My ISP (cable one) detected the KLEZ worm on my computer!!! (W32/klez.gen@MM) I want to try to clean it up. But now I can not make my Mcaffee virus scan come up. How bad is this virus? What will it do to my computer? What can I do to fix it? Will going out and buying a new Norton Anti virus do any good? Please help, because I need to be able to use my e-mail do to an online job, and other volunteer responsibilities.
**********************************************************
06-03-02, 05:37 PM
Good Ol' Boy 14
It does a lot. It's a paticularly messy lil bugger. Symantec describes the virus at:
http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.e@mm.html . One of the things it does is attacks antivirus programs, as it seems to have done to your McAfee.
Symantec has a removal tool for that particular virus. Although they stress it may not work 100%, it is worth a shot.
It's available with directions at:
http://www.symantec.com/security_response/writeup.jsp?d...=2002-041812-3406-99

-Cray, Senior in CS, Southern IL University Carbondale
**********************************************************
06-03-02, 10:05 PM
Byter
As G.O.B. 14 suggests; get the Syamtec removal tool. I used it on my computer after this infection crashed my whole system. Had to reinstall windows to get back going.
Below is the log the removal tool gave me after cleaning my computer. As GOB says " VERY MESSY lil bugger" mad mad

The file "c:\Program Files\NetMeeting\CONF.EXE" is infected by W32.Klez.H@mm. The file is repaired.

The file "c:\Program Files\Greetings Workshop\GWORKSHP.EXE" is infected by W32.Klez.H@mm. The file is repaired.

The file "c:\Program Files\Common Files\SystemSoft\Sniffer.exe" is infected by W32.Klez.H@mm. The file is repaired.

The file "c:\Program Files\SystemWizard\Sw.exe" is infected by W32.Klez.H@mm. The file is repaired.

The file "c:\Program Files\CNET\CatchUp\Program\Catch-Up.exe" is infected by W32.Klez.H@mm. The file is repaired.

The file "c:\Program Files\OLYMPUS\Camedia Master\Olympus Camedia.exe" is infected by W32.Klez.H@mm. The file is repaired.

The file "c:\Program Files\Messenger\msmsgs.exe" is infected by W32.Klez.H@mm. The file is repaired.

The file "c:\Program Files\Windows Media Components\Tools\asfindxr.exe" is infected by W32.Klez.H@mm. The file is repaired.

The file "c:\Program Files\Windows Media Components\Tools\NsRex.exe" is infected by W32.Klez.H@mm. The file is repaired.

The file "c:\Program Files\Windows Media Components\Tools\tagasf.exe" is infected by W32.Klez.H@mm. The file is repaired.

The file "c:\Program Files\Microsoft Streets & Trips\Streets.exe" is infected by W32.Klez.H@mm. The file is repaired.

The file "c:\Program Files\StarCalc\STARCALC.EXE" is infected by W32.Klez.H@mm. The file is repaired.

The file "c:\WINDOWS\SYSTEM\Winkqfold.exe" is infected by W32.Klez.H@mm. The file is deleted since it is unrepairable.

The file "c:\WINDOWS\TEMP\Gz6364.exe" is infected by W32.Klez.H@mm. The file is deleted since it is unrepairable.

The file "c:\WINDOWS\TEMP\QrdA251.exe" is infected by W32.Klez.H@mm. The file is deleted since it is unrepairable.

The file "c:\WINDOWS\TEMP\Vli8223.exe" is infected by W32.Klez.H@mm. The file is deleted since it is unrepairable.

The file "c:\WINDOWS\TEMP\Ejz8071.exe" is infected by W32.Klez.H@mm. The file is deleted since it is unrepairable.

The file "c:\WINDOWS\TEMP\Zrv4052.exe" is infected by W32.Klez.H@mm. The file is deleted since it is unrepairable.

The file "c:\WINDOWS\TEMP\ZuuC140.exe" is infected by W32.Klez.H@mm. The file is deleted since it is unrepairable.

The file "c:\WINDOWS\TEMP\XpC232.exe" is infected by W32.Klez.H@mm. The file is deleted since it is unrepairable.

The file "c:\WINDOWS\TEMP\Udh3184.exe" is infected by W32.Klez.H@mm. The file is deleted since it is unrepairable.

