July 29, 2002

GOOOOOD MORNING, A.I.I.....

It's a great day here in Orem, Utah! I took the last few days off and went fishing with the kids. It was great to get away. The fishing was lousy, but I now understand the deeper meaning of the license plate frame that says "My worst day of fishing is better than my best day of work." There is some truth to that. Nothing graced the hook on my lure, but it was very therapeutic to be at the lakes high in the mountains above Cedar City, Utah. Here in Utah we have a state holiday on the 24th of July to celebrate the arrival of the pioneers into Salt Lake valley. This event is celebrated with much of the same zeal as the 4th of July. This gives us one more opportunity to take time away from work and spend some time with the family.

The little puppy dog in the photo is our little Joey the toy poodle. You should have seen him chasing the birds and squirrels along the shorelines of Navajo Lake and Kolob Reservoir. He just plain wore himself out chasing after all of the wildlife. If you have never taken the time to visit the National parks of southern Utah, then you should schedule the time. The colors and rock formations are incredible and unlike anything else in the world. The kids loved exploring and fishing with Dad. I spent a majority of the fishing trip untangling lines and watching the kids learn to master the art of casting. Being a Dad with four amateur poles flinging hooks through the air can be a dangerous profession. There were moments of frustration and then there were moments of extreme satisfaction as they would successfully get their bait casted out onto the water.

ANTI-VIRUS PROTECTION

Coming back from a few days away from the computer left me with the challenge of picking up my e-mail. What a pain as the 350 e-mails had to be downloaded. I'm glad that the normal inspection babble on the Hotline was slower this past week. By picking up the e-mail all at one time I was faced with the obvious fact that several of the readers of the MMM are not virus protected. You have heard the chants about safe sex over the years, yet not enough has been said about safe e-mailing. While downloading my mail I was notified by my Norton anti-virus software that 6 different times I was being violated by a virus.

Please heed the following warning. If you do not have current anti-virus software installed on you machine, then you are a hazard to us all. The software costs less than $50 per year and can save us each thousands of dollars in lost man hours to fix our infected machines. Think back to the late 60's through the early 80's when much of mankind was running around like little horndogs with the mantra of free love. They thought it was great and gave little thought that they could be impregnating the woman and/or spreading disease throughout society. If you do not have up to date anti-virus software enabled on your machine, then you are no better than the horndogs and you are a menace to our profession........ Was that direct enough?........ Can you tell that I am mad?........ If you are an offender to my warning, then are you man enough to change your ways?

Here are some questions that I would like you to answer?

What brand of Anti-virus software do you own?
When was it purchased?
When does it expire?
Is it set to automatically scan your incoming and outgoing e-mail?
When was the last time that you updated the virus definition scan codes?
When was the last time that you scanned your hard drive using the software?

If you do not know the answer to these questions, or if you are more than a week behind updating and scanning your hard drive, then you are a public menace. If you infect my machine, then it could put me out of business for a day or more while I try to get my machine back up and running. The sad part is that you can be infected and not know it from your end. Many times the virus is designed to attach to your e-mail address book and randomly send out the virus to those in your book. Other times the virus will send out the e-mail and make it look like it was sent from somebody in your address book. In other words, the virus e-mail says "Hey Michael Leavitt gave you this destructive virus", yet it was actually sent out by Jim Corbin's machine. Therefore, if you are attacked by a virus don't assume that it came from the person who it is addressed from.

Virus' are evil and they change daily. Each week the anti-virus software firms come out with updates to identify and quarantine the latest attackers. This means that if it has been several weeks or months since yours was updated, then you are using the tools that can identify the old enemies. This also means that your machine will not be able to identify the new viruses and they can make it onto your machine unnoticed. Please note that I am screaming out this warning for all of you to get protected for the benefit of us as a whole. Personally I don't really care if you failed the test above or not as long as you change your ways today...... immediately....... for our benefit........ please take responsibility for your time spent with us online. Not doing so would be like inviting me over to dinner and I blatantly break all of your expensive china right in front of your eyes.

I know that many of you feel that you only use your machine for the AII Hotline and to read the MMM so why bother with the anti-virus software. As a relatively small time computer user you might find yourself feeling immune to the viruses that I have referred. This is far from the truth. You should not wait until a virus infects your machine before you invest in the protection. The majority of the virus protected MMM readers don't care much about your individual machine. Instead, they are concerned about their own machines. Our own personal computers have become the method of generating our income. Our fear is that your little computer will be the source of our own downfall. I can't strees with each of you enough that it is time for you to take personal responsibility............. Please!

