W32/Klez.H@mm

Download VIRUSfighter NOW
W32/Klez.H@mm Destructivity: Spreading: Overall risk:
  
• Detected by virus detection files published: 4/17/2002 • Type: Worm
• Virus characteristics first published: 4/17/2002 • Spreading mechanism: Network
• Virus characteristics latest update: 9/16/2004 • Overall risk: Low
• Alias: W32.Klez.G • Payload: Removes antivirus programs
• Infection type: Microsoft Windows 95/98/98 SE/ME/NT 4/2000/XP/2003/Vista  

Virus type Spreading
mechanism 		Destructivity
and payload 		Additional
descriptions 		Detection
and removal
Detection and removal - special information

We recommend that you download a special fix for this virus. This fix will remove Klez.E, Klez.H (formerly known as Klez.G) and Elkern.C from infected local systems. If Klez has disabled NVC5, the fix will reinitialize it. It is highly recommended that you start your PC in Safe mode if this is an option in your operating system, before running the fix. Download the fix by clicking this link.

General comments

This is a new email worm in the Klez series. It is in many ways similar to the previous variants, but some destructivity has been removed.

The worm spreads over email using email addresses picked from several sources on the infected computer - web pages, Windows address book, and ICQ contact lists. Note that it will also use a random address as sender, so the one who appears to be the sender does not neccessarily have to be the real sender. The email is formatted in such a way that the worm may get executed without the user having to click on any attachment.

The worm makes copies of itself on the local machine and on network shares in both a plain executable form and in an archive with a *.RAR extension.
# - A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W - X - Y - Z
To protect and serve, VirusFighter