Search Solo Products, Services and others Overview of the Site Design and Build a Career Contact us for customer service and other feedback info SRN Micro Privacy Statement

 


KLEZ.H SPREADS USING E-MAIL ATTACHMENTS

Virus Name  : W32.Klez.H@mm

Alias             : I-Worm.Klez.H, W32/Klez-H, WORM_KLEZ.H

Virus type    : Internet worm

Threat level : Medium

Virus details :

                     Klez.H is a modified variant of original Klez.E worm and it is rapidly spreading in the wild. I-worm/Klez.H arrives as an e-mail attachment with different names. The attachments are embedded within the e-mail and it uses IFRAME vulnerability to infect the user.

                     When the user views the e-mail the embedded code is executed automatically and it drops the virus. Microsoft released security patches to close this security hole. If you haven't installed, you can get a copy at http://www.microsoft.com/windows/ie/download/critical/Q290108/default.asp

                     Klez.H uses its own SMTP to e-mail infected messages. The message body will be empty or it will contain a random text. The subject will be one of the following.

Hi,
Hello,
Re:
Fw:
how are you
let's be friends
darling
don't drink too much
your password
honey
some questions
please try again
welcome to my hometown
the Garden of Eden
introduction on ADSL
meeting notice
questionnaire
congratulations
sos!
japanese girl VS playboy
look,my beautiful girl friend
eager to see you
spice girls' vocal concert
Japanese lass' sexy pictures

                     Klez.H sometimes mail the infected message with customized messsage. The message subject will be " Worm Klez.E immunity " and the message body will be
" Klez.E is the most common world-wide spreading worm.It's very dangerous by corrupting your files.
Because of its very smart stealth and anti-anti-virus technic,most common AV software can't detect or clean it.
We developed this free immunity tool to defeat the malicious virus.
You only need to run this tool once,and then Klez will never come into your PC.
NOTE: Because this tool acts as a fake Klez to fool the real worm,some AV monitor maybe cry when you run it.
If so,Ignore the warning,and select 'continue'.
If you have any question,please mail me.
"

                     When executed Klez.H installs itself into Windows system folder with a random name beginning with 'Wink,' for example, 'Winxxx.exe.' Klez.H doesn't contain any dangerous payload. File deleting payload routine has been removed from Klez.H variant. So it won't damage the system. Klez.H also deletes well-known antivirus programs from the infected machine.

How can I protect my system?

                   Solo has incorporated W32.Klez.H@mm in its signature file to protect users from this worm attack. Solo antivirus registered users are already protected from this worm. Make sure that you have installed registered version of Solo Antivirus to protect your system from all virus threats.

How to remove this worm?

                   If you are already infected with this worm, download and install security patches from the link http://www.microsoft.com/windows/ie/download/critical/Q290108/default.asp according to your Internet Explorer version. Then run Solo anti-virus and choose clean option to disinfect the worm infected files.

                   Solo antivirus can detect and remove W32.Klez.H@mm safely. Use the following link to Download 30 day trial version of Solo antivirus to remove viruses from your computer.

                   Solo anti-virus not only scans for all viruses, it contains a unique System Integrity Checker to protect you from New Internet Worms, Backdoors and malicious VB, Java Scripts. It also effectively removes all existing Internet Worms, File viruses, malicious VB, Java scripts, Trojans, Backdoors, boot sector, partition table and macro viruses.

You can purchase Solo antivirus using the link