SAD CONFESSION - About 3 months ago I finally gave up on my McAfee virus scan software. I was able to update it weekly, but was always troubled with not knowing if it was fully engaged or not. I would go in and tweak the settings but never knew if it found anything or not. It also never expired and this troubled me because I had it for 18 months and was never prompted to upgrade or give them more money. I would do the scans and it would rarely find anything. I would set it to scan my e-mail automatically and then I would go back in and the setting was not checked off. I always had an uneasy feeling about the software. To this day I don't know if it was working or not. This was irresponsible on my part and I have to cop out and blame the software just a bit. It never prompted me or notified me that it was doing anything except for the weekly scheduled hard drive scan.

Instead of staying on the McAfee bandwagon I decided to switch to the better known Norton software. I had heard good feedback about their software products and was being inundated with special offers for their packages. I was able to get one of their group packages for just $19.99 after all of the rebates and have been really happy.

Right from the start the user interface lets the user know what is going on. I visually see the software pop up that let's me know that each piece of mail that I send out is being scanned first. This step was missing from McAfee and this let's me know that I am sending out safe mail to all of you. I get notified when I receive a virus and it asks me what to do with the offending mail. Once again I know that the software is doing something. Updating the codes weekly is easy and setting the software to scan any of my drives is also easy. I recommend the Norton Anti-virus software without any reservations.

W32.Klez.h@mm VIRUS

The virus that I was repeatedly hit with upon returning home was another variation of the Klez virus. This is a destructive worm virus that is currently spreading maliciously throughout the globe. I went to the Norton site to find out more about how this virus operates. You can visit http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.h@mm.html for the full account.

REMOVAL TOOL - Symantec has provided a tool to remove infections of all known variants of W32.Klez and W32.ElKern. Click here to obtain the tool. This is the easiest way to remove these threats and should be tried first.

Note on W32.Klez.gen@mm detections: W32.Klez.gen@mm is a generic detection that detects variants of W32.Klez. Computers that are infected with W32.Klez.gen@mm have most likely been exposed to either W32.Klez.E@mm or W32.Klez.H@mm. If your computer is detected as infected with W32.Klez.gen@mm, download and run the tool. In most cases, the tool will be able to remove the infection.

Also Known As: W32/Klez.h@MM, WORM_KLEZ.H, W32/Klez-G, I-Worm.Klez.h, Klez.H, W32/Klez.H, Win32.Klez.H, WORM_KLEZ.I

Type: Worm

Systems Affected: Windows 95, Windows 98, Windows NT, Windows 2000, Windows XP, Windows Me

Systems Not Affected: Macintosh, Unix, Linux

RANK: WILD

Number of infections: More than 1000 (6 on Michael Leavitt's machine in the past couple of days)
Number of sites: More than 10
Geographical distribution: High
Threat containment: Moderate
Removal: Difficult
Threat Metrics
- Wild: High
- Damage: Medium
- Distribution: High

DAMAGE

Payload: This worm infects executables by creating a hidden copy of the original host file and then overwriting the original file with itself. The hidden copy is encrypted, but contains no viral data. The name of the hidden file is the same as the original file, but with a random extension.

Large scale e-mailing: This worm searches the Windows address book, the ICQ database, and local files for email addresses. The worm sends an email message to these addresses with itself as an attachment.

Releases confidential info: Worm randomly chooses a file from the machine to send along with the worm to recipients. So files with the extensions: ".mp8" or ".txt" or ".htm" or ".html" or ".wab" or ".asp" or ".doc" or ".rtf" or ".xls" or ".jpg" or ".cpp" or ".pas" or ".mpg" or ".mpeg" or ".bak" or ".mp3" or ".pdf" would be attached to e-mail messages along with the viral attachment.

DISTRIBUTION

Subject of email: Random

Name of attachment: Random

EMAIL SPOOFING

This worm often uses a technique known as "spoofing." When it performs its email routine. It can use a randomly chosen address that it finds on an infected computer as the "From:" address, numerous cases have been reported in which users of uninfected computers received complaints that they sent an infected message to someone else.

For example, Linda Anderson is using a computer that is infected with W32.Klez.H@mm. Linda is not using a antivirus program or does not have current virus definitions. When W32.Klez.H@mm performs its emailing routine, it finds the email address of Harold Logan. It inserts Harold's email address into the "From:" portion of an infected message that it then sends to Janet Bishop. Janet then contacts Harold and complains that he sent her an infected message, but when Harold scans his computer, Norton AntiVirus does not find anything--as would be expected--because his computer is not infected.

