I have 3 PC in network. They run Outlook 5.0 and 6.0.  One of them (I
assume)
sends a virus to itself via email. Since the 3 are networked, they all
get them.
It does not appear in the sent box that I know of.

My user name is pendleto  and that is how they appear as to from where
they originated. When I right click to look at their properties, it is
my email address.They all come with a "paper clip" that there is an
attachment.

The subject lines are different, but by now (I have weeks seeing them)
are the same, though many different.

A special humour game
Let's be friends
How are you
Spice girls' vocal concert

to name 4 examples. 

The attachments are: picacu.exe (89.6 KB)
top[1].scr (95.6KB) top[1].jpg (15.2KB)
top[1].pif(92.9KB) top[1].jpg (15.2KB)
top[1].scr(91.4) top[1].jpg (15.2KB)

Those are 4 recent examples. 

What do I do to find and remove this virus?

I have McAfee antivirus on all 3 PC's and have done
various scans for viruses but this one hangs on. 

Thanks.
John

Hello pendelton,

Sounds like you have the pesky KLEZ worm. This is a mass email worm
that
spreads through email and is considered destructive.

Rest assured there are a few ways to remove this virus. The first that
I recommend involves downloading the KLEZ removal tool from Symantec.
It removes all variants of the worm, and innoculates files to prevent
re-infection. You can download this free removal tool below :

KLEZ Removal tool from Symantec.com
http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.removal.tool.html

Secondly, if you do not want to download the file, you can go to
TrendMicro for a free online virus scan. It does require registration,
but it is free. You can view this option here:

TrendMicro HouseCall Virus Scan
http://housecall.trendmicro.com

I do not personally recommend a manual removal of this worm. There are
too many variants of it, and we are sure to miss something critical.

I didn't use a search strategy to find these sources, as I use them on
a continual basis. In the future should you get a wierd feeling about
an attachment, you can simply type the name of the attachment into
Google, and see if there are bad things associated with it, such as a
virus.

I hope this answers your question. If you find for some reason that
the KLEZ worm was not the cause, please ask for clarification before
rating this answer, and I would be glad to be of further assistance.

Thanks for the question!
SgtCory

Well, I guess you get a 5 star. I know that sounds like I am a bit
reluctant.
I am. However, something we finally did made that self-sending virus
to quit sending. Took some work, but we licked it. Thanks for working
with me.
God bless you to know and do His will!
John P.

Dear pendleton,

There is also a possibility that the infected emails are not
originating on your computers. W32.Klez has the ability to spoof the
sender's address. You should be able to confirm from the full email
header if the email actually originated on your system, either by
detecting another email address or by checking the IP where the email
originated.

As I have a popular website, I receive "returned" emails on a regular
basis which were spoofed from my email address. Today, I received an
automated response from Microsoft's customer support, indicating that
they had received "my" inquiry, reciting an email header that was
obviously created by Klez. Do make sure that your own system is not
infected, but if virus checks show your network to be clean, consider
this as another possibility.

For more information, see the McAfee Security website:
http://vil.nai.com/vil/content/v_99367.htm

Good luck,

- expertlaw

Great point.

The question was, "How to get this virus off my pc?". Leaving a worm
on your
computer is no way to go. Manually removing all the files just doesn't
cover
all of our tracks. So, the only way to go is from the inside out. I
wouldn't
assume the problem is on the outside, unless I have eliminated all
inside
variables first, which in this case we have not done yet. Once you
give your PC a clean bill of health, we can start looking elsewhere.

Thanks
SgtCory

Perhaps have a look at the email headers to see if you really did send
it (your isp will probably show up as origin if you did) -
I use outlook express and have turned preview off - I then 
right-click on the email subject, propeties and see the headers - If I
suspect a virus I can see the raw email in there too and see if it has
weird attachements too...

I did the clean up from Norton for the Klez worm. Nothing there. but
the
self sending continues.

What else to do?  Now it it coming up with new "Subject" names so that
I can't just block the sending email.

Thanks 
JohnP:

pendleton,

The files you listed are definitely associated with with the KLEZ
worm. Here is a free email program I recommend that you try. It will
block all worms such as these :

AV Email program
http://www.grisoft.com/html/us_downl.htm#FREE

Let me know how well it works for you. I have been using it for
sometime now, with great sucess.

Thanks
SgtCory

Thanks for the idea but it won´t work. I have 3 pC's networked and
they will only allow one PC..

John  :o(

Pendleton,

Try a manual removal of the KLEZ worm. If this does not work, I
suggest that the source of the email may indeed be external as stated
in the comments. I just wanted to give your PC a clean bill of health
first.

Here is the manual removal instructions - You will need to follow them
exactly as written. We can not be responsible for any damages, but it
seems like you really need to give your PC one good last check -

Start with number 2 (Restart the computer in Safe mode)
 
Manual Removal Instructions
http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.h@mm.html#removalinstructions


I also suggest using the free AV mail program on at least one
computers then, so we can see if these emails are external.

Good luck and let me know how it goes -

SgtCory