|
|
Virus Information Center
WORM_KLEZ.I
Virus type: Worm
Destructive: No
Aliases:
I-Worm.Klez.i, W32/Klez.gen@mm, KLEZ.I
Description:
This variant is a slight modification of WORM_KLEZ.H.
This mass-mailing worm uses SMTP to propagate via email.
The subject line of the email it arrives with is randomly
selected from a list of possible choices. It also drops
a copy of PE_ELKERN.D, which is the Windows file infector.
Solution:
For Windows 95 systems:
1) Restart your computer.
2) Press the F8 key when you see the message, "Starting Windows 95."
For Windows 98/Me systems:
1) Restart your computer.
2) Press the Ctrl key until your Windows 98 startup menu appears.
3) Choose the Safe Mode option then hit the Enter key.
For Windows XP systems:
1) Restart your computer.
2) When prompted, press the F8 key. If Windows XP
Professional starts without the
“Press select operating system to start”
menu, restart your computer.
3) Press F8 again after the Power-On Self Test is done.
4) Choose the Safe Mode option from the Windows Advanced Options Menu.
For Windows 2000 systems:
1) Restart your computer.
2) Press the F8 key, when you see the Starting Windows
bar at the bottom of the screen.
3) Choose the Safe Mode option from the Windows 2000 Advanced Options Menu.
Further Removal
1) Scan your PC for viruses at
www.antivirus.ie/index.mv?free_scan=1
2) Click Start>Run, type Regedit then hit the Enter key.
3) In the left panel, double click the following:
HKEY_LOCAL_MACHINE>Software>Microsoft>Windows>
CurrentVersion>Run
4) In the right panel, look for and then delete
these registry value where * is any random characters:
”Wink*” = ”%System%\Wink*.exe”
”WQK” = “%System%\Wqk.exe”
5) In the left panel, double click the following:
HKEY_LOCAL_MACHINE>System>CurrentControl Set>Services
6) Under the Services key, look for and then delete this subkey:Wink*
7) Close the Registry Editor.
8) Restart the system.
9) Scan your PC for viruses at
www.antivirus.ie/index.mv?free_scan=1
|