If you are using a current version of Norton AntiVirus and have the most recent virus definitions, and a full system scan with Norton AntiVirus set to scan all files does not find anything, you can be confident that your computer is not infected with this worm.

There have been several reports that, in some cases, if you receive a message that the virus has sent using its own SMTP engine, the message appears to be a "postmaster bounce message" from your own domain. For example, if your email address is jsmith@anyplace.com, you could receive a message that appears to be from postmaster@anyplace.com, indicating that you attempted to send email and the attempt failed. If this is the false message that is sent by the virus, the attachment includes the virus itself. Of course, such attachments should not be opened.

The message may be disguised as an immunity tool. One version of this false message is as follows:

Klez.E is the most common world-wide spreading worm. It's very dangerous by corrupting your files. Because of its very smart stealth and anti-anti-virus technic,most common AV software can't detect or clean it.We developed this free immunity tool to defeat the malicious virus. You only need to run this tool once,and then Klez will never come into your PC.
NOTE: Because this tool acts as a fake Klez to fool the real worm,some AV monitor maybe cry when you run it. If so,Ignore the warning,and select 'continue'. If you have any question,please mail to me.

If the message is opened in an unpatched version of Microsoft Outlook or Outlook Express, the attachment may be automatically executed. Information about this vulnerability and a patch are available at

http://www.microsoft.com/technet/security/bulletin/MS01-020.asp

THE LONGEST DAY FEEDBACK

I think one of the strangest parts of working in this profession, or being self employed, is the fact that it is very easy to complain when you are too busy. Of course, when things are slow, it is even easier to complain. I hope we are all able to overcome this. Tim Walz - St. Paul, MN

We all learn to say NO at some point. You will know when that time is here !!! Robert Fischbach - Spokane WA

You're beyond crazy. I've added extra inspections under similar circumstances, but wouldn't even think of trying to do 4, much less 5 in one day, but most houses here have crawlspaces. When you have even 3 inspection in one day, why do you bother taking so many pictures. If you're cramming in an extra inspection (or 2 or 3), why not tell the agent that you'll have to cut out the frills to get the job done for him. I'm sure he and his clients would understand. Gary Holzbauer - Junction City, OR

GARAGE DOOR OPENER QUIZ

Gary Holzbauer responded.... Maybe we should send our questions about testing to the manufacturers and see what kind of response we get. If we use their recommended 2x4 test method and damage a $600 door, maybe they'll think twice about that recommendation. Gary Holzbauer - Junction City, OR

Maybe we can inspire Betty Buckley, as our Executive Director, to gather our thoughts and pass them along to Raynor, Genie, and Liftmaster.

PHOTO CHALLENGE #113 RESPONSES

What is this?

Yep, that's a water hammer thingy. Did you call the 240Volt wiring going to the water heater ?? Robert Fischbach - Spokane WA

I am with you. Shock absorber. Chris Burkhart - Sandy Ut

ANNUAL MEETING NEWS

Please mark your calendars and safeguard November 8018, 2002 to attend the Annual Meeting.

