W32.Klez.H@mm

A couple of days ago, I got a piece of email from my mother. Well, more acurately – from her machine. It seems that she has been infected with the Klez H worm. What’s worse – the infection was successful in completely hosing her antivirus software.

I’ve been over at her house 3 times this week trying to clean this damn virus off her machine. Wednesday night was spent trying to get her antivirus software back up and running. I was partially successful, in that I was able to get it to run jjust long enough to identify the worm before it crapped out again. I had her try to run the McAffee repair tools Thursday night and report back on how it went. No luck. I personally think the McAffee virus software is more hassle than it’s worth. I’ve always had better luck with Norton. So, last night I brought over my Norton CD and booted from it to run another scan. As I suspected, since Klez was written after the Norton 2002 disk was created – it didn’t find anything. but it was worth a try.

I went home and used my machine to make a set of rescue disks which includes the latest virus definitions, (which I really should have done before coming over last night,) and I’m now scanning her machine again. Looks like the scanner found Klez H this time. If the scanner can clean the virus, I also have the FixKlez (and FxBgBear – yo never know) apps from Symantec on another floppy.

I WILL eradicate this damn worm today.

Meanwhile, I’m typing this blog entry on my Stepfather’s Titanium iBook, and fending off the dog, who is bored and wants to wrestle.

Published by

Robert

Robert Belknap has been writing online sporadically since 2001. See the colophon for more details.

5 thoughts on “W32.Klez.H@mm”

  1. Excerpt from the FixKlez.log file:

    [Quote]
    The W32.Klez.gen@mm/W32.ElKern.gen infection has been successfully removed from your computer!

    The total number of scanned files: 40673
    The number of deleted files: 14
    The number of repaired files: 14
    The number of viral processes terminated: 0
    The number of viral services deleted: 0
    The number of registry entires fixed: 0
    [Quote]

    Once I actually had the right tools, this was a breeze.

    I’m now reinstalling and updating my mother’s antivirus software. I will be recomending that she switch to Norton, but even McAfee is better than nothing. I’ve also taken the liberty of clearing out her Temp folder and Internet Explorer cache, as well as disabling the Windows Scripting Host, and cleaning up some other wierdness with msconfig.

    Edited on Oct 5th 2002, 19:57 by Hooloovoo

  2. Good to see you found the answer nice and quick. I have seen a lot of this nasty little beast recently 🙁

    As for virus software… I am not a Norton fan either. Have you tried e-trust anti virus ? It used to be called innoculate-IT and is / was published by CA. Nice and cheap, dosent conflict with anything I run and seems to do the job really well.

    I’d be very interested in some of you guru’s opinions.

    Edited on Oct 6th 2002, 08:37 by enid

  3. I hate virii and worms with a passion. Luckily I’ve had the proper protection in place to deal with a potential outbreak, but I’ve found a healthy dose of common sense helps to avoid most infections. Email is becoming the vector-du-jour for every little virus writer out there. Outlook didn’t help by using html formatting and other fun features that allow you to execute code on a machine, in addition to the other windows vulnerabilities. (I use windows, no OS-snobbery here..)

    I’ve always thought that eventually (and we pretty much have it now with code red, yes it is still around) the internet would have an infection that would never go away, like the common cold or something. It has a real possibility of happening, especially with some of the newer variants that self-modify their own code. Pretty nasty stuff.

    Good luck on the cleaning, glad you had the right tools to handle it.

Leave a Reply to Hooloovoo Cancel reply

Your email address will not be published. Required fields are marked *