Hello Listers I have copied this warning from Karen Hills Kent rootsweb, so please take note. This one could be nasty. I have put what seem to be the most important points below but full information available at www.symantec.com . If you use IE5 or 5.5 then you may need the patch...location mentioned below. PLEASE be vigilant W32.Klez.H@mm Discovered on: April 17, 2002 Last Updated on: April 17, 2002 at 03:05:14 PM PDT Due to an increased number of submissions, this threat has been upgraded to Category 3. W32.Klez.H@mm is a modified variant of the worm W32.Klez.E@mm. This variant is capable of spreading by email and network shares. It is also capable of infecting files. Type: Worm Subject of email: Random Name of attachment: Random The worm attempts to disable on-access virus scanners and some previously distributed worms (such as W32.Nimda and CodeRed) by stopping any active processes. The worm removes the startup registry keys used by antivirus products and deletes checksum database files Local and Network Drive copying: The worm copies itself to local, mapped, and network drives as: A random file name that has a double extension. For example, Filename.txt.exe. A .rar archive that has a double extension. For example, Filename.txt.rar. This worm searches the Windows address book, the ICQ database, and local files for email addresses. The worm sends an email message to these addresses with itself as an attachment. The worm contains its own SMTP engine and attempts to guess at available SMTP servers. The subject line, message bodies, and attachment file names are random. The >From address is randomly-chosen from email addresses that the worm finds on the infected computer. The worm will search files that have the following extensions for email addresses: mp8 .exe .scr .pif .bat .txt .htm .html .wab .asp .doc .rtf .xls .jpg .cpp .pas .mpg .mpeg .bak .mp3 .pdf The email message that this worms sends is composed of "random" strings. The subject can be one of the following: Undeliverable mail--"[Random word]" Returned mail--"[Random word]" a [Random word] [Random word] game a [Random word] [Random word] tool a [Random word] [Random word] website a [Random word] [Random word] patch [Random word] removal tools how are you let's be friends darling so cool a flash,enjoy it your password honey some questions please try again welcome to my hometown the Garden of Eden introduction on ADSL meeting notice questionnaire congratulations sos! japanese girl VS playboy look,my beautiful girl friend eager to see you spice girls' vocal concert japanese lass' sexy pictures The random word will be one of the following: new funny nice humour excite good powful WinXP IE 6.0 W32.Elkern W32.Klez.E Symantec Mcafee F-Secure Sophos Trendmicro Kaspersky The body of the email message is random. If the message is opened in an unpatched version of Microsoft Outlook or Outlook Express, the attachment may be automatically executed. Information about this vulnerability and a patch are available at http://www.microsoft.com/technet/security/bulletin/MS01-020.asp PLEASE DO NOT OPEN ANY ATTACHMENTS. PLEASE DO YOUR WEEKLY BACKUPS AND KEEP YOUR ANTIVIRUS PROTECTION UP TO DATE. Regards Barbara Mallyon Basingstoke, Hants, UK BarbaraMallyon@lewmal.co.uk Listowner