W32/Klez.A@mm
Threat risk
|
Detection files published:
30 Oct 2001 |
Description created:
2001-11-05 |
Description updated:
2002-01-09 |
|
Alias:
Kleezer, Klaz |
Spreading mechanism
| |
|
Payload:
Drops destructive virus | ||
Summary
This is an email worm that also carries with it a file infecting virus - W95/Elkern.A
In its original form the worm is 57345 bytes long, but size may vary since the worm itself often gets infected by the virus it carries.
Spreading description
Email characteristics:
Subject: Semi-variable
Body: I'm sorry to do so,but it's helpless to say sorry. I want a good job,I must support my parents. Now you have seen my technical capabilities. How much my year-salary now? NO more than $5,500. What do you think of this fact? Don't call my names,I have no hostility. Can you help me?
Attachment: Variable name
This worm, similar to the W32/Nimda.A and W32/Toal series of viruses, uses a security hole in Internet Explorer to automatically execute when a user opens or previews the mail in Outlook/Outlook Express.
Threat description
As mentioned, Klez installs a virus, W95/Elkern, on infected machines. This virus can be destructive in certain settings.Removal
The worm itself will be deleted. In addition, the system may need to be cleaned of the W95/ElKern virus, which is planted by the worm. Despite the name prefix this virus will only work under some releases of Win98.General information about removal of malicious software
Norman's antivirus products are in general able to remove all malicious software that is detected.
Some malware, however, uses techniques that the general product does not remove sufficiantly. We have therefore developed the free product Norman Malware Cleaner. Please use the latest version of this program from the link below - if your Norman antivirus is unable to clean-up the infection.
| Utilisation | Titre | Commentaire |
|---|---|---|
| Stopper la propagation des virus sur les partages réseau | ||
| Cleaning of back-up folders on Windows Me and XP |
