Other WelchWrite Blogs: A Gardener's Notebook - Career Opportunities - TechnologyIQ - Careers in New Media
Home -- Contact Me -- Search Welchwrite.com -- Follow My Word

Subscribe to Douglas' Newsletter today!

Wednesday, May 08, 2002





Symantec offers W32.Klez Removal Tool



If you have been infected by the nasty W32. Klez Virus/Worm, it can be a big pain to clean it up. Symantec has offered a tool to automate the cleanup, though. There are several steps you need to follow to insure that you are free from infection, but everything is explained in the documents on Symantec's site.


Above all, this a great reminder to make sure you purchase, install and UPDATE your virus software on a regular basis. This is one of the most important maintenance tasks to perform on your computer.



Here is the info direct from Symantec...



Symantec has provided a tool to remove infections of W32.Klez.E@mm, W32.Klez.H@mm, W32.ElKern.3587, and W32.ElKern.4926.



An online demonstration on how to download and run the tool is available with audio and without audio.



Note on W32.Klez.gen@mm detections:

W32.Klez.gen@mm is a generic detection that detects variants of W32.Klez. Computers that are infected with W32.Klez.gen@mm have most likely been exposed to either W32.Klez.E@mm or W32.Klez.H@mm. If your computer is detected as infected with W32.Klez.gen@mm, download and run the tool. In most case, the tool will be able to remove the infection.



What the tool does

The W32.Klez Removal Tool does the following:
  • It terminates all processes that are associated with W32.Klez.E@mm, W32.Klez.H@mm, W32.ElKern.3587, and W32.ElKern.4926.
  • It deletes the W32.Klez.E@mm and W32.Klez.H@mm service(s).
  • It removes the registry entries that were created by W32.Klez.E@mm and W32.Klez.H@mm.
  • It detects all types of W32.Klez.E@mm, W32.Klez.H@mm, W32.ElKern.3587, and W32.ElKern.4926 infections, and repairs files that can be repaired.



    NOTE: A file that is infected with W32.Klez.E@mm or W32.Klez.H@mm includes a link to the encrypted host file. If the encrypted file does not exist at that link, the tool deletes the infected file because it is not repairable, and the encrypted file will not be restored.

    The W32.ElKern.3587 and W32.ElKern.4926 repair removes the viral code from the file. It does not ensure that a file that is repaired from W32.ElKern will run because this virus often corrupts files.

posted by Douglas @ 5/08/2002   0 comments links to this post

0 Comments:

Post a Comment

Links to this post:

Create a Link

<< Home