Variant: Klez.e....(free tool to remove: 2/8/02)

Discussion in 'malware problems & news' started by javacool, Feb 11, 2002.

Thread Status:
Not open for further replies.
  1. javacool

    javacool BrightFort Moderator

    Joined:
    Feb 10, 2002
    Posts:
    3,995
    Bulletin couresty of CNet News.com:
    To get the free tool to detect and remove this worm, visit the following address: http://www.kaspersky.com/news.html?tnews=20140&id=224687

    -javacool
     
  2. Mindy

    Mindy Guest

    Re: Variant: Klez.e....(free tool to remove: 2/8/0

    I work for a local ISP and I have a customer that has this virus. I have had her use housecall, it found it, cleaned it. AVG, clean, Norton, clean. Our virus sniper keeps sending her an email saying that she still has this virus and is trying to send it out. I had her also use the clrav tool and it didnt find it. I'm running out of ideas here, short of telling her to reformat.  

    Anyone else having trouble with this one? Thanks!

    BTW, this is a great forum, as I have to say I have become the resident virus expert in our little neck of the woods. Great info!
     
  3. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Re: Variant: Klez.e....(free tool to remove: 2/8/0

    Hello Mindy,

    Since we are unaware of the (probably still) infected system, O/S installed etc. the main advice is:

    After backing up the registry:

    1. Click Start, and click Run. The Run dialog box appears.
    2. Type regedit and then click OK. The Registry Editor opens.
    3. Navigate to the following key:

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

    4. In the right pane, look for the following values and delete them if they exist:

    Wink[random characters] %System%\Wink[random characters].exe
    WQK %System%\Wqk.exe

    5. Navigate to and expand the following key:

    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services

    6. In the left pane, under the \Services key, look for the following subkey, and delete it, if it exists:

    \Wink[random characters]

    7. Click Registry, and click Exit.

    Be sure your client performs the above strictly. After doing so,  a full and deep scan (all files included) using a good and updated anti-virus is necessary.

    Thanks for the compliment!

    regards.

    paul
     
  4. Mindy

    Mindy Guest

    Re: Variant: Klez.e....(free tool to remove: 2/8/0

    Thanks, I will pass this on to her. Most of my customers I would not, but there are a small majority of them that at least know what I am talking about. I will be back often!

    Mindy
     
Loading...
Thread Status:
Not open for further replies.