Klez virus

Yesterday I was backing up my files, and I decided to backup all of my
emails in Outlook Express (even though I haven't used it in a couple
years...I use Thunderbird) by saving them in a folder. While they were
copying over, AVG said something about having Klez.

This morning the virus scan (does it every morning) said that it found
the Klez virus and...isolated? it.

I read online that it's apparently really difficult to get rid of, but I
did another virus scan and it didn't find anything. I also deleted the
file that had the email in it.

So...is it gone? Did the virus never actually load?

Thanks, I've never really had to deal with a virus, so I'm sort of in
the dark at the moment.

-Pablo

 

If your AV hasn't found it after it quarantined it, it's probably gone but
you can download a removal tool for it form here:

http://securityresponse.symantec.com/avcenter/venc/data/

LJ

 

Thanks, I'll check it out. At least this will teach me to back up more
often.

 

Alright, I downloaded it and followed the instructions thus far
(disabling system restore, disconnecting from network, etc), but I can't
get into safe mode! Online I've read that you should press F8 for Win
ME, but Dell's site says "Ctrl." I've done both, multiple times, and it
doesn't boot into safe mode.

Think it has something to do with GRUB, the boot loader (I have an old
install of Linux on a different drive)?

 

I've always used F8 on every computer I've had to boot into safe mode. I'm
sure someone can help you out in here.

LJ

 

For ME I believe you can /HOLD/ the left control key down (ctrl) during
boot and it will give you the boot menu.

 

http://vil.nai.com/vil/stinger/ and download Stinger to get rid of it and 40
others in one pass.

 

Symantec removal tools are not as good as Stinger. You need one per
infection from them and you can only run one of them at a time whereas
Stinger knows 41 and variants and gets rid of them all in 1 pass.

 

Go to your normal Windows, then Start button and Run. Type Msconfig in there
and hit enter. When that comes up go to the "boot.ini" tab and in there you
will see a tick box for "/SAFEBOOT". Put a tick in there, click OK and
restart. It can ONLY start in Safe Mode from now on. Go into safe mode, do
whatever you have to do then run Msconfig again, remove that tick and click
OK and then it boots normally again.

 

The link I posted will get rid of that virus or it can sometimes be a worm,
but it will get rid 100%.

LJ

 

The link you posted is to Symantec tools which are useless. 1 program per
infection run once at a time OR you can get Stinger, as I said and do 41 of
them and variants all at once in one pass. What makes more sense? Running
multiple Symantec tools one at a time to get rid of more than one infection
or just one program once?

 

If you know what the infection is and are certain that it is the only
infection, then the symantec tools are fine. If you know what *multiple*
infections you have, and you know that Stinger covers them, then using
Stinger is better suited to the task than the Symantec tools. If you don't
know what the infection is, then using a scanner that only catches 41
viruses and worms is not very wise anyway. The symantec tools are no more
useless than the Stinger tool is in this situation. They are both limited
essentially to infections you already know about. To use stinger, OR
Symantec you would have to be aware of what you had in the first place,
otherwise you would be stupid to only scan for 41 viruses, or one virus. And
FYI, Symantec updates it's tools when a new variant is released. For
example, their sasser removal tool, handles all known variants of the sasser
worm. The difference is in application of the tools. The tools described are
*removal* tools. That implies that you are aware of the viruses you have. If
you aren't, then you use a general purpose scanner that checks for
everything.

 

Go to the Trend Micro site...and run their Housecalls.


Have a nice week...

Trent©

Follow Joan Rivers' example --- get pre-embalmed!

 

Don't be so stupid!

LJ

 

Btw, that was meant to go under unknown's post.

LJ

 

Lloyd it would help a great deal if you quoted a bit of the posts you were
replying to.

 

Lloyd it would help a great deal if you quoted a bit of the posts you were

Will do in future.

LJ

 

That is just plain bad advice. If you have gotten ONE infection, chances are
you have MORE than one.

Nope, they are a waste of time. Stinger does 41 in one pass. Symantec crud
does one infection per program and only allowed to run one program at a
time. Complete waste of time.

 

Yep, you shouldn't be so stupid. You should quote something so we know to
whom you are replying.

 

Right - well you ARE being stupid, then, if you cant see that running one
program to take in 41 possibilities is better than 41 programs, 1 at a time.