Klez at it again
David A. Bandel
david
Mon May 17 11:30:48 PDT 2004
On Fri, 3 May 2002 14:25:11 -0700
begin "Philip J. Koenig" <pjklist at ekahuna.com> spewed forth:
> On 2 May 2002, at 18:24, David A. Bandel boldly uttered:
>
> > NOTE: Klez, when run, first disables antivirus software, deletes
> > signature files from common AV programs, then installs itself as a
> > service. You can't run, you can't hide, all you can do is reformat.
>
>
> Actually most major A/V vendors have written tools to remove the
> worm. Here are 2 examples, the first one also includes manual
> removal instructions:
>
> http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=WORM_KLEZ.H
> (overview)
> http://www.antivirus.com/vinfo/security/fix_worm_klez_3.11.zip (fix)
> http://www.antivirus.com/vinfo/security/readme_worm_klez_3.11.txt
> (readme)
>
>
> http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.gen@mm.html
> (overview)
> http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.removal.tool.html
>
Great, but now I'm only getting trickles. When the faucet was first
turned on, there were no programs to clean infected machines. Did you
expect folks (business users) to turn their systems off for two weeks
while the AV folks worked out a fix? Easier and quicker (and frankly
safer) to just reformat. It is Windoze after all, and needs to be
reinstalled regularly.
Ciao,
David A. Bandel
--
Focus on the dream, not the competition.
-- Nemesis Racing Team motto
More information about the Linux-users
mailing list