Hello, I just finished removal of the klez virus from a friends laptop running win xp.
It was a royal pain as several users were setup as administrators.
I did turn off system restore for XP , if not it may come back from there.
Norton AV 2002 was killed by the infection. It deleted the exe files for Norton AV.
Mcafee AV found and would not repair , just delete or quaratined 140 files.
Panda AV found an infection in a non existant file in a non existant directory.
Symantec's klez removal tool found 19 infections.
Then after it all I reinstalled Norton [ removed all the other AV software ]
and on scanning again Norton found 1 file infected with klez, died, XP froze completely. Power off only.
So after looking around I found http://europe.f-secure.com/v-descs/klez_h.shtml
and on that page is a tool for removing the klez critter. Works real good.
Also noted looking around f-secure : http://www.f-secure.com/v-descs/scalper.shtml
a hole is now found in Apache for FreeBSD. Very interesting.
So I am just wondering if anyone else has met klez and it's cousins.
Thanks
Kode
It was a royal pain as several users were setup as administrators.
I did turn off system restore for XP , if not it may come back from there.
Norton AV 2002 was killed by the infection. It deleted the exe files for Norton AV.
Mcafee AV found and would not repair , just delete or quaratined 140 files.
Panda AV found an infection in a non existant file in a non existant directory.
Symantec's klez removal tool found 19 infections.
Then after it all I reinstalled Norton [ removed all the other AV software ]
and on scanning again Norton found 1 file infected with klez, died, XP froze completely. Power off only.
So after looking around I found http://europe.f-secure.com/v-descs/klez_h.shtml
and on that page is a tool for removing the klez critter. Works real good.
Also noted looking around f-secure : http://www.f-secure.com/v-descs/scalper.shtml
a hole is now found in Apache for FreeBSD. Very interesting.
So I am just wondering if anyone else has met klez and it's cousins.
Thanks
Kode