I believe infected mail has been to me and has infected my system. Apparently, my computer is sending out e-mails to people that I am completely unaware of. I am in the process of scanning for the virus now. Here is some proof of my claims:

</span><table border="0" align="center" width="95%" cellpadding="3" cellspacing="1"><tr><td>Quote </td></tr><tr><td id="QUOTE">From: &nbsp;AT&T Broadband Internet Customer Care <Customer.Care@broadband.att.com> &nbsp;[ Save address ] &nbsp;
To: &nbsp;EmeraldGuy@attbi.com &nbsp;
Subject: &nbsp;Re: Returned mail--"language" <<#260220-416604#>> &nbsp;
Date: &nbsp;Thu, 23 May 2002 16:26:14 GMT &nbsp;
Dear AT&T Broadband customer,

Thank you for writing to AT&T Broadband.

I would like to apologize for the issues that you are currently experiencing
with your e-mail. A very malicious e-mail virus called "Klez" may be to blame.
When an infected e-mail is opened by a recipient, Klez attempts to send e-mail
from the recipient's e-mail address in order to infect others. We suggest that
you run a complete virus scan of your system to locate and eliminate the Klez
virus. More information on the Klez virus, including a link to a downloadable
patch, can be found at
http://help.broadband.att.com/faq.jsp....obid=1. (http://help.broadband.att.com/faq.jsp?content_id=1638&category_id=54&lobid=1.)

If you have any further questions or concerns, please feel free to reply to this
e-mail.




Thank you again for contacting AT&T Broadband.

David R
AT&T Broadband Online Customer Support Center

--- Original Message ---
From: EmeraldGuy@attbi.com
Received: 05/23/2002 10:14am Mountain Standard Time (GMT - 6<img src="http://www.faunaclassifieds.com/iB_html/non-cgi/emoticons/wow.gif" border="0" valign="absmiddle" alt=':0'>0 )
To: postmaster <postmaster@attbi.com>
Subject: Re: Returned mail--"language"

Hello. I just received a returned mail message from you.
The problem is, I never sent any e-mail to be returned.
Can you please help me to find out what is going on?
This is what I saw on my screen:

From: &nbsp;postmaster <postmaster@attbi.com> &nbsp;[ Save
address ]
To: &nbsp;EmeraldGuy@attbi.com
Subject: &nbsp;Returned mail--"language"
Date: &nbsp;Thu, 23 May 2002 07:43:30 -0400 (EDT)
The following mail can't be sent to --
brandon@summitreptiles.com--:

From: EmeraldGuy@attbi.com
To: --brandon@summitreptiles.com--
Subject: language
The attachment is the original mail

I don't know a Brandon@SummitReptiles, nor did I e-mail
him. I am at a loss. Can you help? I have been recently
attacked by a person who was implying he was going to
use my e-mail address to cause me problems. Several
people are aware of this gentleman. I have been
receiving quite a few odd e-mails within the past couple
of days. Should I shut this e-mail address down and
switch to another one? Thanks for any help.

John Reese

</td></tr></table><span id='postcolor'>

That was a response I received from the postmaster of my ISP. I have been receiving a slew of very odd e-mails lately.
Odd thing is right before I received the returned mail, i got a mail from a guy trying to help me with the klez virus. I'll put that one up in a later post. So be careful, folks.

Here is the informative post I received before the returned mail:

</span><table border="0" align="center" width="95%" cellpadding="3" cellspacing="1"><tr><td>Quote </td></tr><tr><td id="QUOTE">From: &nbsp;grvdigr <grvdigr@isni.net> &nbsp;[ Save address ] &nbsp;
To: &nbsp;EmeraldGuy@attbi.com &nbsp;
Subject: &nbsp;Worm Klez.E immunity &nbsp;
Date: &nbsp;Thu, 23 May 2002 07:43:49 -0400 (EDT) &nbsp;
Klez.E is the most common world-wide spreading worm.It's very dangerous by corrupting your files.
Because of its very smart stealth and anti-anti-virus technic,most common AV software can't detect or clean it.
We developed this free immunity tool to defeat the malicious virus.
You only need to run this tool once,and then Klez will never come into your PC.
NOTE: Because this tool acts as a fake Klez to fool the real worm,some AV monitor maybe cry when you run it.
If so,Ignore the warning,and select 'continue'.
If you have any question,please mail to me. &nbsp;
</td></tr></table><span id='postcolor'>

They have slowed down now, but I must have gotten a dozen or so suspicious emails with .zip attachments a day last week. &nbsp;I downloaded a few programs designed to sniff out and destroy worm viruses. &nbsp;Fortunately, none have penetrated my firewall.

Make no mistake about it John, you are infected with Klez. The "informative post" that you received actually contained the virus itself. For more info on the virus, and how to get rid of it, check out either Symantec (http://www.symantec.com) or McAffee (http://www.mcaffee.com)'s websites.

