SPREADS USING E-MAIL ATTACHMENTS
Virus Name : W32.Klez.H@mm
Alias : I-Worm.Klez.H,
Virus type : Internet
level : Medium
is a modified variant of original Klez.E worm
and it is rapidly spreading in the wild. I-worm/Klez.H arrives as
an e-mail attachment with different names. The
attachments are embedded within the e-mail and it uses IFRAME vulnerability
to infect the user.
When the user views the
e-mail the embedded code is executed
automatically and it drops the virus. Microsoft
released security patches to close this security
hole. If you haven't installed, you can get a
copy at http://www.microsoft.com/windows/ie/download/critical/Q290108/default.asp
Klez.H uses its own SMTP
to e-mail infected messages. The message body
will be empty or it will contain a random text.
The subject will be one of the following.
how are you
let's be friends
don't drink too much
please try again
welcome to my hometown
the Garden of Eden
introduction on ADSL
japanese girl VS playboy
look,my beautiful girl friend
eager to see you
spice girls' vocal concert
Japanese lass' sexy pictures
Klez.H sometimes mail the
infected message with customized messsage. The
message subject will be " Worm Klez.E immunity " and
the message body will be
" Klez.E is the most
common world-wide spreading worm.It's very
dangerous by corrupting your files.
Because of its very smart stealth and
anti-anti-virus technic,most common AV software
can't detect or clean it.
We developed this free immunity tool to defeat
the malicious virus.
You only need to run this tool once,and then Klez
will never come into your PC.
NOTE: Because this tool acts as a fake Klez to
fool the real worm,some AV monitor maybe cry when
you run it.
If so,Ignore the warning,and select 'continue'.
If you have any question,please mail me. "
When executed Klez.H
installs itself into Windows system folder with a
random name beginning with 'Wink,' for example,
'Winxxx.exe.' Klez.H doesn't contain any
dangerous payload. File deleting payload routine
has been removed from Klez.H variant. So it won't
damage the system. Klez.H also deletes well-known
antivirus programs from the infected machine.
How can I protect my
Solo has incorporated
W32.Klez.H@mm in its signature file to protect
users from this worm attack. Solo antivirus
registered users are already protected from this
worm. Make sure that you have installed
registered version of Solo Antivirus to protect
your system from all virus threats.
to remove this worm?
If you are already
infected with this worm, download and install
security patches from the link http://www.microsoft.com/windows/ie/download/critical/Q290108/default.asp according to your
Internet Explorer version. Then run Solo
anti-virus and choose clean option to disinfect
the worm infected files.
antivirus can detect and remove W32.Klez.H@mm
safely. Use the following link to Download
30 day trial version of Solo antivirus
remove viruses from your computer.
Solo anti-virus not only
scans for all viruses, it contains a unique System
Integrity Checker to protect you from
New Internet Worms, Backdoors and
malicious VB, Java Scripts. It also
effectively removes all existing Internet Worms,
File viruses, malicious VB, Java scripts,
Trojans, Backdoors, boot sector, partition table
and macro viruses.
purchase Solo antivirus using the link