Advice sought about the removal of Klez.H.

  • Thread starter Thread starter Reg Mouatt
  • Start date Start date
R

Reg Mouatt

Have just discovered, via AVG Free, that a friend has this virus on
her PC. Cannot find on the AVG site how to remove this but have
discovered an article and download on Symantec dealing with this.
Before I attempt removal is there anything learned from your
experience that I should do.
Thank you.
Reg
 
Have just discovered, via AVG Free, that a friend has this virus on
her PC. Cannot find on the AVG site how to remove this but have
discovered an article and download on Symantec dealing with this.
Click to expand...

In addition to following Symantec instructions, your friend needs to turn off the M$ "services"
that leave the computer exposed to malware, to prevent reinfection.

Assuming the operating system is eXtra Patch.

For a computer that is connected to the internet only (i.e. not on a local area network),
turn off file sharing in the M$ client and turn on the firewall. See
http://www.cablemodemhelp.com/xpsurvivalguide.pdf

For a computer that is on a local area network, as well as having internet access,
un-bind TCP/IP from both File and Printer Sharing and Client for Microsoft Networks. See
http://www.pcurtis.com/network-xp.htm

Also have your friend take a look at http://www.claymania.com/safe-hex.html, and be sure
all of the latest extra patches are applied, as they become available. Check very frequently.

Regards, Dave Hodgins
 
In addition to following Symantec instructions, your friend needs to turn off the M$ "services"
that leave the computer exposed to malware, to prevent reinfection.

Assuming the operating system is eXtra Patch.

For a computer that is connected to the internet only (i.e. not on a local area network),
turn off file sharing in the M$ client and turn on the firewall. See
http://www.cablemodemhelp.com/xpsurvivalguide.pdf

For a computer that is on a local area network, as well as having internet access,
un-bind TCP/IP from both File and Printer Sharing and Client for Microsoft Networks. See
http://www.pcurtis.com/network-xp.htm

Also have your friend take a look at http://www.claymania.com/safe-hex.html, and be sure
all of the latest extra patches are applied, as they become available. Check very frequently.

Regards, Dave Hodgins
Click to expand...

Thanks for that Dave,
For some reason the
http://www.cablemodemhelp.com/xpsurvivalguide.pdf
link produces a blank document. Have understood your advice re turning
of file sharing etc. and will check that out. The other links are good
advice.
Kind regards,
Reg
 
Thanks for that Dave,
For some reason the
http://www.cablemodemhelp.com/xpsurvivalguide.pdf
link produces a blank document. Have understood your advice re turning
of file sharing etc. and will check that out. The other links are good
advice.
Kind regards,
Click to expand...

To complete the story, ran the Symantec programme which found the PC
not infected, re-ran AVG which found the infected file titled 52.zip
in the AOL 5 folder but as it had not been opened and the PC
uninfected, simply deleted it to the Recycle bin and deleted it again
from there.
Explains why AVG did no more that notifying of its existence.
Reg
 
Reg Mouatt said:
To complete the story, ran the Symantec programme which found the PC
not infected, re-ran AVG which found the infected file titled 52.zip
in the AOL 5 folder but as it had not been opened and the PC
uninfected, simply deleted it to the Recycle bin and deleted it again
from there.
Explains why AVG did no more that notifying of its existence.
Reg
Click to expand...

That is the first I have heard of Klez.h in a zip file. I would have
suspected a false positive detection by AVG and gotten more
opinions from other scanners.
 
That is the first I have heard of Klez.h in a zip file. I would have
suspected a false positive detection by AVG and gotten more
opinions from other scanners.
Click to expand...

You may well be right. This is the first time I have had to deal with
something like this and will have to put it down to experience. Thanks
for the info about false positives.
Reg
 
That is the first I have heard of Klez.h in a zip file. I would have
suspected a false positive detection by AVG and gotten more
opinions from other scanners.
Click to expand...

AOL automatically zips 2 or more attachments, and Klez often includes
a graphic.

Carol
 
Back
Top