Author Topic: Win32Klez-H!  (Read 10979 times)

0 Members and 1 Guest are viewing this topic.

Offline gate1975mlm

  • Sr. Member
  • ****
  • Posts: 281
  • I'm a llama!
Win32Klez-H!
« on: June 20, 2004, 05:58:25 AM »
Avast Pro 4.1 found the Win32Klez-H on my PC. And for some reason it will not let me delete it! And I did a scan with another Antivirus and that did not even found a virus on my pc. What is going on here? Its the Demo version.

Thanks
« Last Edit: June 20, 2004, 05:59:00 AM by gate1975mlm »
I am running Windows 7 64 Bit, Intel Core 2 Duo 6700 2.66 GHz, 4GB Ram DDR2 and lots of Hard Drive space!

Offline gate1975mlm

  • Sr. Member
  • ****
  • Posts: 281
  • I'm a llama!
Re:Win32Klez-H!
« Reply #1 on: June 20, 2004, 05:59:46 AM »
see!
I am running Windows 7 64 Bit, Intel Core 2 Duo 6700 2.66 GHz, 4GB Ram DDR2 and lots of Hard Drive space!

Offline Tipton

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 796
  • That 70's Car
Re:Win32Klez-H!
« Reply #2 on: June 20, 2004, 06:11:56 AM »
Try clearing your temporary internet files.

Douglas
"I have lived through alot of horrible things in my life.......some of which actually happened"

Offline .: Mac :.

  • Avast Überevangelist
  • Ultra Poster
  • *****
  • Posts: 5092
Re:Win32Klez-H!
« Reply #3 on: June 20, 2004, 06:17:27 AM »
Klez.H? that worm is very old.
"People who are really serious about software should make their own hardware." - Alan Kay

Offline CharleyO

  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 7085
  • Be alert for error code - ID 10T
Re:Win32Klez-H!
« Reply #4 on: June 20, 2004, 06:23:53 AM »

Maybe gate1975 is new to avast! and his/her old av didn't find it.    ???    :o    >:(  


Self-built desktop (8 years old) - AMD64 3200+_Gigabyte GA-K8NS Ultra-939_4 gb RAM_GeForceFX 5800w/256 ram_XP/SP3_Avast 7_MBAM_ZA Free __and__ Toshiba Satellite Laptop_W7-64bit_ 4 gb Ram_Avast 8_MBAM

Offline gate1975mlm

  • Sr. Member
  • ****
  • Posts: 281
  • I'm a llama!
Re:Win32Klez-H!
« Reply #5 on: June 20, 2004, 06:35:00 AM »
Try clearing your temporary internet files.

Douglas

I did that but the virus is still there. How can I go right to the file and delete it?
I am running Windows 7 64 Bit, Intel Core 2 Duo 6700 2.66 GHz, 4GB Ram DDR2 and lots of Hard Drive space!

Offline Tipton

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 796
  • That 70's Car
Re:Win32Klez-H!
« Reply #6 on: June 20, 2004, 06:37:24 AM »
Try clearing your temporary internet files.

Douglas

I did that but the virus is still there. How can I go right to the file and delete it?

After clearing your temp internet files, where does it say the virus is located?

Douglas
"I have lived through alot of horrible things in my life.......some of which actually happened"

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9384
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re:Win32Klez-H!
« Reply #7 on: June 20, 2004, 07:15:13 AM »
As i can se he is using CursorXP which means he has Windows 2000/XP. Just schedule Boot-Time scan. That parasite will go away without any problems with this one.
Visit my webpage Angry Sheep Blog

Offline .: Mac :.

  • Avast Überevangelist
  • Ultra Poster
  • *****
  • Posts: 5092
Re:Win32Klez-H!
« Reply #8 on: June 20, 2004, 08:27:56 AM »
Ok I offer another solution. Try Quick Heal Worm Killer.
Avaliable at the following adress.

http://qheal.wincleaner.com/qhwkill.com  file size is 80Kb
"People who are really serious about software should make their own hardware." - Alan Kay

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9384
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re:Win32Klez-H!
« Reply #9 on: June 20, 2004, 09:05:45 AM »
Why would he complicate if he can do with avast!'s Boot-Time scan?
Visit my webpage Angry Sheep Blog

Offline .: Mac :.

  • Avast Überevangelist
  • Ultra Poster
  • *****
  • Posts: 5092
Re:Win32Klez-H!
« Reply #10 on: June 20, 2004, 09:18:36 AM »
oops sorry rejzor I did not see your reply  :'(  ::)  :-[

You are right boot time scan is easier
"People who are really serious about software should make their own hardware." - Alan Kay

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11805
    • AVAST Software
Re:Win32Klez-H!
« Reply #11 on: June 20, 2004, 01:27:04 PM »
On the other hand, the boot-time scanner doesn't support many archives - I'm not sure if UPX is supported. So, the boot-time scanner may not find it.
Klez-H (or its twin Elkern-C) is a file infector... so if it's active, I'd expect more infected files to be found on the disk. Maybe it's just a file that was infected previously, "disinfected" later, but piece of the virus code were left in the file...

In any case, you may also try the avast! Virus Cleaner.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 85774
  • No support PMs thanks
Re:Win32Klez-H!
« Reply #12 on: June 20, 2004, 01:28:31 PM »
Lets not forget the cause of the problem this could be an exploit "Incorrect MIME Header Can Cause IE to Execute E-mail Attachment" which was patched ages ago by MS:
http://www.microsoft.com/technet/security/bulletin/MS01-020.mspx

If your computer is not patched you will be liable to reinfection, don't keep treating the symptoms, treat the cause.

Regular visits to windows update.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.8.2487 (build 21.8.6586.697) UI 1.0.666/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline gate1975mlm

  • Sr. Member
  • ****
  • Posts: 281
  • I'm a llama!
Re:Win32Klez-H!
« Reply #13 on: June 20, 2004, 05:55:29 PM »
Ok I was able to delete the virus now! I had to also delete the Offline content in Internet Temp files. I never knew that. Thanks for your help.
I am running Windows 7 64 Bit, Intel Core 2 Duo 6700 2.66 GHz, 4GB Ram DDR2 and lots of Hard Drive space!

Offline Lars-Erik

  • Avast Evangelist
  • Sr. Member
  • ***
  • Posts: 394
    • Lars-Erik Østerud
Re:Win32Klez-H!
« Reply #14 on: June 20, 2004, 11:57:28 PM »
This has always been my ONE (and only) negative point with avast!  

When a novice user gets a virus-warning and click remove, and then gets this "file is in use" message they PANIC !!!!!

OK, we all know that there is no reason to panic (the file access IS stopped), but that isn't obvoius to a novice.

1)  avast! should give better info about what is happening.
2)  avast! should do everything possible to delete the file.

Other AV products I have used will mangage to clean/delete the file without having to boot or use a separate cleaner!
www.osterud.name - ICQ: 7297605 - AIM/Yahoo/Facebook/Skype/Astra: LarsErikOsterud