Name : Wink*.exe
Path : %SYSTEM32%\Wink*.exe
[ Example: C:\Windows\System32\Winkad.exe ]
type : Internet
Name : Klez
Alias : I-Worm.Klez.H, W32/Klez-H,
WORM_KLEZ.H, Klez.E, W32/Klez.E
level : Medium
Klez Worm installs itself
into Windows system folder with a random name
beginning with 'Wink,' for example, 'Winxxx.exe.' Klez worm arrives as an e-mail
attachment with different names. The attachments
are embedded within the e-mail and it uses IFRAME
vulnerability to infect the user.
When the user views the e-mail
the embedded code is executed automatically and
it drops the virus. Microsoft released security
patches to close this security hole. If you haven't
installed, you can get a copy at http://www.microsoft.com/windows/ie/download/critical/Q290108/default.asp
Klez wormuses its own
SMTP to e-mail infected messages. The message
body will be empty or it will contain a random
text. The subject will be one of the following.
how are you
let's be friends
don't drink too much
please try again
welcome to my hometown
the Garden of Eden
introduction on ADSL
japanese girl VS playboy
look,my beautiful girl friend
eager to see you
spice girls' vocal concert
Japanese lass' sexy pictures
Klez sometimes mail the
infected message with customized messsage. The
message subject will be " Worm Klez.E immunity " and
the message body will be
" Klez.E is the most
common world-wide spreading worm.It's very
dangerous by corrupting your files.
Because of its very smart stealth and anti-anti-virus
technic,most common AV software can't detect or
We developed this free immunity tool to defeat
the malicious virus.
You only need to run this tool once,and then Klez
will never come into your PC.
NOTE: Because this tool acts as a fake Klez to
fool the real worm,some AV monitor maybe cry when
you run it.
If so,Ignore the warning,and select 'continue'.
If you have any question,please mail me. "
When executed Klez
installs itself into Windows system folder with a
random name beginning with 'Wink,' for example, 'Winxxx.exe.'
Klez.H doesn't contain any dangerous payload.
File deleting payload routine has been removed
from Klez.H variant. So it won't damage the
system. Klez.H also deletes well-known antivirus
programs from the infected machine.
How can I protect my
Solo has incorporated
klez infected wink*.exe in its signature file to
protect users from this worm attack. Solo
antivirus registered users are already protected
from this worm. Make sure that you have installed
registered version of Solo Antivirus to protect
your system from all virus threats.
to remove this worm?
If you are already
infected with wink*.exe, download and install
security patches from the link http://www.microsoft.com/windows/ie/download/critical/Q290108/default.asp according to your
Internet Explorer version. Then run Solo anti-virus
and choose clean option to disinfect the worm
antivirus can detect and remove klez infected
wink*.exe safely. Use the following link
to Download 30 day trial version of
Solo antivirus to remove viruses from your
Solo anti-virus not only
scans for all viruses, it contains a unique System
Integrity Checker to protect you from
New Internet Worms, Backdoors and
malicious VB, Java Scripts. It also
effectively removes all existing Internet Worms,
File viruses, malicious VB, Java scripts, Trojans,
Backdoors, boot sector, partition table and macro
purchase Solo antivirus using the link