Hello. I'm currently using a Yahoo account for my e-mail. Lately I've been having a peculiar problem. I've been receiving completely blank e-mails. Some of them from people I have e-mailed before, and others from complete strangers. However, they do have subjects. I usually get the same ones over and over. The most common subject is, "ACCESSKEY." Not to mention that I also get e-mails saying things such as:

"This is my new game
It is a brand new excite game
I do hope you enjoying it"

They sound a whole lot like worms, but they have no attachment that could cause it. I checked with some of the people that I know that had sent an e-mail like this, but they said that they never did. My brother has Yahoo too, and he gets the same type of e-mails. If anyone knows if these could possibly be a threat, I'd appreciate it a lot. Thanks.

-CYANiDEtk

Sounds a lot like Klez: http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.h@mm.html#technicaldetails

I would be very, very careful indeed, despite the fact there seems to be no attachment.

It probably is but maybe Yahoo disabled possibly infected attachments because all of these e-mails are blank. I wonder if I might be sending them to people as well, because the people sending them never downloaded the attachment and don't have any viruses. If anyone can come up with any further information I'd appreciate it.

If you're not infected yourself, there's nothing you can/need to do.

If you want to be certain, run an online scan at <a target="_blank" href=http://housecall.antivirus.com/pc_housecall/>Trend Micro HouseCall</a>

One of the things that Klez does that makes it really hard to track down is when it sends the email out from the infected machine it selects at random a sender from the infected machine's address book rather than using the email address of the host. Sooooo someone could get an infected email that they think is from you but you don't have the virus ... but rather someone who has you in their address book does. Hope this makes sense.

some servers have AV that have the capability to intercept and delete or clean an infected file before passing to you.

I know Trend has that capability because I recently recd. notification from them about an infected fiel from another user and then subsequently recd. the 'clean file' and it was blank.

believe Yahoo uses AVG commercial version and if you want to develop this why not write to them @
www.grisoft.com and ask?

David Williams

Hi CYANKiDEtk,

I'm not sure if you are still reading this thread since you havent posted since May, but here's my 2 cents.

what you are descibing is not Yahoo. I have my email with sbcglobal and i have been getting exactly the same kind of messages lately. i installed Norton Antivirus and did a scan and it found almost 3000 infected files. they were all in C:\windows\temp\sys32 and infected with W32.Benjamin.Worm. i deleted that entire directory and most of the emails suddenly stopped(i was getting around 5 or 6 of these emails every day! now its down to 1 a day at most).

Of the emails that i do get now, some are infected with Klez and i quarantine them with norton as soon as they arrive and i have no problems. before i did all this in addition to me getting these emails i had some friends tell me they recieved emails like this from me which i never sent and also returned mail saying that i sent out these emails to addresses which i never heard of.

Search your computer to see if C:\windows\temp\sys32 exists and if it does, delete it and your problems should stop. also install AV software and that should keep your computer virus free

I just happened to be checking back to these forums and saw your message. I don't have any folder with the name you described. In fact I clean out my temporary internet files every week or so to keep pop up ads away and for several other reasons. But I am still receiving these e-mails and most are from people I know. I have no idea what else could be causing this so I'm guessing that they were intercepted and cleaned. Thanks for the advice and the reply.

After my last post I started reading up on these viruses and I found out that what I had were 2 totally different worms. Klez and Benjamin.

Klez is what is causing the emails and Benjamin targets KaZaA users and that is the worm that creates the sys32 folder, so that has nothing to do with the emails.

The best way to remove Klez is with an up-to-date AV scanner. The problem with that is that Klez also messes around with norton and somehow disables the scanning (I think). After running a scan on my system, Klez never showed up, it has somehow disabled norton from getting definition updates, and I am still getting those emails, most of them now are returned mails with the virus as an attachment (which norton detects as the email is coming in).

Try this program: http://www.sarc.com/avcenter/venc/data/w32.klez.removal.tool.html

I decided that since a lot of other things are messed up on my computer I'm just going to reformat my hard drive. Hopefully that will stop the emails.