Advice sought about the removal of Klez.H.

[Reg Mouatt]

Have just discovered, via AVG Free, that a friend has this virus on
her PC. Cannot find on the AVG site how to remove this but have
discovered an article and download on Symantec dealing with this.
Before I attempt removal is there anything learned from your
experience that I should do.
Thank you.
Reg

 

[David W. Hodgins]

Have just discovered, via AVG Free, that a friend has this virus on
her PC. Cannot find on the AVG site how to remove this but have
discovered an article and download on Symantec dealing with this.

In addition to following Symantec instructions, your friend needs to turn off the M$ "services"
that leave the computer exposed to malware, to prevent reinfection.

Assuming the operating system is eXtra Patch.

For a computer that is connected to the internet only (i.e. not on a local area network),
turn off file sharing in the M$ client and turn on the firewall. See
http://www.cablemodemhelp.com/xpsurvivalguide.pdf

For a computer that is on a local area network, as well as having internet access,
un-bind TCP/IP from both File and Printer Sharing and Client for Microsoft Networks. See
http://www.pcurtis.com/network-xp.htm

Also have your friend take a look at http://www.claymania.com/safe-hex.html, and be sure
all of the latest extra patches are applied, as they become available. Check very frequently.

Regards, Dave Hodgins

 

[Reg Mouatt]

In addition to following Symantec instructions, your friend needs to turn off the M$ "services"
that leave the computer exposed to malware, to prevent reinfection.

Assuming the operating system is eXtra Patch.

For a computer that is connected to the internet only (i.e. not on a local area network),
turn off file sharing in the M$ client and turn on the firewall. See
http://www.cablemodemhelp.com/xpsurvivalguide.pdf

For a computer that is on a local area network, as well as having internet access,
un-bind TCP/IP from both File and Printer Sharing and Client for Microsoft Networks. See
http://www.pcurtis.com/network-xp.htm

Also have your friend take a look at http://www.claymania.com/safe-hex.html, and be sure
all of the latest extra patches are applied, as they become available. Check very frequently.

Regards, Dave Hodgins

Thanks for that Dave,
For some reason the
http://www.cablemodemhelp.com/xpsurvivalguide.pdf
link produces a blank document. Have understood your advice re turning
of file sharing etc. and will check that out. The other links are good
advice.
Kind regards,
Reg

 

[Reg Mouatt]

Thanks for that Dave,
For some reason the
http://www.cablemodemhelp.com/xpsurvivalguide.pdf
link produces a blank document. Have understood your advice re turning
of file sharing etc. and will check that out. The other links are good
advice.
Kind regards,

To complete the story, ran the Symantec programme which found the PC
not infected, re-ran AVG which found the infected file titled 52.zip
in the AOL 5 folder but as it had not been opened and the PC
uninfected, simply deleted it to the Recycle bin and deleted it again
from there.
Explains why AVG did no more that notifying of its existence.
Reg

 

[FromTheRafters]

To complete the story, ran the Symantec programme which found the PC
not infected, re-ran AVG which found the infected file titled 52.zip
in the AOL 5 folder but as it had not been opened and the PC
uninfected, simply deleted it to the Recycle bin and deleted it again
from there.
Explains why AVG did no more that notifying of its existence.
Reg

That is the first I have heard of Klez.h in a zip file. I would have
suspected a false positive detection by AVG and gotten more
opinions from other scanners.

 

[Reg Mouatt]

That is the first I have heard of Klez.h in a zip file. I would have
suspected a false positive detection by AVG and gotten more
opinions from other scanners.

You may well be right. This is the first time I have had to deal with
something like this and will have to put it down to experience. Thanks
for the info about false positives.
Reg

 

[mzlindyone]

That is the first I have heard of Klez.h in a zip file. I would have
suspected a false positive detection by AVG and gotten more
opinions from other scanners.

AOL automatically zips 2 or more attachments, and Klez often includes
a graphic.

Carol

 

[FromTheRafters]

AOL automatically zips 2 or more attachments, and Klez often includes
a graphic.

Ahh, so it would be fairly common in AOL then. Thanks for the info.