24. april 2002 - 09:02Der er
3 kommentarer og 1 løsning
Hvad gør Klez?
Jeg har læst om, at en ny computervirus, Klez, spreder sig, og der står at man skal være på vagt, da den sletter antivirus programmerne.
Men hvad gør den mere? Hvis den nøjes med at slette antivirusprogrammerne (som jeg iøvrigt heller ikke selv har nogen af) så kan den da ikke være så slem, vel?
Description: This memory-resident variant of the WORM_KLEZ.A mass-mailing worm uses SMTP to propagate via email. The subject line of the email it arrives with is randomly selected from a list of possible choices. See Tech Details for more information.
Upon execution, this worm drops files and creates an entry in the AutoRun key of the system registry. It also infects EXE files. To infect, it encrypts (compresses) the target file and then modifies the file extension with a random name. It also modifies the attributes of the file and sets these to Read-only, Hidden, System, and Archive. Thereafter, this worm copies itself to the original filename of the infected file.
This worm makes sure that its filesize is the same with that of the infected file. To do this, it pads garbage at the end of the infected file
This worm does not perform its Antivirus Retaliation routine on machines running NT 4.0 or lower, due to an unavailability of system functions or APIs it uses to kill the antivirus-related processes
Solution: Automatic Removal Instructions
Please download and run the fix tool. Trend Micro requests that all users download and read the readme text before using this tool. Manual Removal Instructions
For Windows 95 systems: Restart your computer. Press the F8 key when you see the message, "Starting Windows 95." For Windows 98/Me systems: Restart your computer. Press the Ctrl key until your Windows 98 startup menu appears. Choose the Safe Mode option then hit the Enter key. For Windows XP systems: Restart your computer. When prompted, press the F8 key. If Windows XP Professional starts without the “Press select operating system to start” menu, restart your computer. Press F8 again after the Power-On Self Test is done. Choose the Safe Mode option from the Windows Advanced Options Menu. For Windows 2000 systems: Restart your computer. Press the F8 key, when you see the Starting Windows bar at the bottom of the screen. Choose the Safe Mode option from the Windows 2000 Advanced Options Menu. Scan your system with Trend Micro antivirus and note down all files detected as WORM_KLEZ.G. These infected files may are WINK*.EXE files. * is a random number of random characters. Click Start>Run, type Regedit then hit the Enter key. In the left panel, double click the following: HKEY_LOCAL_MACHINE>Software>Microsoft>Windows >CurrentVersion>Run In the right panel, look for and then delete these registry values. * is any random characters: ”Wink*” = ”%System%\Wink*.exe” ”WQK” = “%System%\Wqk.exe” In the left panel, double click the following: HKEY_LOCAL_MACHINE>System>CurrentControl Set>Services Under the Services key, look for and then delete this subkey: Wink* Close the Registry Editor. Restart the system. Scan your system with Trend Micro antivirus and delete all files detected as WORM_KLEZ.G. To do this, Trend Micro customers must download the latest pattern file and scan their system. Other email users may use HouseCall, Trend Micro's free online virus scanner. Since this worm uses a vulnerability in HTTP-based email clients like Microsoft Outlook and Outlook Express, please apply the latest patches: Update to Internet Explorer 5.01 SP2 Update to IE 5.5 SP2 Update to IE 6.0
Og se så at få installeret antivirus :o) Du kan også risikere at ramme andre, hvis du ikke har antivirus idet vira kan videresende sig selv fra dit postprogram !!!
Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.
Ny bruger
Nybegynder
Opret
Preview
