Dear All: A new level 3 Virus Alert was issued this week by most of the Major Anti Virus Test Sites and Software Programs The names of the virus will vary but it is generally a form of W32.Klez.X@mm. There is a couple of clever things that this virus does that makes it deceptive. While you will not get the virus from Rootsweb you may well get a email from a subscriber or a friend that you have corresponded with and it will look like a legit response to the email or post that you made. The Virus has two files attached. One will have a random file from the sending computer and the other will be the virus with a double extension with ******.txt.exe etc. So it appears to be a real and innocent attachment. As a result, the email message would have 2 attachments, the first being the worm and the second being the randomly-selected file with a "normal" extensions such as *.doc or *.txt etc Payload and Damage: This worm infects executables by creating a hidden copy of the original host file and then overwriting the original file with itself. The hidden copy is encrypted, but contains no viral data. The name of the hidden file is the same as the original file, but with a random extension. Large scale e-mailing: This worm searches the Windows address book, the ICQ database, and local files for email addresses. The worm sends an email message to these addresses with itself as an attachment. Releases confidential info: Worm randomly chooses a file from the machine to send along with the worm to recipients. So files with the extensions: ".mp8" or ".txt" or ".htm" or ".html" or ".wab" or ".asp" or ".doc" or ".rtf" or ".xls" or ".jpg" or ".cpp" or ".pas" or ".mpg" or ".mpeg" or ".bak" or ".mp3" or ".pdf" would be attached to e-mail messages along with the viral attachment All the normal reference sites are carrying details on how to remove if you do get infected and more technical details on how to identify the incoming virus. Please do not create any posts on the mailing lists. Best Regards John A Hansen List Admin