The American Institute of Inspectors

presents the

2002 Annual Meeting

WHEN: November 8-10, 2002

WHERE: Airport Holiday Inn - Portland, Oregon

Schedule of Events

..................	Friday, November 8, 2002
All Day	"Commercial Inspection Training" - Instructed by John Rebenstorff
	This class is being audited by the Education Committee for Certification. It is expected that those who attend this class will receive Certification by the American Institute of Inspectors in this specialty area.
All Day	"Mobile Home Inspection Training" - Instructed by Jim Lucas
	This class is being audited by the Education Committee for Certification. It is expected that those who attend this class will receive Certification by the American Institute of Inspectors in this specialty area.
Evening	Social Gathering
	Hospitality Reception, vendors, demonstrations, camaraderie, fun, socialize.
Evening	Board of Directors Meeting (A.I.I. members welcome)
	If you have anything you would like included on the agenda for the Board Meeting make sure it gets to the Executive Office 30 days prior to the Annual meeting (by Oct. 8th).
	Saturday, November 9, 2002
	"Update on 'The Mold Issue'" - presented by Mike Herzog
	Presented by Mike Herzog, Micro-biologist from Montana. Mike offered more information than most of us could absorb at our 2001 Spring Conference. He will be with us again and we've promised to allow him more time at this conference since this is still such a steaming hot topic and he had to cut some of his information short last time. Mike is extremely busy in his mold research, covering a territory that spans several states. I feel honored that he understands the importance of getting the information out to the home inspectors and will bring it to us.
	"The Role of Attic Ventilation - More Than Just Scary Stories From the Attic" - presented by Ron Hungarter
	Ron also attended his first A.I.I. conference in the Spring of 2001 as a guest speaker and presented "Scary Stories From the Attic" after being published in the Northwest Builder magazine. His extensive construction knowledge and experience have lead him to become an expert witness in court and for many insurance companies. Ron has developed several roofing tools to ensure correct roofing and ventilation installations leading him to be known as "The Helper of Roofers". As an expert Ron has witnessed the effects of mold growth due to incorrect roofing and ventilation installations. I am among the many inspectors who have consulted with Ron for additional information on my own inspections. As of our last conference in Reno, Nevada, Ron has also become an A.I.I. Certified Inspector Member.
	"Steep Slope Metal Roofing" presented by Todd Miller
	The focus will be on residential metal roofing which will go into vertical seam panels as well as shake, shingle and tile products. History of metal roofing, types of metal used, how metal roofs are produced, types of coatings, benefits, installation and inspection of metal roofs are on Todd's agenda. Although Todd is the President of Classic Products, Inc. he will offer a very generic presentation rather than product or brand specific. He has been referred to us as an expert in this field.
	SATURDAY BREAKOUT CLASSES
Morning	"Round Table Discussion for Office Support Staff" by Sarah Barten
	Sarah has put together a comprehensive agenda for the office support staff or for the one man business inspectors who do it all. This will be a great class to learn or brush up on your skills making your office more efficient. This is the stuff that makes the business flow smoothly. Watch for information on Sarah coming up on the Hotline. She would like to involve as many as possible. Plan on bringing your ideas about what works and what does not work or share with the others.
Afternoon	"Emailing Your Reports" presented by Brian Hannigan
	This class is not for everyone, some of our members are experienced in this topic and others haven't any interest. This class is designed for those who are comfortable with their computer knowledge and ready to take the step of emailing their reports for delivery

Evening	Banquet
	Banquet, awards dinners and entertainment. This is a time to honor our dignitaries and recognize the accomplishments of some special members of our association. I am still working on entertainment but am always open to your ideas or talents if you would like to be on the marquee.

	Sunday, November 10, 2002
	Sunday Morning Service
	For those who wish to attend. Minister and Certified Inspector, Greg Justice will present an early Sunday morning service. Greg has blessed us with a Sunday Morning Service at the two previous Annual Meetings. What a treat it has been to offer this as a special part of our Annual Meetings. I can't think of a better way to start our conference day.
	Electrical Evaluations - presented by Douglas Hansen
	When asked, well known, Featured Speaker , Douglas Hansen has said he would love to come to Portland to participate in the A.I.I. Annual Meeting. Author of several respected inspection books, Douglas is considered a Specialist on many topics. He will speak as an Electrical Specialist in the morning and return after lunch with another topic (TBA). I have seen Doug's name mentioned with high regard on the MMM and Hot Line many times. I have heard many inspectors reference and quote Doug Hansen at different seminars. I am so pleased to offer him as a Featured Speaker at our Annual Meeting. Bring all your perplexing scenarios for answers from the best.
	Meth Labs -How Do We Know? What Do We Do Speaker name TBA
	Electrical Outlet Efficiency Evaluations - presented by Michael Leavitt
	Earn added income by providing Electrical Outlet Efficiency Evaluations. Modern home electronics need outlets that are installed to approved specs. This course will teach the inspector how to use technically exhaustive gadgets and evaluate the condition of the outlets in the home. This service is a source of added revenue that has yet to be tapped by any industry. The course will provide Standards of Practice and protocols to perform the evaluations. Doug Hansen will participate in the instruction of this class with Michael. NOTE: This class is being audited by the Education Committee for Certification. It is expected that those who attend this class and pass the tests will receive Certification by the American Institute of Inspectors in this specialty area. All conference registrants are invited to attend the two hour training. For an added fee there will be optional written testing and practical testing at the conclusion of the training. Those who pay the added fee and pass the tests will receive rights to use the hard copy report forms as well as the 3D software electronic form set for the evaluation.

There are a few other surprises that I won't tell you about just yet. I hope I have said enough to get you to mark out these dates on your calendars and start booking your flights to Portland. For those who would like to get their rooms booked early, the number for the Holiday Inn- Portland Airport is 1-800-HOLIDAY or 503-256-5000. For those of you who remember they have promised not to book any Weddings next to us this time. A little oops last time, that they were thoroughly embarrassed about.