• Support
• FAQs
• News Flashes
• Network Status
• Access Numbers
• Contact Us

HiWAAY's FAQs

An FAQ is a Frequently Asked Question. We have listed here the question paired with the appropriate answer. If you don't find the answer to your question, please visit our customer support page or email support@HiWAAY.net.

Busy Signal Report Form: Report a busy signal.

There are currently 249 FAQs in the database.

View: By Category  All 

XYZ - The Retired FAQ Archive

Old FAQs - We've kept these older FAQs in the archive just in case someone needs the information. These archived FAQs are no longer maintained and will certainly be out-of-date and contain errors.

Question: How do I protect my computer from the Klez (W32.Klez.H@mm and W32.Klez.E@mm) Worms?

Answer:

The W32.Klez.H@mm and W32.Klez.E@mm or the Klez worms have spread far and wide across the Internet. HiWAAY Support receives about 100 - 200 emails infected with these worms every day. Both Klez worms work about the same so I'll use the common name Klez for the rest of this warning unless there is a feature that is particular to one version alone.

Klez arrives as an email. The subject, reply-to address and message are randomly generated so there's no easy to recognize pattern. About the only common pattern that I have been able to detect is that most infected email include 4 attachments. However, this is not true all the time and shouldn't be used as the only criteria to determine if an email is infected with Klez.

The worm itself is attached as an executable file and can also be infecting any of the other attached files. Double clicking on the attachments will launch the worm and infect the computer.

Sends Copies of Itself by Email:
Once the Klez worm has infected a system it will spread itself via email to all the email addresses it can cull from email, web pages and the Outlook address book and almost any other file it can find on the computer. Klez is the most aggressive worm yet for finding email addresses. It will send multiple copies of itself to every email address it finds. It will also put one of these found email addresses in the From field of the email message. This alone has caused lots of confusion, bad feelings and further spread of the Klez worm as people reply to the infected emails (some examples I've seen have been quite angry) complaining about being sent a virus. The true sender of the worm is buried in the email headers. If you are not sure how to read the full headers of an email (or if you don't know what "full headers" are), then please don't reply to the virus infected email.

Installs a Password Sniffing Trojan Horse:
The W32.Klez.H@mm worm will also install a password sniffer call ELKern that can not only capture passwords, but can infect all files on the victim computer as well as all files can be accessed across a network. (Note: This is another good reason to not use file sharing unless you need to.)

Attempts to Disable Anti-virus Software:
Last, but not least, when Klez infects a computer it disables some of the files associated with popular anti-virus applications. Anti-virus software on infected systems can not be trusted to detect and remove Klez. This is not a good thing and if your computer is infected with Klez you should plan on reinstalling any anti-virus software you normally use.

More detailed information can be found at:

• SARC
• Sophos

Prevention:
Protection of Windows based systems is easy.

1. Make certain your anti-virus software is up to date.
2. Run a personal firewall like ZoneAlarm
3. Of course, it always bears repeating, don't open attachments!

Removal:
The Klez worm is particularly difficult to remove. Symantec has released a Klez worm removal tool that can remove both the Klez.E and Klez.H worms as well as other variations of Klez. It can be downloaded for free from:

http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.removal.tool.html

If you are infected with Klez, you need to immediately download the cleaning tool and the disconnect your computer from the Internet until you have cleaned off the Klez infection. Run the tool following the instructions from Symantec. After you have run the tool and it has removed the worm, restart your computer and reinstall your antivirus software. You should then update your antivirus software and have it scan all the files on your computer.

Anti-Virus Software Update Sites:
We've included links below to some of the more popular anti-virus program and program update sites. (Note that Norton and eTrust both have built-in update tools.)

• Norton AntiVirus _Virus Definitions
• McAfee Virus Scan Updates
• Sophos Anti-virus Solution
• eTrust EZ Antivirus

New definitions are released constantly. Please check with your anti-virus vendor for the latest files.

HiWAAY does not warrant that any of the tools and patches listed above will protect or repair a system, nor can we offer support on complex task of manually removing the Klez worm and verifying system integrity.

HiWAAY Internet Services - (888) 244-9229 - 721 Clinton Ave., Suite #8, Huntsville, AL 35801

© HiWAAY Internet Services.   All Rights Reserved.

Search FAQs

Search for ..

Home Contact Us Support About Us Jobs Press Status Clinic Terms & Policies

© Copyright 2005-2009 HiWAAY Internet Services. All rights reserved.

HiWAAY Information Services dba HiWAAY Internet Services - (888) 244-9229