From: Bruce Markowitz (scosgt_at_worldnet.att.net)
Date: Fri Dec 20 2002 - 23:19:05 EST
It is NOT infected just because the file exists. You need to run the exe to
get the infection
----- Original Message -----
From: "Dr. Jeffrey Race" <jrace_at_attglobal.net>
To: "David Ross" <ross_at_math.hawaii.edu>
Cc: "Thinkpad Users Group" <thinkpad_at_stderr.org>
Sent: Friday, December 20, 2002 10:20 PM
Subject: Re: [Thinkpad] OT: Mercy mission
> On Fri, 20 Dec 2002 09:40:12 -1000, David Ross wrote:
> > This is actually an unusual situation, in that with modern worms that
> spoof the email FROM: field one cannot usually identify the infected
> machine.
>
> It was just an accident that I recognized the source: I recognized the
> rDNS of the IP address to which I had connected his machine.
>
> Thanks to all for your help. It is KLEZ.H and he is on his way to
> a computer shop for disinfection. (He has a PhD and was formerly
> chairman of a bank, but as for computers, he is the perfect "point
> and drool" user. I do not dare do it myself as the Trend Micro
> disinfection routine specifies to modify the Registry. I have never
> done this.)
>
> Jeffrey Race
>
This archive was generated by hypermail 2.1.3 : Thu Jan 23 2003 - 09:59:45 EST