[XviD-devel] Someone has a virus
Christoph Lampert
chl at math.uni-bonn.de
Tue Feb 11 14:55:36 CET 2003
Hi,
somebody connected to XVID seems to have a W32/Klez.h virus,
maybe he recognizes himself from this description. My first
assumption is:
T-Online user, IP at Tuesday, 11th, 14:50 is 217.81.4.170,
Maybe some connection to maxhost.de ?
Must have the XVID file changelog.txt on his disk (22591 bytes).
I just got an e-mail from him with header:
Received: from [62.67.195.155] (helo=max1.maxhost.de)
by mx09.web.de with esmtp (WEB.DE(Exim) 4.95 #31)
id 18iaYY-0005Vc-00
for gruel at web.de; Tue, 11 Feb 2003 14:34:38 +0100
Received: from Zplzbkib (pD95104AA.dip.t-dialin.net [217.81.4.170])
by max1.maxhost.de (Postfix) with SMTP id 69C2F443063
for <gruel at web.de>; Tue, 11 Feb 2003 14:32:16 +0100 (CET)
Information on Klez.h (in german) is available at
http://www.tu-berlin.de/www/software/virus/aktuell.shtml
(see "April 2002")
You can detect it from existence of files
Wqk.exe und Wink????.exe in \Windows\System[32]\
Antivirus e.g. at
http://www.symantec.com/avcenter/venc/data/w32.klez.removal.tool.html
Home that stops it.
gruel
More information about the XviD-devel
mailing list