May 17th, 2003, 07:28 PM
Well if you didnt do anything at all like you said u havent, then you shouldnt have a worm/virus. You must of done something like accept a file over DCC or open a strange email. We cant hell you unless you give us some backround info on what happened or what you did. Sorry if i affended anyone. -Twisted-
May 18th, 2003, 12:32 AM
Hummm.... Look AOers... If he's running old versions of mIRC then he doesn't even need to download from kazza or anything as a matter of fact he most likely got it because he has 'autoget' enabled in mIRC.... This means that he could have been infected straight out of IRC without even knowing it. Its old... mostly popular with macro virii.
This URL talks all about what I just said... http://www.stiller.com/mirc.htm
However if you don't have anything like mIRC then you could still be infected with some virii if a bot advertises a site and you visit it such as a a normal looking site or site with FTP downloads or a site with some infected plugins & (ect).
May 18th, 2003, 03:43 AM
probably just a coinsciedence(i cant spell). Unless the war bots were scanning hosts as they joined. Which i have seen in the past. what virus did your A/V software tell you, that you had??
May 18th, 2003, 04:36 AM
i got tons of viruses through mIRC, always the same one. I've been using Kazaa for ages though, downloaded thousands of files, gigs of warez and i've only ever got 2 viruses.
May 18th, 2003, 05:14 AM
As a random thought.. what did your AV find infected? Was it by chance in a firewall log? Or the actual attachment ect.?
May 18th, 2003, 09:12 AM
the first file that was infected was my windows.exe and then all other *exe, *.com files had been infected....but only the exe ect were infected that wondered me...
May 24th, 2003, 01:36 AM
You may want to consider where you got the mIRC software. There is a download/install package floating around that already includes a trojan. We found a few of those around here recently.
May 24th, 2003, 04:43 AM
It is my understanding that Klez actually "spoofs" the sender's email address by randomly selecting an email address from the sender's address book, so you may have opened an email thinking that it was from a trusted source, when infact it was not. Visit http://securityresponse.symantec.com...firstname.lastname@example.org for a better description than I am able to provide. Anyone please feel free to correct me if I misunderstand this concept, because I am by no means an expert.
May 24th, 2003, 11:15 AM
Like you, I believe Klez spoofs the sender in the From part of an email. If I want to find the indenity of the sender of an infected email in my Outlook Express, I might look in the Details part of the email Properties.
The Reply-To designation may help identify the infected machine.
Sometimes it does & sometimes it does not.
May 24th, 2003, 11:19 AM
theuser is correct regarding Klez. Klez usually comes with with trojan "Elkern" or similar.. simply depends on what patches you DIDN't have installed and if you were using Outlook express AND were running with the preview pain enabled.. simply previewing the infected message infected you.. cool huh.. but if you had all the ie 5.5 or IE 6 updates you "shouldn't have a problem (one of the reports on klez and bugbear claimed that IE6 was imune..what a joke.. most of the systems we fixed had IE 6 and 6.1)
"Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr