If you haven’t ever actually seen Klez in person, count yourself lucky.
I had my first run-in with it last night. I was working on a friend of a friend’s computer and everything about it was goofy.
Finally I grabbed Symantec’s Klez removal tool (search with Google; Symantec doesn’t seem to keep things in one place for long) and ran it. It found 26 infected files and disinfected 25 of them. Explorer stopped and restarted (I hate when that happens). I rebooted, renamed the file it puts in the registry (my mind is hazy so I can’t remember it) and re-ran the tool. It found a total of 9 infected files. So the thing re-infected 8 files in the time it took between Explorer reloading and me shutting down!
Everything about the system is goofy now. I’ve got it complaining about DLL files missing, and the proprietary AT&T Worldnet dialer isn’t working right anymore, and the current version of McAfee AntiVirus (he bought it before he talked to me) won’t load right. Ugh.
I’m going back in for half an hour. If I can’t get the thing working normally in 30 minutes, I’m going to reload the system.
If there is any good side effect, it allowed me to meet a very interesting person. He’s a Yugoslavian refugee. As the Commies were coming in, he was given two hours’ warning: Pack two bags and get on this train. You’ll get to come back later. That was more than 50 years ago. Later never came. I remember being all paranoid about the Cold War for the first half of my life. But here was someone who actually had to live it, whose life was completely and permanently changed by it.