need help getting rid of klez worm

[marlboroman13711]

i have avast4, avast virus cleaner, and windows ME.  i found out which folder the virus was in with avast4 and tried to get rid of it with the virus cleaner but it didnt detect anything,it said no viruses found.  1 virus is in the windows\system folder, i got 3 in the
 programs files\common files\updater folder, and 1 in the program files\common files\keenValue folder and i put them in the chest and tried to repair the files but it said cannot process C:\program files etc... i had to move them to the program files\alwil software\avast4\DATA\moved file to get on the internet cause it wont let me when they are in the virus chest.  i dont know what to do, any help would be very appreciated

[whocares]

Hi,

Which version of Klez did avast report exactly ?

try pausing avast resident shield or booting the PC in SafeMode before running any removal Tools

other Klez-Tools are available from Symantec, bitdefender, mcafee/Stinger, F-secure etc..

Also read the Infos on your Klez-variant on avast's virusinfo pages or the virusinfo-pages of the above sites..
And use the board search here

[.: Mac :.]

I recommend F-Secure's Klez removal tool.  It does a Very quick and through job.

[marlboroman13711]

i got 4 version,win32:klez[Wrm],   win32:klez-E[Wrm],   win32:klez-H[Wrm],    win32:klez-UPX[Wrm].  i'll have to try the safe mode thing before i do anything else. Where can i find F-Secure's klez removal tool at?  can you send a link?  thanks all

[whocares]

try avast Cleaner in SafeMode first,
I'd like to know if it works then (or any error messages)


After this, Use both Tools below

# FsKlez or F-Klez
F-Klez is a utility that disinfects a computer infected with Klez worm and Elkern virus that the worm drops.
To remove Klez.E, Klez.F and Klez.H worms please use the KlezTool utility below.
Download: ftp://ftp.f-secure.com/anti-virus/tools/fsklez.exe
Readme: ftp://ftp.f-secure.com/anti-virus/tools/fsklez.txt

*

# KlezTool

The Kleztool is the utility to eliminate several variants of Klez virus-worm infection and to disinfect files infected by Klez. The utility should be used together with F-Secure Anti-Virus as this tool doesn't disinfect Elkern.A and Elkern.B virus variants, that Klez.E and Klez.F worms drop. However the utility is able to disinfect files infected with Elkern.C virus that Klez.H worm drops.
Download: ftp://ftp.f-secure.com/anti-virus/tools/kleztool.txt
Download: ftp://ftp.f-secure.com/anti-virus/tools/kleztool.zip

[igor]

To remove the Klez virus, I would also recommend our avast! Virus Cleaner. Btw, there is no need to run it from Safe mode.

[whocares]

Hi Igor,

i have avast4, avast virus cleaner, and windows ME.  i found out which folder the virus was in with avast4 and tried to get rid of it with the virus cleaner but it didnt detect anything,it said no viruses found.

this was why I recommended other tools, too

[igor]

Ah, I guess I didn't read the original post carefully enough.
In that case, I would certainly like to see these files. Can you send them?

In any case, it's a little strange... the files cannot cause troubles when they are in Chest. The only way it could happen would be that they are important for the internet connection (i.e. they are infected system files) - but in that case, it wouldn't help if you move them to avast! folder, instead of moving them to Chest; they would have to stay in the original location.

Btw, if the files are in Chest, they are encrypted - so in that case, avast! Virus Cleaner certainly could not find them.

Can you post the exact full (original) filenames of the infected files?

[marlboroman13711]

ORIGINAL LOCATION                                  NAME
c:\windows\system                                    cd_clint.dll
c:\program files\common files\updater       delupdat.exe
c:\program files\common files\updater       sui.exe
c:\program files\common files\updater       wupdater.exe
c:\program files\common files\keenvalue   kkv.exe

ok i tried the safe mode and it did nothing.  i went to the virus data base in avast and the name that was already on it said klez, so i searched for it and 4 came up, so thats why i thought i had a klez virus,  but when i looked at them in the virus chest today i found out that it said the virus was called trojan-gen.{other} on the cd_clint.dll file and trojan-gen.{vc} on the other 4 files.  so does that mean i have a trojan-gen virus and if so how the hell do i get rid of them?  also i kinda new to this stuff but if you want me to send the files do i just put them on an attachment in this forum or send them to you on a instant message thing?

[marlboroman13711]

sorry but i forgot to ask if i have to put the files back in the original location to fix them or leave them where they are now? right now they are in the
C:\Program Files\Alwil Software\Avast4\DATA\moved     file so i can use the internet

[whocares]

Hi,

please enter
trojan-gen
into the board-search above: lots of advice there..

What does show up after a Full scan with avast ?
virus names and locations ?

 

[marlboroman13711]

i'm pretty sure it says what i typed a minute ago.  i'll have to do it again to make sure but it will take a couple of hours

[marlboroman13711]

ok it says i have 4 trojan-gen.{vc} and 1 trojan-gen{other}.  when i try to repair them it tells me that "an error occured during repair file, file was not repaired"

[.: Mac :.]

trojans can not be repaired so delete them.

[marlboroman13711]

i think the trojans are in my internet files,  cause when i put them into the virus chest in avast i cant get on the internet.  if i delete them is there anyway i can get them back without no trojans in them or have one of u send me some good files?  the names of the files are on a list i posted a little bit ago