1. /
  2. Security Response/
  3. W32.Klez.H@mm

W32.Klez.H@mm

Risk Level 2: Low

Discovered:
April 17, 2002
Updated:
February 13, 2007 11:38:50 AM
Also Known As:
W32/Klez.h@MM [McAfee], WORM_KLEZ.H [Trend], WORM_KLEZ.I [Trend], I-Worm.Klez.h [Kaspersky], Klez.H, W32/Klez-H [Sophos], Win32.Klez.H [Computer Associa, W32/Klez.I [Panda], W32/Klez.H@mm [Frisk]
Type:
Worm
Systems Affected:
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP
CVE References:
CVE-2001-0154


The W32.Klez.H@mm worm is a modified variant of the W32.Klez.E@mm. This variant can spread by email and network shares. This worm can also infect files.

Removal tool
Symantec has provided a tool to remove the infections of all the known variants of W32.Klez and W32.ElKern. Try this removal tool first, as it is the easiest way to remove the threats.

Note on W32.Klez.gen@mm detections
W32.Klez.gen@mm is a generic detection that detects variants of W32.Klez. Computers that are infected with W32.Klez.gen@mm have most likely been exposed to either W32.Klez.E@mm or W32.Klez.H@mm. If your computer is detected as infected with W32.Klez.gen@mm, download and run the tool. In most cases, the tool will be able to remove the infection.





Fake removal tool
It has been reported that W32.Klez.H@mm may arrive in the following email message that claims to be a Symantec virus removal tool. This message is not from Symantec. Symantec neither sends unsolicited email nor distributes virus removal tools in this manner.

Subject: W32.Klez removal tools

Message:
W32.Klez is a dangerous virus that spread through email.
Symantec give you the W32.Klez removal tools


For more information,please visit http:/ /www.Symantec.com 

From: av_patch@norton.com

Attachment: Install.exe


Information for Novell users
Novell servers are not directly vulnerable, but a Novell client running under Windows can access the Novell server and execute the file from there (by using a login script or by other means), thereby, further spreading the virus.

Information for Macintosh users
For information about how Klez affects Macintosh systems, refer to the document, "Are Macintoshes affected by the Klez virus?"

Antivirus Protection Dates

  • Initial Rapid Release version April 17, 2002
  • Latest Rapid Release version June 2, 2013 revision 024
  • Initial Daily Certified version April 17, 2002 revision 002
  • Latest Daily Certified version June 3, 2013 revision 003
  • Initial Weekly Certified release date April 17, 2002
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Threat Assessment

Wild

  • Wild Level: Low
  • Number of Infections: More than 1000
  • Number of Sites: More than 10
  • Geographical Distribution: High
  • Threat Containment: Moderate
  • Removal: Difficult

Damage

  • Damage Level: Medium

Distribution

  • Distribution Level: High
Writeup By: Neal Hindocha

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report, Volume 17
Symantec DeepSight Screensaver