Worm_klez.h ----help, I've Been Attacked

[ctn]

Does anyone know how to get this virus off my computer,it seems it has wiggled its way though all my .EXE files,im running a program that said it could get rid of it,but its not its saying clean-clean failed,move-moved failed
thanks for any and all help

 

[ReignDomain]

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_KLEZ.H

 

[Anthony Ng]

Don't tell me that you are surfing the net withOUT a regularly (weekly) updated anti-virus software like Norton.

 

[RMF]

Norton doesn't do very well when matched up against the klez worms.

RMF

 

[DomainPairs]

You have to go back to DOS to remove it as it comes with Elkern as well. There is a complete removal procedure on my site
http://www.computerthreats.com but I haven't reviewed it for a while. The systems works as I tested it myself and have used it on a bunch of other infected computers. There is also a batch file to scan the registry. If you have any problems pm me.

Just had a thought - are you on XP

Norton is pretty useless - avg is better and it's free. running the Microsoft security updates is even better.

 

[ctn]

thanks everyone,i was using trend micro but its not working i have downloaded the pattern file and its going through dos and cleaning the elkern but its not cleaning the klez.h,no, i have used the internet for over five years and never had a anti virus and i have never had a virus to get through,and got an email the other day with an attachment that poped up automatic and i hit the ok instead of cancel by mistake.I will try that one on your site.This email come from this person dr.scott a. stockwell and i typed in stockwell in google he has a website, and this is what it said on it
(I am a research entomologist with the U.S. Army. I am currently assigned to the Army Medical Department Center & School (Academy of Health Sciences) at Ft. Sam Houston (San Antonio, Texas).

I will be getting in touch with the army and hopefuly his ass will be grass,if there is no fix,i have 100 worms in here now and growing
again thanks,to everyone

ps im using win 98

 

[ctn]

well someone sent it through from my domain site contact page,and it has his name on it,well if i had viruses from the past it would have shown up on the scan,just 4 elkern and the rest klez.

 

[Ciqala]

Errr. i've been getting hundreds of emails all with .exe attachments (amongst others like .scr) saying either random messages or "here's a patch to fix the klez worm i'm spreading it to help solve the problem" or to that effect.

If you run that then I think you are more than likely infecting your computer with it.

luckily us folks on macs are far less susceptible to these things

but don't run patchs from emails ever... download them from the anti-virus sites yourself. (if this is what you done then ok ok i'm wrong but my time working on a helpdesk gives you a low expectancy from the end-user always )

 

[Anthony Ng]

>>ctn: ... i have used the internet for over five years and never had a anti virus and i have never had a virus to get through ...
>>ozone: trust me, u HAVE had viruses get through, u just dont know it.

I agree with ozone here. It's almost IMPOSSIBLE for a machine withOUT any anit-virus software to survive that long .... you said 5 years?! No way.

>>ctn: ... This email come from this person dr.scott a. stockwell and i typed in stockwell in google he has a website ... I will be getting in touch with the army and hopefuly his ass will be grass ...

Again, I am almost 100% certain that this person is NOT sending you the virus intentionally. Don't do anything silly. It's very likely that you have done or will be doing the same thing without even noticing it.

I STRONGLY recommend you spending a bit more time on this topic while surfing the net.

 

[ctn]

Originally posted by nameslave
>>ctn: ... i have used the internet for over five years and never had a anti virus and i have never had a virus to get through ...
>>ozone: trust me, u HAVE had viruses get through, u just dont know it.

I agree with ozone here. It's almost IMPOSSIBLE for a machine withOUT any anit-virus software to survive that long .... you said 5 years?! No way.

>>ctn: ... This email come from this person dr.scott a. stockwell and i typed in stockwell in google he has a website ... I will be getting in touch with the army and hopefuly his ass will be grass ...

Again, I am almost 100% certain that this person is NOT sending you the virus intentionally. Don't do anything silly. It's very likely that you have done or will be doing the same thing without even noticing it.

I STRONGLY recommend you spending a bit more time on this topic while surfing the net.

well nameslave you are right it probably didn't come from him after reading up on it,as far as not having a virus before, i said the viruses that are in my computer that come from that email because they are a combination viruse that came from a pif file,they are the only ones that showed up,now unless there is a virus that is not showing up which i doubt there is ,i have never had one,and i guess i have been very lucky,if you don't open attachments or go to a bunch of porn sites i would say its more than likely that your not going to get one,but see now i have one from a simple mistake thats going to take for ever to get rid of that is going to make up for the five years of luck i have had,now you can believe it or not i really don't care

 

[ctn]

Originally posted by Ciqala
Errr. i've been getting hundreds of emails all with .exe attachments (amongst others like .scr) saying either random messages or "here's a patch to fix the klez worm i'm spreading it to help solve the problem" or to that effect.

