Author Topic: Win32Klez-H!  (Read 12742 times)

0 Members and 1 Guest are viewing this topic.

gate1975mlm

  • Guest
Win32Klez-H!
« on: June 20, 2004, 05:58:25 AM »
Avast Pro 4.1 found the Win32Klez-H on my PC. And for some reason it will not let me delete it! And I did a scan with another Antivirus and that did not even found a virus on my pc. What is going on here? Its the Demo version.

Thanks
« Last Edit: June 20, 2004, 05:59:00 AM by gate1975mlm »

gate1975mlm

  • Guest
Re:Win32Klez-H!
« Reply #1 on: June 20, 2004, 05:59:46 AM »
see!

Tipton

  • Guest
Re:Win32Klez-H!
« Reply #2 on: June 20, 2004, 06:11:56 AM »
Try clearing your temporary internet files.

Douglas

Offline .: Mac :.

  • Avast Überevangelist
  • Ultra Poster
  • *****
  • Posts: 5093
Re:Win32Klez-H!
« Reply #3 on: June 20, 2004, 06:17:27 AM »
Klez.H? that worm is very old.
"People who are really serious about software should make their own hardware." - Alan Kay

CharleyO

  • Guest
Re:Win32Klez-H!
« Reply #4 on: June 20, 2004, 06:23:53 AM »

Maybe gate1975 is new to avast! and his/her old av didn't find it.    ???    :o    >:(  



gate1975mlm

  • Guest
Re:Win32Klez-H!
« Reply #5 on: June 20, 2004, 06:35:00 AM »
Try clearing your temporary internet files.

Douglas

I did that but the virus is still there. How can I go right to the file and delete it?

Tipton

  • Guest
Re:Win32Klez-H!
« Reply #6 on: June 20, 2004, 06:37:24 AM »
Try clearing your temporary internet files.

Douglas

I did that but the virus is still there. How can I go right to the file and delete it?

After clearing your temp internet files, where does it say the virus is located?

Douglas

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9406
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re:Win32Klez-H!
« Reply #7 on: June 20, 2004, 07:15:13 AM »
As i can se he is using CursorXP which means he has Windows 2000/XP. Just schedule Boot-Time scan. That parasite will go away without any problems with this one.
Visit my webpage Angry Sheep Blog

Offline .: Mac :.

  • Avast Überevangelist
  • Ultra Poster
  • *****
  • Posts: 5093
Re:Win32Klez-H!
« Reply #8 on: June 20, 2004, 08:27:56 AM »
Ok I offer another solution. Try Quick Heal Worm Killer.
Avaliable at the following adress.

http://qheal.wincleaner.com/qhwkill.com  file size is 80Kb
"People who are really serious about software should make their own hardware." - Alan Kay

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9406
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re:Win32Klez-H!
« Reply #9 on: June 20, 2004, 09:05:45 AM »
Why would he complicate if he can do with avast!'s Boot-Time scan?
Visit my webpage Angry Sheep Blog

Offline .: Mac :.

  • Avast Überevangelist
  • Ultra Poster
  • *****
  • Posts: 5093
Re:Win32Klez-H!
« Reply #10 on: June 20, 2004, 09:18:36 AM »
oops sorry rejzor I did not see your reply  :'(  ::)  :-[

You are right boot time scan is easier
"People who are really serious about software should make their own hardware." - Alan Kay

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11849
    • AVAST Software
Re:Win32Klez-H!
« Reply #11 on: June 20, 2004, 01:27:04 PM »
On the other hand, the boot-time scanner doesn't support many archives - I'm not sure if UPX is supported. So, the boot-time scanner may not find it.
Klez-H (or its twin Elkern-C) is a file infector... so if it's active, I'd expect more infected files to be found on the disk. Maybe it's just a file that was infected previously, "disinfected" later, but piece of the virus code were left in the file...

In any case, you may also try the avast! Virus Cleaner.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re:Win32Klez-H!
« Reply #12 on: June 20, 2004, 01:28:31 PM »
Lets not forget the cause of the problem this could be an exploit "Incorrect MIME Header Can Cause IE to Execute E-mail Attachment" which was patched ages ago by MS:
http://www.microsoft.com/technet/security/bulletin/MS01-020.mspx

If your computer is not patched you will be liable to reinfection, don't keep treating the symptoms, treat the cause.

Regular visits to windows update.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

gate1975mlm

  • Guest
Re:Win32Klez-H!
« Reply #13 on: June 20, 2004, 05:55:29 PM »
Ok I was able to delete the virus now! I had to also delete the Offline content in Internet Temp files. I never knew that. Thanks for your help.

Offline Lars-Erik

  • Avast Evangelist
  • Sr. Member
  • ***
  • Posts: 394
    • Lars-Erik Østerud
Re:Win32Klez-H!
« Reply #14 on: June 20, 2004, 11:57:28 PM »
This has always been my ONE (and only) negative point with avast!  

When a novice user gets a virus-warning and click remove, and then gets this "file is in use" message they PANIC !!!!!

OK, we all know that there is no reason to panic (the file access IS stopped), but that isn't obvoius to a novice.

1)  avast! should give better info about what is happening.
2)  avast! should do everything possible to delete the file.

Other AV products I have used will mangage to clean/delete the file without having to boot or use a separate cleaner!
www.osterud.name - ICQ: 7297605 - AIM/Yahoo/Facebook/Skype/Astra: LarsErikOsterud