Warning

 

Close

Confirm Action

Are you sure you wish to do this?

Confirm Cancel
Member Login
Posted: 5/7/2002 10:12:44 AM EDT
I friend of mine just got hit. Where can I send him for the clean up program for it? It is the W32/Klez.h@mm strain. Thanks
Link Posted: 5/7/2002 10:15:59 AM EDT
Link Posted: 5/7/2002 10:18:50 AM EDT
Link Posted: 5/7/2002 10:19:20 AM EDT
No shit! Wow he is going to love to hear that. And he laughed when I told him to update his virus program.
Link Posted: 5/7/2002 10:21:16 AM EDT
Symantec has a detection/removal tool that supposedly works on several of the varieties of the Klez virus. YMMV. [url]securityresponse.symantec.com/avcenter/venc/data/w32.klez.removal.tool.html[/url]
Link Posted: 5/7/2002 10:39:17 AM EDT
Thanks for the information guys... I will forward it to him and hope it does the trick. Glad I still have 106 days of free upgrades for my virus scan. John
Link Posted: 5/7/2002 11:04:33 AM EDT
The virus can be removed manually. [url]http://virusall.com/remkleze.html[/url]
Link Posted: 5/8/2002 6:20:56 AM EDT
Thanks for the info. He said it worked.
Link Posted: 5/8/2002 6:33:14 AM EDT
[url]www.sophos.com[/url] , Click Downloads, Click Products & Updates, I would like to evaluate Sophos (continue to fill out country code/address) THIS LINK WORKS FOR: All Windows OS, NetWare, OpenVMS, OS/2, Unix, Macintosh, & Emergency SAV distribution (DOS) Below is a description of this likely problem/virus: W32/Klez-G Type Win32 executable file virus Detection A virus identity file (IDE) file which provides protection is available now from the Latest virus identities section, and is incorporated into the March 2002 (3.55) release of Sophos Anti-Virus. Sophos has received several reports of this virus from the wild. Description Please note: Some customers have received this virus as an attachment to an email claiming to contain disinfection tools from Sophos for the W32/Elkern virus (the email calls it "W32.Elkern"). We can confirm that the infected file does not originate from Sophos and we recommend users do not open/launch unsolicited executable attachments. W32/Klez-G is a Win32 worm that carries a compressed copy of the W32/ElKern-B virus, which it drops and executes when the worm is run. This worm searches for email address entries in the Windows address book but uses its own mailing routine. The email will have the following characteristics: Subject line: either random or chosen from the list How are you Let's be friends Darling Don't drink too much Your password Honey Some questions Please try again Welcome to my hometown the Garden of Eden introduction on ADSL Meeting notice Questionnaire Congratulations Sos! japanese girl VS playboy Look,my beautiful girl friend Eager to see you Spice girls' vocal concert Japanese lass' sexy pictures Message text: Message text is randomly composed by the worm but the message can also be without a text. Attached file: Randomly named with extension .PIF, .SCR, .EXE or .BAT. The sender address which appears in a message is chosen from a list inside the virus. W32/Klez-G attempts to disable several anti-virus products and delete some anti-virus related files. The worm attempts to exploit a MIME vulnerability in some versions of Microsoft Outlook, Microsoft Outlook Express, and Internet Explorer to allow the executable file to run automatically without the user double-clicking on the attachment. Microsoft has issued a patch which secures against this vulnerability which can be downloaded from http://www.microsoft.com/technet/security/bulletin/MS01-027.asp. (This patch fixes a number of vulnerabilities in Microsoft's software, including the one exploited by this worm.) W32/Klez-G may also spread to remote shares on other machines using random filenames. It copies itself to the Windows System directory with a random filename. The worm will set the registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ to point to the worm file, so that the file is run on Windows startup.
Top Top