Klez Info

BruceYBruceY S. Jersey
edited June 2003 in Science & Tech
I have a friend who unknowingly sent the a klez variation to me. I have it quarentined but want to know if ( or should) I attempt to "repair it. I have Norton and have it under controll. Or should I just delete it? BruceY:confused:

Comments

  • EnverexEnverex Worcester, UK Icrontian
    edited June 2003
    Delete it.

    The repair is only there for when the virus infects a file that you need. I doubt the virus on its own is something you want to keep.

    NS
  • BruceYBruceY S. Jersey
    edited June 2003
    deleted!!!!
  • edited June 2003
    Not only would I agree to deleting it, but if you have time and are familiar with Symantec's tech site you might want to get the dedicated removal tool and scan your box with it. NAV 2002 did not have the ability to do removals on infection, and soem of theKlezes liked to play worm as well as just email themselves to a bunch of folks in the email address books on every machine they infected. Klez might have emailled itself to you.

    I have had friends "kill"a klez and then later have many copies and a "need to reload Norton" problem. The problem is,there are several variants and what Norton 2002 quarantined was a dropper file in some cases and not the virus itself. Me, would get the Klez fixer thing from Symantec on another computer, write to 1\2 floppy full it takes to store, write protect floppy, then scan from write protected floppy.

    2003 is klezproof for the 11 variants I know of(including elkerns), as it does not know the NAV executable's name to destroy it for the newest version. The first thing some of the Klezes would do is infect the NAV program itself. I have had 6-7friends get Klezed and think the AV killed it until next time they tried to run NAV and it would not manually scan. one person had about 220 copies of Klezed things on his box. We killed them all with the Symantec Klez remover. Then we wiped and reloaded Win2K as the remover can only delete klezed filesadn toomuch of the system core was trashed (unless he wanted to run in safe mode all the time).

    This one I would get the dedicated remover and let it S&D Klez and then see what is left. If what is left works, uninstall and reinstall NAV and reupdate it-- IF you do not have NAV 2003(Ifyou have NAV 2003 wait and see if the box acts more squirrelly than usual (I have yet to see a perfect box, they all act strange now and then for various reasons, this is not a flame)). I would especially do both these things if your box acts at all squirrelly after this. I have several write proofed (the slider is not slid, it is totally missing now) floppies of that Klez remover\fixer I made back when Klez's most recent variant was all over and starting to fade if you cannot find it on Symantec's site and can indeed pass a copy of the fixer itself on as that particular fixer set is available to all--via email or via a floppy if need be. It needs to go to a known completely clean computer to be totally sure of getting a good copy to do that scan with, BUT it will also check itself for corruption before scanning. Because it carries its own Klez definition set internally, it has been known to trigger MacAfee also when emailled, so best idea is to download on a friend's computer that definitely does not have any Klez variant on it, and do so directly from Symantec's AV\Security tech site. After 2+ years , I am awful tired of Klez. And have learned to double check everything where killing it is concerned.

    John Danielson.
Sign In or Register to comment.