Virus Removal Utilities by OnlinePCfix

WORM KLEZ

There are several variants of W32.Klez in general circulation, the most common of which is the WORM_KLEZ.E and WORM_KLEZ.H. The Klez virus is also known as:

The Klez also contains another harmful virus called Elkern.

Some of the common message subjects of emails carrying Klez are:

Worm Klez.E Immunity, IE 6.0 Patch, Japanese lass' sexy pictures, Your Password, A very funny website, Undeliverable mail--, Returned mail--, A WinXP patch, W32.Elkern removal tools, W32.Klez.E removal tools. Spice Girls, A Humor Game, Congratulations, Participate in H@#rny Gang#$ngs, Meeting Notice, Border, No Shade, Eager to see you, Honey, Darling, A Special Excite Game, Happy Nice Epiphany, A Special Powerful Tool... just to name a few.

What is WORM KLEZ?

WORM_KLEZ is a mass-mailing worm that utilizes multiple methods to spread itself over the Internet and Intranet. It carries a payload that becomes especially dangerous on the 6th of each month. When run, it will install a keystroke logger - a program that keeps track of keystrokes you enter on your keyboard thereby revealing sensitive information such as passwords and credit card info, and then sends them out to the public.

The Klez virus will also disable most antivirus software as well as not allow the infected PC to download new / updated programs. The known list of programs that the Klez can disable is as follows:

PCCIOMON, PCCMAIN, POP3TRAP, WEBTRAP, AVCONSOL, AVSYNMGR, VSHWIN32, VSSTAT, NAVAPW32, NAVW32, NMAIN, LUALL, LUCOMSERVER, IAMAPP, ATRACK, NISSERV, RESCUE32, SYMPROXYSVC, NISUM, NAVAPSVC, NAVLU32, NAVRUNR, NAVWNT, PVIEW95, F-STOPW, F-PROT95, PCCWIN98, IOMON98, FP-WIN, NVC95, NORTON, MCAFEE, ANTIVIR, WEBSCANX, SAFEWEB, ICMON, CFINET, CFINET32, AVP.EXE, LOCKDOWN2000, AVP32, ZONEALARM, WINK, SIRC32, SCAM32.

Another factor that makes WORM_KLEZ specifically dangerous is that it imports with it another virus known as the ELKERN Virus. After a reboot the virus infects random EXE files by either expanding the last section of the host file or by going into cavities without changing the host files' size at all. This can result in critical files being overwritten and thus an inability to load the operating system after infection occurs. The Elkern virus is also known as:

virus w32.elkern, virus w32/elkern, w32.elkern, w32/elkern, elkern.cav and elkern.cav.b

Symptoms of KLEZ virus infection:

A fake error message that reads "There is not enough memory to start LOYE291.EXE. Quit some programs, and then try again." (The program name is random, but will always end with 'EXE').
Presence of WINKxxx.EXE files in \WINDOWS\SYSTEM folder (where xxx is also random)
System performance degradation and some programs stop running.
Retuned or undeliverable emails stating the Klez was found.
... other general virus infection symptoms here.

The Klez virus is also known as:

Klez32 virus, Wink Virus, klez.gen, w32 klez, w32 klez.g, w32 kleg.gen.mm, W32/Klez.G@mm, w32.klez.e, w32.klez.h, w32/klez.h, w32/klez.h@mm, w32/klez.h@mm virus, W32/Klez.gen.b@MM, W32/Klez.gen@MM, W32/Klez.I, W32/Klez.K-mm and WORM_KLEZ.G.

The KlezRemover will detect and remove the Klez virus from any infected PC. The KlezRemover comes with technical support from OnlinePCfix Experts and a 100% money back guarantee. Download the KlezRemover here.

>>> Back to Antivirus Main Page