|
-
July 12th, 2002, 09:50 AM
#1
Registered User
 H.Klez quarantine or not
Running Norton AntiVirus on Win 98se. Norton has quarantine 6 cases. Should I try to clean the virus or is it ok to keep it quarantine till a good fix is found ??? 
-
July 12th, 2002, 12:22 PM
#2
Symantec has a Klez removal tool availible from their website. It works like a charm.
<a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.removal.tool.html" target="_blank">SARC</a>
-
July 12th, 2002, 12:23 PM
#3
All the info you want on it is also <a href="http://securityresponse.symantec.com/avcenter/venc/data/[email protected]" target="_blank">here</a>
-
July 15th, 2002, 08:51 PM
#4
Registered User
If you know Regedit, here is a good way to clean it out:
<a href="http://www.trendmicro.com/pc-cillin/vinfo/virusencyclo/default5.asp?VName=WORM_KLEZ.H" target="_blank">http://www.trendmicro.com/pc-cillin/vinfo/virusencyclo/default5.asp?VName=WORM_KLEZ.H</a>
Good luck, its a pain in the arse.
If you have a couple of PCs in the network, turn off all the others and do the clean one PC at a time, poweroff the clean one, then boot up the next one...
-
July 17th, 2002, 05:30 AM
#5
Driver Terrier
Which 6 files? Some files cannot be cleaned will just have to be deleted.
-
July 17th, 2002, 03:34 PM
#6
Registered User
Since you say that Norton quarantined these files, it must have the klez virus definitions in Norton, so it is unlikely the machine is infected with the virus. I would assume..and please correct me if I am wrong..that Norton quarantined these files from either email or temp files, in which case you can leave them in quarantine as long as you like, but the possibility of a clean being found for Klez is extremely remote because of the way it infects files. If these are important or system files, then your machine is already infected and you should have Elkern and possibly Wink in quarantine as well. My suggestion is, if they aren't system files, just delete them. Even if they are email, they were probably autosent by another ingfected machine, and aren't really email.
-
July 21st, 2002, 08:19 AM
#7
Registered User
</font><blockquote><font size="1" face="Trebuchet MS, Verdana, Arial, Helvetica, sans-serif">quote:</font><hr /><font size="2" face="Trebuchet MS, Verdana, Arial, Helvetica, sans-serif">Originally posted by geoscomp:
<strong>Since you say that Norton quarantined these files, it must have the klez virus definitions in Norton, so it is unlikely the machine is infected with the virus. I would assume..and please correct me if I am wrong..that Norton quarantined these files from either email or temp files, in which case you can leave them in quarantine as long as you like, but the possibility of a clean being found for Klez is extremely remote because of the way it infects files. If these are important or system files, then your machine is already infected and you should have Elkern and possibly Wink in quarantine as well. My suggestion is, if they aren't system files, just delete them. Even if they are email, they were probably autosent by another ingfected machine, and aren't really email.</strong></font><hr /></blockquote><font size="2" face="Trebuchet MS, Verdana, Arial, Helvetica, sans-serif">Thanks a bunch !!
They all say C:\WINDOWS\TEMP for the original location. The file names were cla.exe,class.bat,class.pif,to your.bat,
unknown0487.data and unknown048d.data. I did a full scan with the updated definitions of course and no virus was found. I even check the HKEY area and did not see WINK as per Norton. So I think I'm safe to say I'm not effected by the virus.
So would you say it would be ok to delete the files in quarantine ??
Thanks,
Twigs
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
Bookmarks