Klez detected but.....

Discussion in 'malware problems & news' started by scabbo1, Feb 23, 2004.

Thread Status:
Not open for further replies.
  1. scabbo1

    scabbo1 Registered Member

    Joined:
    Feb 23, 2004
    Posts:
    6
    Hello all -

    Ok my friends computer came with Mcafee AV so he "thought" he was protected and never checked to see if his AV was up to date/spec

    That said as we were talking over the weekend he told me about his AOL account being stolen and AOL locking it down due to him sending out spam (which he did not do - -lol you have to see him/speak to him to know its not even possible) anyway I told him (as did AOL) that it sounded to me like he had a TJ Horse installed and that most likely someone had installed a keystroke log program. I told him to log on and do an online scan at one of the free sites (macfee/trend etc) he decided when he got home to just run his old AV (virus def/dat file of 4/03) which found a Klez virus. I told him to shut down and bring me the computer (for fear he would never get this removed)

    SO....... what next. I know he has at the very least got Klez on his PC and I am wondering what to use to start the removal/fix process.

    I have acess to both Norton and Mcafee products (2004 versions of AV). What would the community suggest as next stepso_O?



    Thanks
     
  2. Peaches4U

    Peaches4U Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    5,070
    Location:
    At my computer
    Welcome to Wilders, a place for learning. :cool: Do an online Panda scan. If your friend is using WinXP be sure that System Restore is disabled when doing the scan. If you need to know how to disable System Restore, post back and we will tell you how it is done.

    http://www.pandasoftware.com/products/activescan/#e3

    or you can get the removal tool from Symantec or Sophos if you prefer. All your instructions are there.

    http://search.symantec.com/custom/us/query.html
     
  3. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    scabbo,

    In adittion to Peaches advice:

    • Panda Onlie scanner might fail on trojans/backdoors - better grab a dedicated antitrojan (trial), update and perform a full system scan;
    • As soon as the system in question has been cleaned out, make sure all passwords will be changed. These are fairly sure harvested and can be misused.

    regards.

    paul
     
  4. Peaches4U

    Peaches4U Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    5,070
    Location:
    At my computer
    Thanks for your post Paul .. I learned something new I never knew before. :D
     
  5. meneer

    meneer Registered Member

    Joined:
    Nov 27, 2002
    Posts:
    1,132
    Location:
    The Netherlands
    And update your Internet explorer. Klez enters the system through a hole in IE (pre 6). The invading of the computer memory in which IE resides is not checked by most scanners.
     
  6. scabbo

    scabbo Guest

    Any suggestions for the dedicated antitrojan?

    I used Trend to scan and it found one trojan installed. I deleted it and I now have Mcafee installand updated.

    Please advise - thanks for all of the thoughts so far!!!!
     
  7. scabbo1

    scabbo1 Registered Member

    Joined:
    Feb 23, 2004
    Posts:
    6
    Opps forgot to log in :) above was meh! )
     
  8. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    TDS, BOClean, TrojanHunter - in that order as far as I'm concerned.

    regards.

    paul
     
Loading...
Thread Status:
Not open for further replies.