Best of luck in getting that nasty lil' bug off your computer.

I shut down my e-mail address and got a new one. Will that take care of the virus?

no.....it effects yourr server...this thing is old news....

John, what you need to do is download the removal tool from Symantec's website. The worm itself is on your computer, and will just end up using your new address to send itself. I've included a link to the removal tool, and I'll post the instructions here for your convenience.

Removal tool (http://securityresponse.symantec.com/avcenter/FixKlez.com)

</span><table border="0" align="center" width="95%" cellpadding="3" cellspacing="1"><tr><td>Quote </td></tr><tr><td id="QUOTE">To obtain and run the tool

NOTE: You must have administrative rights to run this tool on Windows NT 4.0, Windows 2000, or Windows XP.

1. Download the FixKlez.com file from http://securityresponse.symantec.com/avcenter/FixKlez.com.
2. Save the file to a convenient location, such as your download folder or the Windows desktop (or, if possible, removable media that is known to be uninfected).
3. To check the authenticity of the digital signature, refer to the section The digital signature.
4. Close all programs.
5. If you are on a network or if you have a full-time connection to the Internet, disconnect the computer from the network and the Internet.
6. If you are running Windows Me or Windows XP, then disable System Restore. Refer to the section System Restore option in Windows Me/XP for additional details.

NOTE: If you are running Windows Me/XP, Symantec strongly recommends that you do not skip this step.

7. Restart the computer in Safe mode (all versions of Windows except Windows NT). For instructions, read the document for your version of Windows.
How to start Windows XP in Safe mode.
How to start Windows 2000 in Safe mode.
How to restart Windows 9x or Windows Me in Safe mode.
8. Double-click the FixKlez.com file to start the removal tool.
9. Click Start to begin the process, and allow the tool to run.
10. Restart the computer normally.
11. Next, you must reinstall NAV. For consumer products such as NAV 2000/2002/2002, follow the instructions in the document How to restore Norton AntiVirus after removing a virus. For Enterprise versions, contact your system administrator.
12. Run LiveUpdate to make sure that you are using the most current virus definitions, and scan the computer again. If NAV detects any infected files and cannot repair them, then choose to delete the files.
13. If you are running Windows Me/XP, re-enable System Restore.

NOTE:The removal procedure might be unsuccessful if Windows Me/XP System Restore was not disabled as previously directed because Windows prevents System Restore from being modified by outside programs. Because of this, the removal tool might fail. If W32.Klez.gen@mm was activated before you ran the removal tool, in most cases you will not be able to start Norton AntiVirus (NAV). The instructions for running NAV from the command line and reinstalling NAV are in the removal section of the W32.Klez.E@mm writeup.

When the tool has finished running, you will see a message that indicates whether the computer was infected by variants of W32.Klez@mm and/or variants of W32.ElKern. If an infection was removed, the program displays the following results:
The total number of the scanned files
The number of deleted files
The number of repaired files
The number of viral processes terminated
The number of viral services deleted
The number of registry entries fixed</td></tr></table><span id='postcolor'>

Thanks Ken, Chris, and Laura. I used Norton AV 2002 and ran a scan. 2 infected files were found. I tried to repair them and they were unable to be repaired. The virus(es) were known to Norton and it was recommended that the files be deleted. So I have done so. Does that take care of the worm? Or will I have to use the tool you guys have provided? Thanks again.

<img src="http://www.faunaclassifieds.com/iB_html/non-cgi/emoticons/mad.gif" border="0" valign="absmiddle" alt=':angry:'> &nbsp; <img src="http://www.faunaclassifieds.com/iB_html/non-cgi/emoticons/mad.gif" border="0" valign="absmiddle" alt=':angry:'> &nbsp; <img src="http://www.faunaclassifieds.com/iB_html/non-cgi/emoticons/mad.gif" border="0" valign="absmiddle" alt=':angry:'>

Hey, &nbsp;I got the same immunity tool thing as well, it was just addressed from a different sender. &nbsp;It was from something like "reptilehouse" &nbsp;Or something. &nbsp;I can't quite remember as I deleted it as soon as I saw it. &nbsp;I had the virus infect my computer a few weeks ago and it was a mess! &nbsp;Stay clear, it's a mean one. &nbsp;Would'nt you like to find the people that make these viruses and like cut their fingers off or something??? &nbsp;Viruses are such a violation to one's self. &nbsp;UGHHH!

As of this posting, my system appears to be clean and virus free. Knock on wood- Tap,tap,tap... I just wanted to say thanks to those of you who helped and provided me with the necessary worm removal tools. Again, thank you. &nbsp;<img src="http://www.faunaclassifieds.com/iB_html/non-cgi/emoticons/smile.gif" border="0" valign="absmiddle" alt=':)'>