The file "c:\WINDOWS\TEMP\XsF0B5.exe" is infected by W32.Klez.H@mm. The file is deleted since it is unrepairable.

The file "c:\WINDOWS\TEMP\Oi10F1.exe" is infected by W32.Klez.H@mm. The file is deleted since it is unrepairable.

The file "c:\WINDOWS\Desktop\Winkqfold.exe" is infected by W32.Klez.H@mm. The file is deleted since it is unrepairable.

The W32.Klez.E@mm/W32.Klez.H@mm/W32.Elkern.3587/W32.Elkern.4926
infection has been successfully removed from your computer!

Here is the report:

The total number of the scanned files: 23381
The number of deleted files: 12
The number of repaired files: 12
The number of viral processes terminated: 0
The number of viral services deleted: 0
The number of registry entries fixed: 0
**********************************************************
06-03-02, 10:32 PM
Di
The same thing happened to me. Completely wiped out my McAfee virus program. The ONLY thing that cleared it was this tool.
My ISP told me that this virus does not need to have a program/mail opened to download. Very sneaky and sly thing - it automatically infects your computer from the mail header without you doing a thing.
I learned one thing through this, You MUST keep your virus program updated.
**********************************************************
06-03-02, 11:00 PM
gizmogram
I was recently infected with Klez and didn't have an anti-virus program at the time. What a mess!

One of Klez' little features is that it doesn't ALLOW you to install an anti virus program while it's in residence!

I had to erase my hard drive and start over, and the first thing I did when I installed my internet access was to install McAfee, which was recommended to me by KK. I also have a mailwasher program. Before installing McAffee, the mailwasher missed the virus...since installing, however, it's caught at least 4.

So McAfee obviously is making a difference...This mailwasher program is great - I can preview all my messages before they hit my inbox. If I get spam, I can bounce them back to to originator so it looks like my address doesn't exist! I can also preview any questionable emails and either bounce or just delete them.

If anyone would be interested in mailwasher, email me & I can send it to you to check out.
**********************************************************
06-03-02, 11:27 PM

Thank you guys. I ran the Klez fix and it says that the infection was successfully removed from my computer.

3 deleted files
6 repaired files
0 viral processes terminated
0 viral services deleted
1 registry entry fixed

This sounds like great news to me, however Macafee must have been damaged beyond repair.
I can't bring it up at all. I get nothing but error messages.
My next question is, do I need to try to uninstall it?
And now that my computer has been cleaned of the virus, is it safe to buy the newest anti virus software at the store and install it? Or will it do any good?
My computer seems to be running fine, the alerts have stopped from my isp. But now I feel extremely unprotected. Tell me please how to get some protection back on my computer.
Thank you very very much for all of the help!!!!
**********************************************************
06-04-02, 12:35 AM
Good Ol' Boy 14
Since your antivirus program was corrupted, it needs to be replaced. In other words, it needs to be uninstalled, and if you still have the original disk, reinstalled. If it is badly corrupted, with a lot of missing files, particularly the uninstall log that was created when it was installed, it may refuse to uninstall. But, for now, lets just hope that it will uninstall successfully. If you don't have the original disk, you'll have to buy an antivirus program. If you still have faith in McAfee, you can go ahead and buy it, but I'd recommend Norton. McAfee is a respectable AV program, but I've had much better luck with Norton. Whether you buy a new AV program or reinstall the old one, don't forget to run its respective update program and get all the latest virus definitions.
Also, if you haven't done so, you should install Microsoft's patch for Outlook Express (don't worry that the site says the patch is for IE) to fix this vulnerability.
http://www.microsoft.com/windows/ie/downloads/critical/q290108/default.asp
Good luck.
**********************************************************
06-04-02, 01:18 AM

uninstall was a success! Thanks! I will buy the newest Norton software tomorrow! You were very helpful to me many thanks to everyone who posted!!
**********************************************************
06-06-02, 11:56 AM
Fritzzs
aNGELA--I downloadedthe free anti-virur that Jwooden mention , and everthing went beautifully....Why don/t you try that one if you haven't yet....I will never speak of McAfee in good tones again....its the pits...

This message has been edited. Last edited by: DorianGreyed,