1. Welcome to PlowSite. Notice a fresh look and new features? It’s now easier to share photos and videos, find popular topics fast, and enjoy expanded user profiles. If you have any questions, click HELP at the top or bottom of any page, or send an email to help@plowsite.com. We welcome your feedback.

    Dismiss Notice

Subject: Do not remove this copyright notice

Discussion in 'Commercial Snow Removal' started by thelawnguy, Apr 26, 2002.

  1. thelawnguy

    thelawnguy PlowSite.com Addict
    Messages: 1,011

    Do not open any e-mail with this header as it contains a trojan (virus). The tricky part is that the return e-mail is from a well-respected LawnSite/PlowSite moderator...
    Last edited: Apr 26, 2002
  2. Chuck Smith

    Chuck Smith 2000 Club Member
    from NJ
    Messages: 2,317

    Well, it's me....

    I ASSURE YOU I am not sending any viruses out. I posted in the plowing discussion this is a nasty virus, that forges headers. I just had it mailed to "me", by "myself".

    drfplumbing sent it to me. Then, the virus forged my e mail address, and sent it to websitedesign@snowplowing-contractors.com, which is auto forwarded to my AOL address.

    It just pisses me off that people can't take the time to update their virus protection!! :mad:

    From what I can figure, the virus snagged my e mail addresses off my web sites. I have gotten this sent to me at least 15 times in the past week, to my "webmaster@" addresses, and my AOL address. I just tried to forward it to TOS Files@aol.com, and their mailbox is full (of this virus I am sure) :mad: :mad: :mad:


    Subj: Worm Klez.E immunity
    Date: 4/26/02 12:04:46 PM Eastern Daylight Time
    From: csmith669@aol.com (csmith669)
    To: websitedesign@snowplowing-contractors.com

    File: border.zip (62292 bytes)
    DL Time (49333 bps): < 1 minute


    Klez.E is the most common world-wide spreading worm.It's very dangerous by corrupting your files.
    Because of its very smart stealth and anti-anti-virus technic,most common AV software can't detect or clean it.
    We developed this free immunity tool to defeat the malicious virus.
    You only need to run this tool once,and then Klez will never come into your PC.
    NOTE: Because this tool acts as a fake Klez to fool the real worm,some AV monitor maybe cry when you run it.
    If so,Ignore the warning,and select 'continue'.
    If you have any question,please mail to me.

    ----------------------- Headers --------------------------------
    Return-Path: drfplumbing@prodigy.net
    Received: from rly-xa02.mx.aol.com (rly-xa02.mail.aol.com []) by air-xa05.mail.aol.com (v84.16) with ESMTP id MAILINXA54-0426120446; Fri, 26 Apr 2002 12:04:46 -0400
    Received: from secure29.schmolie.com (secure29.schmolie.com []) by rly-xa02.mx.aol.com (v84.10) with ESMTP id MAILRELAYINXA29-0426120403; Fri, 26 Apr 2002 12:04:04 -0400
    Received: from pimout2-int.prodigy.net (pimout2-ext.prodigy.net [])
    by secure29.schmolie.com (8.10.2/8.10.2) with ESMTP id g3QG3O210544
    for websitedesign@snowplowing-contractors.com; Fri, 26 Apr 2002 09:03:24 -0700
    Received: from Wudb (dialup- [])
    by pimout2-int.prodigy.net (8.11.0/8.11.0) with SMTP id g3QG3Oh226912
    for websitedesign@snowplowing-contractors.com; Fri, 26 Apr 2002 12:03:24 -0400
    Date: Fri, 26 Apr 2002 12:03:24 -0400
    Message-Id: 200204261603.g3QG3Oh226912@pimout2-int.prodigy.net

    From: csmith669 (csmith669@aol.com)
    To: websitedesign@snowplowing-contractors.com
    Subject: Worm Klez.E immunity
    MIME-Version: 1.0
    Content-Type: multipart/alternative;
  3. nsmilligan

    nsmilligan PlowSite.com Veteran
    Messages: 704


    This virus is spreading FAST! I had it mailed to me 6 times in the last 3 days, and our office had 6 infected e-mails this morning!
    One of our webmail services hasn't been able to catch in their filtrers. Make sure your virus protection is up to date!
  4. Chuck Smith

    Chuck Smith 2000 Club Member
    from NJ
    Messages: 2,317

    In all the above e mails of the virus in the other thread I started, I masked the actual senders e mail address. NOT THIS TIME.

    This is why it is important to read the HEADERS. You can clearly see the above virus was actually sent by drfplumbing@prodigy.net

    If you don't see my classic signature, the e mail DID NOT come from me. For those of you who have not seen my sig, no matter what, I always sign my posts and e mails "~Chuck" since 1997...


    Oh, and don't open any e mails with any attachment from "me" regardless of what the subject is, if it has an attachment.

    This (as I mentioned before) virus exploits a flaw in MICROSOFT OUTLOOK, that by inserting a simple code in the text of the message, it automatically downloads and runs the attachment without the person who is reading the mail knowing!!!

    Again, MICROSOFT realeased a patch to fix this flaw back in NOVEMBER 2001.

    IF you use Outlook, go update it! Also, in addition to updating your virus protection software, try and update windows as well. The update "link" is right on your START MENU....


    GRRRRRRRRRRRR :mad: :mad:
  5. Chuck Smith

    Chuck Smith 2000 Club Member
    from NJ
    Messages: 2,317

    I just got it sent to me again, from "a well respected moderator of Lawnsite/Plowsite" ....... Only it was a forged "from field" and the actual sender was the moderator.... which means his computer is infected.The headers match ever othere mail I have gotten from him in the past.

    You can read more about it here:


    Please people, update WINDOWS, and your virus protection programs!

    You can get the Microsoft Outlook patch here:


    IF you use Outlook, PLEASE download the patch!

    ~Chuck :mad: :mad:
  6. timm9

    timm9 Senior Member
    Messages: 168

    Most viruses that are targeted at Outlook are designed to enter your address book and then send e-mails with the virus not only from the address book but also from anyone that has sent you e-mails and anyone that is "cc'd in those e-mails. You can help the spread by going into your address book and adding a fake address like "AAAAA" so that it will halt in sending the first wave of outgoing forwards of the virus. This way even if you get it, it won't go after your friends and families. I have seen this work. The other thing you can do is get something other than Outlook and then uninstall Outlook Express.
  7. BRL

    BRL PlowSite.com - Veteran
    Messages: 1,277

    The "fix" that timm9 mentions only works on very few virus types. Most viruses, worms & trojans will still work around that perceived security measure. I don't have time right now to find & post the link that explains it, but trust me on this one. I have sent the link to Chuck & maybe he has it handy & can post it. This Klez virus has been around for a long time, so it is really funny that anyone would actually get it now, as the patches & virus protection updates to avoid it have been out for a long time. Oh well.