Information on Klez and Its Removal
Posted on 13.05.2002
Brief information
Klez is a virus that spreads via the Internet attached to infected e-mails. The worm itself is a Windows PE EXE file about 57-65Kb (depending on its version) in length, and it is written in Microsoft Visual C++.

When an infected file is started, the worm copies itself to a Windows system folder with the krn132.exe name. Then it writes its key to registry to make itself start automatically with Windows.

More information on Klez family of viruses:


According to the Real Time Virus Reporting provided by BitDefender, in the past one month Klez virus (variants E and H) infected more then 5738 systems and more then 100,000 files. And we are talking just about BitDefender statistics.

Mentioned statistics (regulary updated) can be found here:

According to the Sophos "Top Ten Viruses And Hoaxes Reported To Sophos In April 2002" list, first two places were reserved for:

1. W32/Klez-G (Klez variants G & H) 77.8%
2. W32/Klez-E (Klez variant) 5.8%

Full list can be found over here:

In the "Kaspersky Labs Virus Top Twenty for April 2002" listing, Klez holds the first position with 94,5% infections

Full list can be found over here:


Romanian anti virus company BitDefender released a scanner that scans your computer for any traces of Win32.Klez virus (variants A, B, C, D, E, F, G) and Win32.Elkern (variants A, B, C).

BitDefender AntiKlez -

Symantec's Klez Removal Tool does basically the same, with not as nice GUI as BitDefender's program.

Symantec FixKlez -

Also, as a service to our visitors you can scan your whole computer for viruses from Help Net Security. The nice looking and very powerfull and accurate online scanner is unfortunately optimized just for Internet Explorer users (becuase of some ActiveX controls).

OnLine Scan on HNS -


Harnessing artificial intelligence to build an army of virtual analysts

PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Tue, Feb 9th