Hi Groups! Just wanted to pass this bit of information along...today, Friday, July 12, 2002, I received what APPEARED to be some sort official email from www.kapirsky.com Kapirsky Antivirus, with an attachment in MIME Base 64 format of a file named INSTALL.EXE. The email said this was a W32.Klez.mm remover tool for antivirus. Note--- I have NEVER used anitivirus from Kapirsky, so how they got one of my more obscure email addresses is kind of interesting too. OK, enough prelims, the file is NOT a removal tool, but instead is the actual W32.Klez.h@mm Outlook Worm! My use of DOS Internet and operating systems prevented any infection. My email address MAY have been "harvested" from one of these lists, more likely the original SurvPC list. So, to summarize, if you receive ANY email from what on the surface appears to be a legitimate source, BE CAREFUL...read the headers of the email if possible, as that gives clues as to its origin. Anyway, I did "decode" the Mime 64 attachment using a command line tool, FCode (my favorite for this by the way, it also handles UUE and XXE!), then ran a scan using Norton AntiVirus 4 for Win3/DOS and confirmed it was indeed infected with Klez. If anyone needs FCode, let me know, I can put it up on the web for download! C U L8R! Wiz <{;-) Wizard57M Glenn Gilbreath Jr. http:[EMAIL PROTECTED]/index.htm -- DOS Internet, Close Windows and Keep the Internet Open! --
-- Arachne V1.62, NON-COMMERCIAL copy, http://arachne.cz/ To unsubscribe from SURVPC send a message to [EMAIL PROTECTED] with unsubscribe SURVPC in the body of the message. Also, trim this footer from any quoted replies. More info can be found at; http://www.softcon.com/archives/SURVPC.html