I got an AVG warning this AM that AVG found I.Worm/Klez.H in one of my ArGoSoft mail server files. However, when I tried to send the infected file to the Vault, I got the message that it could not be done. What should I do now? I ran another virus scan, and I did not get the message another time, nor could I find any trace of the file that that was found the first time, neither on the PC that got the message, nor the client PC that seemingly received the infected email.

I can't remember if KLEZ damages your AV program and stops it from working. You have to download and run a tool from http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.h@mm.html There is also more info here on this blighter.

If you have not seen my earlier post..... HOW NOT TO SPREAD A "WORM" Since the Badtrans worm is at it again, even more epidemic than the previous release, I thought the following tip VERY TIMELY. This is not a silver bullet but will help you to avoid spreading a virus to others in your address book. Here's a computer trick today that's very important and ingenious in its simplicity. As you may know, when/if a worm virus gets into your computer it heads straight for your email address book and sends itself to everyone in there, thus infecting all your friends and associates. This trick won't keep the virus from getting into your computer, but it will stop it from using your address book to spread further, and it will alert you to the fact that the worm attacked your system. First, open your address book and click on "new contact" just as you would do if you were adding a new friend to your list of email addresses. In the window where you would type your friend's first name type in AAA!000 In the window below where it prompts you to enter the new email address, type in "WormAlert," which of course, isn't a real email address. Then complete everything by clicking Add and OK. Now, here's what you've done and why it works: the "name" AAA!000 will be placed at the top of your address book as entry #1. This will be where the worm will start in an effort to send itself to all your friends. But when it tries to send itself to AAA!000 , it will be undeliverable because of the phony email address you entered (WormAlert). If the first attempt fails (which it will because of the phony address), the worm goes no further and your contacts will not be infected. Here's the second great advantage of this method: if an email cannot be delivered, you will be notified of this in your InBox almost immediately. Hence, if you ever get an e-mail telling you that an email addressed to WormAlert could not be delivered, you know right away that you have the worm virus in your system. You can then take steps to get rid of it! Even if the above trick does not work it will do no harm.

Before doing the above, read here: http://antivirus.about.com/library/weekly/aa082801b.htm Lesley

Response Number 2 is from an old E-mail sent to me after I received a virus via an E-mail attachment. I have this false addy in my address book, but I still never open any download or attachment without Norton checking it first. Did anyone have this in their address book and then get a virus ? Did it alert to the infection ? I expect with a firewall configured to request permission for Outlook Express to access the net, this would be the first indication of such auto-mailing, except in the case of....new viruses bypassing the mail client altogether and using their own SMTP. This latter I did not know of.

I run AVG and it has automatically dumped the KLEZ virus into the quarantine box by itself once it scans , you then have the option of deleting the file once it's in there . Have eliminated Klez twice now before anything happened , not really sure happened in your case . I would also turn on heuristics if not already on in the control center .