Notes On:
The Klez Virus -- It can NOT be "cleaned" using virus protection software

  1. Evil e-mail tricks PC users

    'Klez' disguises self with variety of subjects, senders

    Footnote from:
    http://wnd.com/news/article.asp?ARTICLE_ID=27376

    If a computer has been infected, free removal tools are available from both Symantec and Trend Micro.

    But despite assurances from anti-virus companies, some organizations like ACT Teleconferencing in Hong Kong are having trouble curing the problem.

    "Irrespective of what Symantec or other vendors say, there has been no way to stop this worm in the short term," Bob Deverell of ACT told the South China Morning Post this week.

    "We have been struggling to clean our machines," he said. "We haven't been able to stop it and we're very competent."

    Q: so - what's the membrane prognosis - everybody... including membrane.com ... dumps their existing machines and gets new ones ? and is this the first of many to come ?

    ...talk about retooling info plants.

    A: No. Membrane.com does not recommend Microsoft/Windows products. So far, these attacks only involve Microsoft software. Thus, not everybody will have to re-tool... only those using Microsoft.

  2. If you get Klez, YES dump the machines. Then, establish three separate network/computer uses:
    1. private business (non internet)
    2. public business (internet but dedicated to critical business functions)
    3. personal (disposable)
    And, for God's sake, once and for all, quit using Microsoft Outlook, download all attachments to floppy to view for viruses, establish a policy and human responsibility chain of command, and make a request of everyone you deal with (vehemently I may add) that you get removed from their address book... this will put you in the right direction.

    Oh yeah, get all email addresses off the web... now.

  3. from Norton --http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.removal.too l.html
    If W32.Klez.gen@mm was activated before you ran the removal tool, in most cases you will not be able to start Norton AntiVirus (NAV). The instructions for running NAV from the command line and NAV reinstallation instructions are in the removal section of the W32.Klez.E@mm write-up.

  4. Advice from our top expert if you get Klez --
    reformat your harddrive and reinstall windows

  5. Just as I was gloating about the system working fine, I downloaded Symantec's Klez cleaner (since I use Norton AV and suspect its been disabled).

    As you may know, you have to run Norton's Klez Cleaner from Windows' Safe Mode. Fine. So, I can't get it to boot in safe mode any more. Not by F8, not by control key method... nada. It ignores the F8 key, and just hangs while booting if by control key method.

    What a pisser... reinstall looks like the only option now.

    Color me moanin' and a groanin' fer a linux box & x-windows

Back To The Study

© 2002 Membrane.com Help Desk
This article may not be redistributed without our permission.