Return To Home Page Search Fire Products, Services and others Design and Build a Career Contact us for customer service and other feedback info Prognet Privacy Statement

Click here to view product details, fire framework, screen shots, Y2K statement, etc.Download fire evaluation copy, updates, upgrades, user manual, free utils and lot more.Customers can enjoy technical support, security tips, FAQ, free virus alert mail, etc. Online ordering, renewal form and upgrade details.Resellers, dealers and distributors can enter here.Click here to view latest virus alerts, virus information center, virus calendar, etc.Latest news and other press releases.About Prognet Technologies Pvt. Ltd, technical team, clients, events and lot more.

 

Klez.H Worm

Information about Klez.H Worm:

                     I-Worm/Klez.H is a modified variant of original Klez.E worm and it is rapidly spreading in the wild. I-worm/Klez.H arrives as an e-mail attachment with different names. The attachments are embedded within the e-mail and it won't visible to the user.

                     When the user views the e-mail the embedded code is executed automatically and it drops the virus. Microsoft released security patches to close this security hole. If you haven't installed, you can get a copy at http://www.microsoft.com/windows/ie/download/critical/Q290108/default.asp

                     Klez.H worm also infects executable files in the system. It will encrypt and copy the original file in a random name first. Then it overwrites the original file with worm code at the top. When the original file is executed, the worm loads in the memory first and runs the original file.

                     Klez.H uses its own SMTP to e-mail infected messages. The message body will be empty or it will contain a random text. The subject will be one of the following.

Hi,
Hello,
Re:
Fw:
how are you
let's be friends
darling
don't drink too much
your password
honey
some questions
please try again
welcome to my hometown
the Garden of Eden
introduction on ADSL
meeting notice
questionnaire
congratulations
sos!
japanese girl VS playboy
look,my beautiful girl friend
eager to see you
spice girls' vocal concert
Japanese lass' sexy pictures

                     Klez.H sometimes mail the infected message with customized messsage. The message subject will be " Worm Klez.E immunity " and the message body will be
" Klez.E is the most common world-wide spreading worm.It's very dangerous by corrupting your files.
Because of its very smart stealth and anti-anti-virus technic,most common AV software can't detect or clean it.
We developed this free immunity tool to defeat the malicious virus.
You only need to run this tool once,and then Klez will never come into your PC.
NOTE: Because this tool acts as a fake Klez to fool the real worm,some AV monitor maybe cry when you run it.
If so,Ignore the warning,and select 'continue'.
If you have any question,please mail me. "

                     When executed Klez.H installs itself into Windows system folder with a random name beginning with 'Wink,' for example, 'Winxxx.exe.' Klez.H doesn't contain any dangerous payload. File deleting payload routine has been removed from Klez.H variant. So it won't damage the system. Klez.H also deletes well-known antivirus programs from the infected machine.

Removing Klez.H worm from your computer:

                     Fire has incorporated I-Worm/Klez and its variants in signature file to protect Fire users from this worm attack. Fire anti-virus users can update this signature file by using online update facility. It is available with the registered version of Fire anti-virus Kit.

                     If you are already infected with this worm, download and install security patches from the link http://www.microsoft.com/windows/ie/download/critical/Q290108/default.asp according to your Internet Explorer version. Then run Fire anti-virus to disinfect the worm infected files.

                     A free download of FireLite [ 1100KB] version is also available to detect I-Worm/Klez.H. Fire anti-virus kit removes I-Worm/Klez.H without problems. If you find this worm, use registered version of Fire to remove. To get the registered version of Fire call us at 044-28170440 or mail to service@fireav.com or purchase Fire online using

[Analysis: Mr.Ramesh, Mr. Stanley Rakesh, Prognet Technologies Pvt. Ltd, Apr. 2002]

Go to top of the page
.