Klez Virus/Trojan - watchy (1 Viewer)

[Scott L]

Remember me? The guy who boasted about never having to run anti-virus software beccause I thought I was immune? Well a couple days ago I picked up the Klez worm, just a file named kitty.scr (screensaver) that appeared on my 2nd HD one morning. Opened it up to check it out and BOOM my computer exploded. Actually just weird things started happening.

I couldn't open the task manager (ctrl+alt+del) to check out what was running and everytime I donwloaded and installed a freeware anti-virus program the virus would shut it down right after I opened it (Yikes!). So I just ran a search and there's this program made specifically for getting rid of Klez which is free (but after I paid $35 for McAfee's online service whcih didn't work ).

So anyway I wake up today and what do ya know McAfee spots some other Klez, this time in the All Users/Documents folder. So how does it get there? Take your pick:

- I have like 10 ports open on my router (with NAT btw) for gaming (stupid EA made us open up 6-8 ports to play C&C online). Would closing most of them stop geeks from messing with my puter?

- I enabled the Guest account to share files with the other 3 computers on my home network.

- Maybe Klez is still somewhere on my computer making copies of itself?

- No firewall software running.

Even though any network guy would punch me for doing some of these things I still don't see how a person can just write files to my HD if I have that option turned off (the other computer on my network can't do that). Is it because that All Users folder has some special properties to it that alllows for more guest privilges?

Thanks for any help (and be gentle ).

EDIT: Ahh the problem was the box for "Allow Network Users to Change my Files" was checked on that folder, even though I never selected that option. Turned sharing totally off for that directory so I'll probably never see that damn Klez again... or will I???

 

[Kevin P]

Remember me? The guy who boasted about never having to run anti-virus software beccause I thought I was immune?

And what's funny is the last few virus/worm emails I've received were from people who for one reason or another had no anti-virus protection... tsk tsk...

Klez can get on your PC in two ways. One is via an email attachment, and the other is through open shares. If Klez-infected files are appearing on your PC, either it's (still) infected, or one of your other PCs on your home network are infected. You should run the Klez removal tool on ALL your PCs. Also, if you use Outlook Express with IE 5.0 or 5.5, make sure to install the IE patches so that the attachment won't launch when you open an infected email.

What ports do you have open on your router?

Symantec has a Klez removal tool you can download from here. Make sure to run it on all the computers on your network.

KJP

 

[Travis Olson]

I heard something yesterday about Korean hackers launching a cyber attack with Klez. I wouldn't be surprised if your's is from that. I run Norton AV and it has saved me a few times so far.

 

[Francois Caron]

I use the free AVG anti-virus from Grisoft. It doesn't scan all e-mails in its free version, but it does catch them when they try to execute on your computer.

If you're using Outlook Express and REALLY want to prevent potential viral Javascripts and attachments from ruining your day, disable the preview pane in the View->Layout menu option. With the preview pane active, a viral Javascript can be launched before you've even had the chance to delete the e-mail in question.