If <print> does not work on this page;
You can hi-lite the text on this page with your mouse, copy - paste it into text
Text only page
----- THE KLEZ WORM-VIRUS -----
How to recognize, avoid and get rid of it
The following images are of the Klez worm-virus sitting in an email. Different email programs will appear differently, ...but these images should provide ample insight to identify Klez in email. This page only addresses worms / viruses sent in email. The most important thing to remember is that you CANNOT be infected with an email worm / virus unless you initiate / click-on the executable program file that comes as an <attachment> to the email. See details below each image on this page. ----- Info about IE / Outlook is listed later herein.
IMAGE 1: YOUR FIRST VIEW OF KLEZ.
THE BAIT: (A) You receive an email from someone you recognize (or maybe not recognize), and; (B) You recognize the subject ... (or maybe not recognize the subject). The subject will in most cases be one you've discussed with the sender named (and thus why your name is in the sender's address book), or will otherwise be enticing to get you to click on the <attachments> (D). HAVING AN ATTACHMENT ICON (C) SHOULD BE THE FIRST ALARM THAT RINGS IN YOUR HEAD. Clicking on the attachment notice icon (C) will reveal the icons for the attached files (D) WHICH YOU SHOULD NEVER CLICK ON. You can notice that one of the attached files (D.a) is an executable program ... which is the virus, and which will launch ONLY if you click on it, ...or it can launch automatically IF (1) You use IE 5.1 or 5.5 browser and haven't corrected a faulty quirk in it AND (2) You use Outlook email progrm AND (3) You have your <email options> set to <automatically open attachments for review>, which is the same thing as clicking on ANY / ALL attachments (Duhhhhhhhh). ----- Another good indicator that attachment D.a might be a klez worm-virus is that the attached file (D.a) will be between 65-125K in size, ...most often around +/- 100K for newer versions.
The executable file attachment (D.a.) is the worm-virus, which sends a copy of itself to everyone on your email list, and then plants a virus to destroy your files to erase it's tracks. TIP: If you create a <new contact> in your address book named something like "klezalarm" and give it your own email address, ...then if klez infects you it will send you a copy of itself along with everyone else in your address book ... so you can know if/when you mess up and get infected ... if your computer doesn't crash first, which it QUITE LIKELY WILL if you don't take immediate corrective measures listed in the links below (a good reason to keep the links handy)!
There is also some info published, that the image file attachment (D.b.) can contain embedded text that acts as an application file for the worm, giving customized instructions including where to send files it randomly mined from your computer, which could be very private files.
Klez is also prolific due to a human deformity where the brain cavity has very little brain matter and is filled with large intestine. Some of those deformed people receive a virus in their email, notice it and deliberately send it to others.
You can also view the virus attachments by clicking-on / opening the email in the email list (A & B above); In which case you will get the following view:
IMAGE 2; THE EMAIL OPENED.
IMAGE 3; THE EMAIL'S PROPERTIES MESSAGE SOURCE.
FOR INTERMEDIATE & ADVANCED COMPUTER USERS ; See explanations below this image. This is an image of the maximized window of the email <properties> <message source>.
(A) If klez sent itself to you from another infected computer, then this <from> entry will likely be forged by klez as will a different <from> address listed at (C). If (A) and (C) BOTH match, it is an indication that the virus COULD have been sent to you from that computer's operator and not by klez replicating from it.
(B) In the rare case of the virus being sent to you directly from an originator, this field can have forged data. When klez sends itself by replication, this field should be reliable.
(D This <to> entry should be reliable.
FOOTNOTE WARNING: Klez is also being sent in emails FORGED to look EXACTLY like a <returned-undeliverable> email. As you open the email's envelope icons, you will still see the same attachment set-ups shown above. THE EXECUTABLE FILE IS STILL THE POISON TO AVOID.
SEE LINKS ON IMAGE PAGE FOR TECH INFO.