Information on Klez and Its Removal
Brief information
Klez is a virus that spreads via the Internet attached to infected e-mails. The worm itself is a Windows PE EXE file about 57-65Kb (depending on its version) in length, and it is written in Microsoft Visual C++.
When an infected file is started, the worm copies itself to a Windows system folder with the krn132.exe name. Then it writes its key to registry to make itself start automatically with Windows.
More information on Klez family of viruses:
Statistics
According to the Real Time Virus Reporting provided by BitDefender, in the past one month Klez virus (variants E and H) infected more then 5738 systems and more then 100,000 files. And we are talking just about BitDefender statistics.
Mentioned statistics (regulary updated) can be found here:
According to the Sophos “Top Ten Viruses And Hoaxes Reported To Sophos In April 2002” list, first two places were reserved for:
1. W32/Klez-G (Klez variants G & H) 77.8%
2. W32/Klez-E (Klez variant) 5.8%
Full list can be found over here:
In the “Kaspersky Labs Virus Top Twenty for April 2002” listing, Klez holds the first position with 94,5% infections
Full list can be found over here:
Removal
Romanian anti virus company BitDefender released a scanner that scans your computer for any traces of Win32.Klez virus (variants A, B, C, D, E, F, G) and Win32.Elkern (variants A, B, C).
BitDefender AntiKlez –
Symantec’s Klez Removal Tool does basically the same, with not as nice GUI as BitDefender’s program.
Symantec FixKlez –
Also, as a service to our visitors you can scan your whole computer for viruses from Help Net Security. The nice looking and very powerfull and accurate online scanner is unfortunately optimized just for Internet Explorer users (becuase of some ActiveX controls).
OnLine Scan on HNS –