Klez is nasty!

Last Updated on September 30, 2010 by Dave Farquhar

If you haven’t ever actually seen Klez in person, count yourself lucky.
I had my first run-in with it last night. I was working on a friend of a friend’s computer and everything about it was goofy.

Finally I grabbed Symantec’s Klez removal tool (search with Google; Symantec doesn’t seem to keep things in one place for long) and ran it. It found 26 infected files and disinfected 25 of them. Explorer stopped and restarted (I hate when that happens). I rebooted, renamed the file it puts in the registry (my mind is hazy so I can’t remember it) and re-ran the tool. It found a total of 9 infected files. So the thing re-infected 8 files in the time it took between Explorer reloading and me shutting down!

Everything about the system is goofy now. I’ve got it complaining about DLL files missing, and the proprietary AT&T Worldnet dialer isn’t working right anymore, and the current version of McAfee AntiVirus (he bought it before he talked to me) won’t load right. Ugh.

I’m going back in for half an hour. If I can’t get the thing working normally in 30 minutes, I’m going to reload the system.

If there is any good side effect, it allowed me to meet a very interesting person. He’s a Yugoslavian refugee. As the Commies were coming in, he was given two hours’ warning: Pack two bags and get on this train. You’ll get to come back later. That was more than 50 years ago. Later never came. I remember being all paranoid about the Cold War for the first half of my life. But here was someone who actually had to live it, whose life was completely and permanently changed by it.

If you found this post informative or helpful, please share it!

3 thoughts on “Klez is nasty!

  • May 30, 2002 at 9:53 am
    Permalink

    First thing I do with a suspect Klez infection is boot to safe command prompt and attrib -a -r -s -h wink*.exe and then del wink*.ex in windir\system. Then do the same with *.exe in the temp directory. It’s quick way to get up to speed. THEN run the removal tool.

  • May 30, 2002 at 5:30 pm
    Permalink

    Try using Anti-Virus by Grisoft (AVG):

    http://www.grisoft.com/

    I’ve been using it for two years, and it has never failed me once. Use Symantec’s removal tool, install AVG, run the updater, scan the drive – you’re done. 🙂

  • May 30, 2002 at 6:31 pm
    Permalink

    It’s not that easy when you’re dealing with missing system files on top of an infection. Recovering from a virus infection isn’t always as easy as just installing and running an AV program.

Comments are closed.