Stomp Out Klez Worm

Follow some simple steps to rid yourself of this annoying intruder and its variants.

By Becky Worley, Tech Live



A survey done by security firm Panda Software reports 7.2 percent of computers have been infected by either the H or I variants of the Klez worm. As "Tech Live" reports tonight, complex technical and social engineering have propelled this worm to infection rates that exceed Nimda or Sircam, the biggest consumer viruses to date.


If you think you could be infected, here are steps for detection, removal, and protection.


There are various free programs on the Web that you can download, install on your computer, and then run to determine if you have any variant of Klez. They not only scan to see if you have the worm, but they will remove all variants of Klez and fix the changes it made to your system.


Detection


Here are some downloads.


Panda Removal Tool
F-Secure Removal Tool
Symantec Removal Tool

The Symantec tool is best because the instructions are clear and provide different protocols for the different Windows operating systems. This tool also removes the ElKern virus which is bundled with many variants of Klez.

 

Removal


Once you choose the tool you want to use, here are the next steps.

Click on the removal tool link.
Accept the download of the removal tool.
Save it to your desktop.
Close all other programs.
Disconnect your connection to the Internet.
Double-click the program and let it scan your computer for infected files.
If it finds you are infected, follow the directions for removal.

 

Protection


Once you've detected and removed the virus, or if you came up clean, follow these steps to avoid Klez and other viruses.

Update your virus definitions so you have the most up-to-date protection from new variants of the virus.


Patch Outlook/Outlook Express. This worm exploits a vulnerability in some unpatched versions of the email programs Outlook and Outlook Express. In these programs, just reading the message, without double-clicking the attachment can infect your computer.

To get the security patch for this problem and many other Windows vulnerabilities go to Windowsupdate.com and let the site diagnose what fixes you may need. For more info on accessing Windows update, read this article.

Don't open random attachments. We all open attachments -- family photos, scanned cartoons, HTML emails -- but if you don't know what the attachment is and you aren't sure that it was intentionally sent by the sender, don't open it. If you receive something that looks fishy, email the sender, ask them what it is, and if they verify they sent it and that it's not a virus, then and only then, open it. When in doubt, get confirmation before double-clicking.

If you have questions, email me at Becky@techtv.com.

Posted August 5, 2002

This article is reprinted from TechTV's website. Visit their site to find more about this and many other tech questions


Click Here
to return to previous page