IndoIndians.com
   

Channels
> Associations
> Astrology
> Beauty
> Business
> Career
> Education
> Entertainment
> Festival
> Food
> Health
> Holiday
> Info India
> Info Indonesia
> Kids
> Lifestyle
> Money Matters
> News
> Relationship
> Religion
> Shopping
> Technology
> Teenagers
> Tips
> Sport
> Travel
> Visitor Info
> Wedding
> Writer
Movie Reviews
Members Center
Newsletter Archive

 

Services
> Weekly Newsletter
> e Classifieds
> e-Card
> Message Board
> Job Forum
> Fun Stuff
> Simplify Life
> Bollywood Preview
> English Preview
> Yellow Pages
> e-Mail
 


Instructions for Removing the Klez Virus
The Klex virus is running rampant on campus. Use the instructions below to check for infection and remove, if needed, the virus from your computer.
  1. Back up all important files (Word documents, Excel spreadsheets, etc.) to the H: drive, floppy, or zip disk! Sometimes the virus will seriously corrupt Windows when removal is attempted.

  2. Uninstall your current virus software, which the virus has likely disabled. To uninstall, your virus software, go to the Start button, select Settings, and then Control Panels. Double-click on Add/Remove Programs. Select your virus software from the list and click the Add/Remove button. You may find that you cannot uninstall or re-install IIT’s Norton Antivirus Corporate Edition. In this case, you will need to manually uninstall Norton Antivirus. Follow the directions in the links below and restart your computer. Once Norton Antivirus is uninstalled, you will be able to reinstall it.

    Windows 95/98/Me manual removal instructions

    Windows NT/2000/XP manual removal instructions

  3. Download the file KillKlez.bat to your hard drive. You can download the file by right-clicking on the "killklez" link below and choosing to save the file to your hard drive (using the "save link as" or "save target as" command).
    KillKlez.bat software

  4. Run Windows in Safe Mode: Restart the machine and press the F8 key before the first Windows graphic comes up, and then choose "Safe Mode" from the menu list that will appear.
  5. Double-click on KillKlez.bat to run it.
  6. If the KillKlez.bat cleaner gives the error message "bad command or file name" when run in Safe Mode, delete the cleaner you downloaded from the Web and instead copy it to your desktop from: Main on Sven (P:)\Apps\Installs\NortonAntiVirus\Cleaners\Klez

  7. If you are running Windows 98, Windows ME, or Windows XP: Click on the Start button, choose Run, and in the small box that appears, type msconfig and click OK. In the window that appears, click on "Selective startup" and UNCHECK "Load startup group items" or "Load Startup Items," then click the OK button.

  8. If you have Windows ME, you NEED to do the following:
    1. Right-click on My Computer and select Properties from the pop-up menu
    2. Click on the Performance tab
    3. Click the File System button
    4. Click on the Troubleshooting tab
    5. Check "Disable System Restore"
    6. Click OK

  9. Restart your computer to insure that Klez is no longer running.
  10. Click the Start button and select Run...
  11. Type in regedit and click OK.
  12. Navigate to the following key

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

  13. If there is a “Run-” entry, highlight the "Run" (the one without the ending hyphen) entry and delete (delete button on the keyboard). Then highlight the "Run-" entry, click the Edit menu and then Rename. Rename the entry to “Run”

  14. If there is NOT a “Run-” entry, simply delete the “Wink[random characters] %System%\Wink[random characters].exe” entry and the “WQK %System%\Wqk.exe” entry

  15. Navigate to the following key

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices

  16. If there is a “RunServices-” entry, highlight the "RunServices" (the one without the hyphen) entry and delete (delete button on the keyboard), then highlight the "RunServices-" entry, click the Edit menu and then Rename. Rename the entry to “RunServices”

  17. Navigate to and expand the following key

    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services

  18. In the left pane, under the \Services key, look for the following subkey, and delete it, if it exists:

    \Wink[random characters]

  19. Click Registry, and click Exit.

  20. Install (or re-install) your anti-virus software.

    Note: If you did not have any anti-virus software before this incident, please install a copy of Norton AntiVirus. Run the installer from P:\Apps\Installs\NortonAntiVirus\Install Norton AntiVirus

  21. BEFORE restarting after the Norton install, click Start, then Run, enter msconfig, and click OK.

  22. Click on the Startup tab and uncheck all entries EXCEPT “vptray”, “rtvscn95”, and “defwatch”

  23. Click OK to leave msconfig and restart the computer

  24. The yellow Norton shield should appear in the System Tray (lower right corner of screen). Wait a minute or two so that the virus definitions can auto-update from Sven and then double-click on the shield.

  25. Once you have up-to-date anti-virus software on your system, run a full scan of your computer:

    1. Click on Start, then Programs, then Norton AntiVirus Corporate Edition, and then Norton AntiVirus Corporate Edition
    2. Verify that the virus definitions are current (2/27/02 or later)
    3. Click Scan Computer
    4. Put a check next to the C: drive and click Scan
    5. Let the scan run and remove or quarantine any traces of Klez on the system

  26. After the scan has completed, and your computer is KLEZ-free, click on Histories, then Scan Histories.

    Right click on the most recent scan (the one you just performed) and select Properties.

    Review the list of files that were infected. Most of them will be virus files with random names. Some of them may be legitimate Windows applications. Most likely, you will need to reinstall any application that was infected by KLEZ.

  27. To delete the klez virus out of quarantine, select “Quarantine” from the View menu in Norton, right click on the quarantined viruses and select Delete Permanently from the pop-up menu.

  28. Exit Norton.

  29. Click the Start button, select Run, type in “msconfig” and click OK

  30. Under the General tab, put a check next to “Load startup group items”. (It may be grayed out; just click the checkbox twice.)

  31. Restart your computer.

If you use Outlook or Outlook Express for email, you should seriously consider migrating to Netscape Messenger. If you want to continue to use Outlook or Outlook Express, download and install the security patch that will prevent Klez from reinfecting your system via your email client at http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS01-020.asp.

Facts about KLEZ:

  • It is a worm that uses random subjects, attachment file names and message bodies
  • It exploits a vulnerability in Outlook and Outlook Express
  • It sends e-mails to addresses in your addresss book, from the ICQ database, and from .html and .txt files on your HD
  • The payload is contained in the message body (!!)
  • Previewing or opening the message in Outlook and Outlook Express will trigger an infection (!!)
  • It will not infect Macs, though Macs can distribute the infected e-mail message
  • It is being stopped by our e-mail gateway
  • It is caught by our current Norton AntiVirus definitions
  • The removal tool is also posted at I:\Norton AntiVirus\Cleaners

More detailed info is here:

http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.e@mm.html

 

 site search :

Send mail to webmaster@infotech.co.id with questions or comments about this web site.
Copyright © 2000 www.indoindians.com
Last modified: May 10, 2002

 
Tips
Avoiding Traveler's Diarrhea

Weight watchers menu

7 Day Diet Plan

Facts about Klez

Virus Detection and Prevention Tips