Guest guest Posted July 9, 2002 Report Share Posted July 9, 2002 Jai Guru Datta Hello Datta Family Members! I have recd recently 3 emails. 1.accounts sub:Rename old file 2.chandroos sub:Please try again 3.prasad sub: a humour game On inspection about the nature and origin of these emails,I found out that they are from dattapeetham server,or routed thru it.And president_dgbs@dattapeetham also is mentioned as return path. All these contain attachments. The 3rd one says, its a humour game and I am the first player,it says., but with my financial and debts burden,I am in no mood for humour,though some laughs will help. I request others,if they have recd similar emails,or is there someone who has sent them?Please reply only if concerned.Others kindly excuse me. Jai Guru Datta Quote Link to comment Share on other sites More sharing options...
Guest guest Posted July 10, 2002 Report Share Posted July 10, 2002 Jaya Guru Datta, I´ve found out the following: Go to: www.sophos.com/virusinfo/topten/ and click on the first one of the ten You´ll get the exact description of the virus or worm. It creates headlines like: how are you let's be friends darling so cool a flash,enjoy it your password honey some questions please try again welcome to my hometown the Garden of Eden introduction on ADSL meeting notice questionnaire congratulations Sos! japanese girl VS playboy look,my beautiful girl friend eager to see you spice girls' vocal concert japanese lass' sexy pictures Undeliverable mail -- Returned mail -- I for instance got one "How are you" and one "Japanese lass´sexy pictures" allegedly sent from or routed through dattapeetham.com. A rope that appears to be a snake! Sri Guru Datta Carolin Quote Link to comment Share on other sites More sharing options...
Guest guest Posted July 10, 2002 Report Share Posted July 10, 2002 Jaya Guru Datta, the virus or worm may even fake to come from a well-known antivirus software company and to help you detect and delete a virus. Whereas in reality it will attempt to destroy the antivirus software you have on your computer: (from: www.sophos.com/virusinfo/topten/): "Message text: The message text is randomly composed by the worm, and may be left blank. If the subject line is "Worm Klez.E immunity", then the message text is "Klez.E is the most common world-wide spreading worm. It's very dangerous by corrupting your files. Because of its very smart stealth and anti-anti-virus technic,most common AV software can't detect or clean it. We developed this free immunity tool to defeat the malicious virus. You only need to run this tool once,and then Klez will never come into your PC. NOTE: Because this tool acts as a fake Klez to fool the real worm,some AV monitor maybe cry when you run it. If so,Ignore the warning,and select 'continue'. If you have any question,please mail to me." (By ignoring the warning you do get the worm!) Attached file: Randomly named with the extension PIF, SCR, EXE or BAT. Because the worm uses its own SMTP engine, the message may appear to come from any email address. Some of the messages will have a "" field and message text which imply that the message was sent by a major anti-virus vendor (namely Kaspersky, F-Secure, Sophos, Symantec and Trend Micro). ....!!!!!!!!! W32/Klez-H attempts to disable several anti-virus software products and to delete some anti-virus related files. ...." !!!!!!!!!! In addition to that the worm may disclose confidential data from the computer,not only taken from emails: "When sending email, W32/Klez-H may attach a randomly chosen file from the infected computer with the extension TXT, HTM, HTML, WAB, ASP, DOC, RTF, XLS, JPG, CPP, C, PAS, MPG, MPEG, BAK, MP3, or PDF. This means that the worm may cause the disclosure of confidential company data. " Scroll down to the removal help. I will wait for someone more versed in computers than I am for helping me with the removal ... Sri Guru Datta Carolin Heiss Quote Link to comment Share on other sites More sharing options...
Guest guest Posted July 10, 2002 Report Share Posted July 10, 2002 Jaya Guru Datta, I myself couldn´t find any such virus/worm on my computer, I haven´t found any file called: wink..... .exe (See www.sophos.com/virusinfo/analyses/w32klezh.html: "W32/Klez-H copies itself into the Windows system directory with a random filename. The filename begins with the characters "wink" and has the extension EXE. " So someone else must have had several dattapeetham.com email addresses as well as your email address, my email address, and maybe others´ addresses stored on his computer harddisc that has got infected with the worm by opening of an attachment: "The worm searches for email addresses in the Windows address book and also in files with the extensions TXT, HTM, HTML, WAB, ASP, DOC, RTF, XLS, JPG, CPP, C, PAS, MPG, MPEG, BAK, MP3 and PDF. " Sri Guru Datta, Carolin Heiss Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You are posting as a guest. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.