If you run that then I think you are more than likely infecting your computer with it.

luckily us folks on macs are far less susceptible to these things

but don't run patchs from emails ever... download them from the anti-virus sites yourself. (if this is what you done then ok ok i'm wrong but my time working on a helpdesk gives you a low expectancy from the end-user always )

im running trend micro,but it is not getting rid of it,i guess its because when it gets inside it breaks up into a bunch of pieces and renames it self,it will take the one in the start up reg and get rid of it but it want get rid of the ones that hide in my exe files and etc.... but even when i shut down my computer it will through one back into the start up,im probably going to have to get someone down here to fix it,i haven't got the time to trace all of them manually.

ps, bad thing is i have no win 98 cd or back up floppys,i bought my computer real cheap and everything was all ready installed,and i have always used my computer for the stock market and financial sites and google and thats about it,until i got into domain names and websites.I guess someone got mad because i have redirected all my names and and most of my links to my readyeye site

 

[DomainPairs]

The only way to remove Klez is to go through the sort of procedure I outlined. If you fiddle around with other things you may conceal parts of it. Partial removal just means that you reinfect when you restart. Elkern disables AV software to help Klez survive. Did you run my batch routine to see if you have got traces of infection.

Klez has got its own SMTP routine and doesn't use your mail program. It trawls addresses from loads of places on your computer and contructs an email message from a file that it finds. The carrier message has is unlikely to have any reference to the sender. By accusing and reporting him you will reduce your own credibility. The first thing you must do is to install the Microsoft security updates otherwise you will still be vulnerable even with av software.

Use my method, it is the only way I know of to remove it from Win98. The alternative is to re-install everything after security wipeing the hard drive.

 

[ctn]

Originally posted by DomainPairs
The only way to remove Klez is to go through the sort of procedure I outlined. If you fiddle around with other things you may conceal parts of it. Partial removal just means that you reinfect when you restart. Elkern disables AV software to help Klez survive. Did you run my batch routine to see if you have got traces of infection.

Klez has got its own SMTP routine and doesn't use your mail program. It trawls addresses from loads of places on your computer and contructs an email message from a file that it finds. The carrier message has is unlikely to have any reference to the sender. By accusing and reporting him you will reduce your own credibility. The first thing you must do is to install the Microsoft security updates otherwise you will still be vulnerable even with av software.

Use my method, it is the only way I know of to remove it from Win98. The alternative is to re-install everything after security wipeing the hard drive.

thanks,i said you all were right it probably didn't come from him after i researched this ,im not going to contact them.I just got intouch with a computer tech man up the road,and he told me the only thing he knows that works is pandasoftware.com.if that doesn't work i will give him your website address and he can fix this for me.thanks again for the help

 

[ctn]

pandasoftware.com has fixed the problem,and it is not getting back into my startup,so far so good.It was the w32/klez.i that panda reconized,in my files.
Anyways thanks for the help,and if anyone is having troubles i recommend http://pandasoftware.com they have a 30 day trail

 

[DomainPairs]

I hope you have installed the Microsoft vulnerability fixes, set your mail security to restricted rather than internet, and done the "wink" test. The "wink" test is when you open windows explorer and search for file names containing the string "wink". You should also do a deep deletion of all temp directories and the recycle bin. Deep deletion is done by using deltree to get rid of the stuff Bill Gates keeps about you.

 

[ctn]

Originally posted by DomainPairs
I hope you have installed the Microsoft vulnerability fixes, set your mail security to restricted rather than internet, and done the "wink" test. The "wink" test is when you open windows explorer and search for file names containing the string "wink". You should also do a deep deletion of all temp directories and the recycle bin. Deep deletion is done by using deltree to get rid of the stuff Bill Gates keeps about you.

i went and updated all my microsoft stuff,one was vm sercurity which i think is that one your talking about,and i did go to my regedit and got rid of my wink files,i know nothing about deltree and if things start acting up i will let someone take care of that,Seems you have run unto this problem to,that is a pretty bad little worm,i know one thing it said it steals all your private info from you,that ain't good.

This is amazing to,that computer tech that help me said they can also hack into a site and put a different link in there and when you try to get a pattern file or or patch it really sends you a worm,thats why i thought it was strange that when you type the exact virus into google it sends you to trendmicro and no other place,and it looks like trend micro is owned by someone in japan,and it wouldn't fix the problem.It seemed like it got worse and worse messing with trendmicro,go and type in worm_klez.h and see what comes up.I could be wrong though

This guy i went to is a wiz on the computer and he will get attacked and trace them down and attack them back.He said that almost all the attacks are from other countries.anyway i think it is fixed and will update if anything happens,domain if that wasn't the right one to download please provide me a link about the fixes