Bob...
no, it's probably not the Klez... but rather a newer variant that was discovered on 8/18. We have been fighting it for two days now...
It is called the W32.SoBig.F virus.
It is a mass-mailing, network-aware worm that sends itself to all the email addresses it finds in the files on your system that have the following extensions:
.dbx
.eml
.hlp
.htm
.html
.mht
.wab
.txt
Which means all your e-mail files, your address book and any saved web pages or cache.
You catch it from an e-mail that has the following Subject line:
Re: Details
Re: Approved
Re: Re: My details
Re: Thank you!
Re: That movie
Re: Wicked screensaver
Re: Your application
Thank you!
Your details
The message usually says:
See the attached file for details
Please see the attached file for details.
And there is always an attachment, which may have one of the following names:
your_document.pif
document_all.pif
thank_you.pif
your_details.pif
details.pif
document_9446.pif
application.pif
wicked_scr.scr
movie0045.pif
If people start complaining that you sent them e-mails, or your inbox is full of bounced messages... you might have it, or, like Klez, someone who has it has your e-mail address on their system.
If you think you have it, a
Quick Removal Tool can be downloaded here. Just download to your desktop and double-click to run.
More info on the tool
is here.
More info on the worm
is here.