Information on Klez and Its Removal
Posted on 13.05.2002
Brief information
Klez is a virus that spreads via the Internet attached to infected e-mails. The worm itself is a Windows PE EXE file about 57-65Kb (depending on its version) in length, and it is written in Microsoft Visual C++.

When an infected file is started, the worm copies itself to a Windows system folder with the krn132.exe name. Then it writes its key to registry to make itself start automatically with Windows.

More information on Klez family of viruses:
http://www.net-security.org/virus_item.php?id=4285



Statistics

According to the Real Time Virus Reporting provided by BitDefender, in the past one month Klez virus (variants E and H) infected more then 5738 systems and more then 100,000 files. And we are talking just about BitDefender statistics.

Mentioned statistics (regulary updated) can be found here:
http://www.net-security.org/v/bd/RTVR/rtvr.php

According to the Sophos "Top Ten Viruses And Hoaxes Reported To Sophos In April 2002" list, first two places were reserved for:

1. W32/Klez-G (Klez variants G & H) 77.8%
2. W32/Klez-E (Klez variant) 5.8%

Full list can be found over here:
http://www.net-security.org/press.php?id=751

In the "Kaspersky Labs Virus Top Twenty for April 2002" listing, Klez holds the first position with 94,5% infections

Full list can be found over here:
http://www.net-security.org/press.php?id=753



Removal

Romanian anti virus company BitDefender released a scanner that scans your computer for any traces of Win32.Klez virus (variants A, B, C, D, E, F, G) and Win32.Elkern (variants A, B, C).

BitDefender AntiKlez - http://www.net-security.org/software.php?id=105

Symantec's Klez Removal Tool does basically the same, with not as nice GUI as BitDefender's program.

Symantec FixKlez - http://www.net-security.org/software.php?id=106

Also, as a service to our visitors you can scan your whole computer for viruses from Help Net Security. The nice looking and very powerfull and accurate online scanner is unfortunately optimized just for Internet Explorer users (becuase of some ActiveX controls).

OnLine Scan on HNS - http://www.net-security.org/v/bd/scan





Spotlight

Whitepaper: Zero Trust approach to network security

Posted on 20 November 2014.  |  Zero Trust is an alternative security model that addresses the shortcomings of failing perimeter-centric strategies by removing the assumption of trust.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Mon, Nov 24th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //