. #8
    Senior Member
    Join Date
    Feb 2002
    Posts
    253
    Your question seem to be that once a computer is infected by Klez, can the worm/virus by itself utilize Outlook Express to send infected emails when the PC logs on to the internet?
    If this is the question, I have never seen the answer.

  9. #9
    AntiOnline Newbie
    Join Date
    Apr 2002
    Posts
    91
    bucket - Your last reply is exactly what I meant. Thanks for rephrasing that for me.

  10. #10
    Senior Member
    Join Date
    Apr 2002
    Posts
    380
    I forgot to explain that smtp thing
    A virus with it's own smtp engine can send mail without using Outlook, Outlook Express, Netscape or any other mail program. It is a good way to avoid partially patched Mail clients.
    A properly patched mail client will not allow executable attachments to start on reception hence stop the virus dead. Also some antivirus programs will monitor incoming mail for viruses. Another line of defense is a firewall that will block that smtp engine if other lines of defense were inadequate or disabled.

    I hope this explains what you wanted to know.

    Time to patch that comp dear!
    [shadow]Scorp666, the Infamous Orgasmatron[/shadow]

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •