Go to Home Page GuidesHow to ArticlesReviewsForumsFrequently Asked QuestionsNewsLinksPotpourri

Site Search

 

Klez Worm
Last updated: 5/10/02

7/3/02 Klez: The Virus That Won't Die? Virus alert centers are bracing themselves for a new wave of Klez worm attacks this week: One annoying variant of the persistent pest is expected to resurrect itself July 6... May I suggest that everyone download the Klez virus removal tool and run it!  Boot Windows to the Safe mode first by pressing F8 just as Windows is about to start and choosing that mode from the resulting menu.  Larry

This E-Mail from my Internet Service Provider pretty well sums it up.  The Symantec Klez removal program may crash if you have other programs running.  Suggest booting Windows to the Safe Mode to run it.  Press F8 just as Windows is about to boot and select the Safe Mode from the resulting menu.  Larry

5/10/02

---- Important Notice to all MetroCast OnLine customers -----

Dear Valued MetroCast Customer,

Over the past week there as been a large occurrence of the e-mail virus Klez, This virus is infecting computers all over the Internet. W32.Klez.gen@mm is a mass-mailing worm that also attempts to copy itself to other computers via networks or e-mail. The worm uses random subject lines, message bodies, and attachment file names. The worm exploits vulnerability in Microsoft Outlook and Outlook Express in an attempt to execute itself when you open or even preview the message in which it is contained. (Information and a patch for the vulnerability are available at http://www.microsoft.com/technet/security/bulletin/MS01-020.asp.)

This W32/Klez variant has the ability to mimic the email FROM: field. The senders address used by the virus, may be one that was found on the infected user's system. Thus, it may appear that you have received this virus from one person, when it was actually sent from a different user's system. Viewing the entire email header will display the actual senders address. Our support team can assist you in finding these message headers. Here are some of the more common subject lines. Subject: Document End Subject: Happy Lady Day Subject: From Subject: Eager to see you Subject: Returned mail--"Document End " Subject: HEIGHT Subject: A WinXP patch Subject: Hi,spice girls' vocal concert Subject: Happy nice Lady Day Subject: Have a humour Lady Day Subject: Happy good Lady Day Subject: ALIGN Subject: Have a good Lady Day Subject: Undeliverable mail--"IIS services with this Web administration tool." (the virus can also send mails with empty Subject and/or body) Please take extra caution opening email messages with these subjects. Remember the message could APPEAR to be delivered FROM someone you know.

W32.Klez.gen@mm is a generic detection that detects variants of W32.Klez. Computers that are infected with W32.Klez.gen@mm have most likely been exposed to either W32.Klez.E@mm or W32.Klez.H@mm.

A recommended tool to test for, or remove the Klez virus may be found at

http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.removal.tool.html
Once you have downloaded this removal tool simply double click on it and then select start. It will search the entire machine for this virus and attempt to remove it. Even if you do not think that you have the virus, it may not be a bad idea to run the removal tool, in case the virus is simply dormant.

Thank you,

John Rodenhuis
Regional Manager
High Speed Data Services
MetroCast Cablevision

Copyright, Disclaimer, and Trademark Information Copyright © 1996-2006 Larry F. Byard.  All rights reserved. This material or parts thereof may not be copied, published, put on the Internet, rewritten, or redistributed without explicit, written permission from the author.