Twigs
July 12th, 2002, 10:50 AM
Running Norton AntiVirus on Win 98se. Norton has quarantine 6 cases. Should I try to clean the virus or is it ok to keep it quarantine till a good fix is found ??? :rolleyes:
Click to See Complete Forum and Search --> : H.Klez quarantine or not
The Rifleman
July 12th, 2002, 01:22 PM
Symantec has a Klez removal tool availible from their website. It works like a charm.
<a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.removal.tool.html" target="_blank">SARC</a>
<a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.removal.tool.html" target="_blank">SARC</a>
The Rifleman
July 12th, 2002, 01:23 PM
All the info you want on it is also <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.h@mm.html" target="_blank">here</a>
Draggar
July 15th, 2002, 09:51 PM
If you know Regedit, here is a good way to clean it out:
<a href="http://www.trendmicro.com/pc-cillin/vinfo/virusencyclo/default5.asp?VName=WORM_KLEZ.H" target="_blank">http://www.trendmicro.com/pc-cillin/vinfo/virusencyclo/default5.asp?VName=WORM_KLEZ.H</a>
Good luck, its a pain in the arse.
If you have a couple of PCs in the network, turn off all the others and do the clean one PC at a time, poweroff the clean one, then boot up the next one...
<a href="http://www.trendmicro.com/pc-cillin/vinfo/virusencyclo/default5.asp?VName=WORM_KLEZ.H" target="_blank">http://www.trendmicro.com/pc-cillin/vinfo/virusencyclo/default5.asp?VName=WORM_KLEZ.H</a>
Good luck, its a pain in the arse.
If you have a couple of PCs in the network, turn off all the others and do the clean one PC at a time, poweroff the clean one, then boot up the next one...
NooNoo
July 17th, 2002, 06:30 AM
Which 6 files? Some files cannot be cleaned will just have to be deleted.
geoscomp
July 17th, 2002, 04:34 PM
Since you say that Norton quarantined these files, it must have the klez virus definitions in Norton, so it is unlikely the machine is infected with the virus. I would assume..and please correct me if I am wrong..that Norton quarantined these files from either email or temp files, in which case you can leave them in quarantine as long as you like, but the possibility of a clean being found for Klez is extremely remote because of the way it infects files. If these are important or system files, then your machine is already infected and you should have Elkern and possibly Wink in quarantine as well. My suggestion is, if they aren't system files, just delete them. Even if they are email, they were probably autosent by another ingfected machine, and aren't really email.
Twigs
July 21st, 2002, 09:19 AM
</font><blockquote><font size="1" face="Trebuchet MS, Verdana, Arial, Helvetica, sans-serif">quote:</font><hr /><font size="2" face="Trebuchet MS, Verdana, Arial, Helvetica, sans-serif">Originally posted by geoscomp:
<strong>Since you say that Norton quarantined these files, it must have the klez virus definitions in Norton, so it is unlikely the machine is infected with the virus. I would assume..and please correct me if I am wrong..that Norton quarantined these files from either email or temp files, in which case you can leave them in quarantine as long as you like, but the possibility of a clean being found for Klez is extremely remote because of the way it infects files. If these are important or system files, then your machine is already infected and you should have Elkern and possibly Wink in quarantine as well. My suggestion is, if they aren't system files, just delete them. Even if they are email, they were probably autosent by another ingfected machine, and aren't really email.</strong></font><hr /></blockquote><font size="2" face="Trebuchet MS, Verdana, Arial, Helvetica, sans-serif">Thanks a bunch !!
They all say C:\WINDOWS\TEMP for the original location. The file names were cla.exe,class.bat,class.pif,to your.bat,
unknown0487.data and unknown048d.data. I did a full scan with the updated definitions of course and no virus was found. I even check the HKEY area and did not see WINK as per Norton. So I think I'm safe to say I'm not effected by the virus.
So would you say it would be ok to delete the files in quarantine ??
Thanks,
Twigs
:p
<strong>Since you say that Norton quarantined these files, it must have the klez virus definitions in Norton, so it is unlikely the machine is infected with the virus. I would assume..and please correct me if I am wrong..that Norton quarantined these files from either email or temp files, in which case you can leave them in quarantine as long as you like, but the possibility of a clean being found for Klez is extremely remote because of the way it infects files. If these are important or system files, then your machine is already infected and you should have Elkern and possibly Wink in quarantine as well. My suggestion is, if they aren't system files, just delete them. Even if they are email, they were probably autosent by another ingfected machine, and aren't really email.</strong></font><hr /></blockquote><font size="2" face="Trebuchet MS, Verdana, Arial, Helvetica, sans-serif">Thanks a bunch !!
They all say C:\WINDOWS\TEMP for the original location. The file names were cla.exe,class.bat,class.pif,to your.bat,
unknown0487.data and unknown048d.data. I did a full scan with the updated definitions of course and no virus was found. I even check the HKEY area and did not see WINK as per Norton. So I think I'm safe to say I'm not effected by the virus.
So would you say it would be ok to delete the files in quarantine ??
Thanks,
Twigs
:p
windrivers.com
Copyright WebMediaBrands Inc., All Rights Reserved.
Copyright WebMediaBrands Inc., All Rights Reserved.