1. Symantec/
  2. Security Response/
  3. W32.Klez.A@mm


Risk Level 2: Low

October 25, 2001
February 13, 2007 11:37:35 AM
Also Known As:
W32.Poverty.A@mm, W32.Klez.gen@mm

W32.Klez.A@mm is a mass-mailing email worm. It attempts to copy itself into folders on both local and network drives.

The worm exploits a vulnerability in Microsoft Outlook and Outlook Express in an attempt to execute itself when you open or even preview the message. Information and a patch for the vulnerability can be found at

The worm also inserts the virus W32.ElKern.3326. W32.ElKern.3326 can also infect W32.Klez.A@mm.

Finally, the worm executes its payload on the 13th of January, March, May, July, September, and November. The payload causes files on local and mapped drives to become zero bytes in size.

Removal tool
Symantec provides a tool to remove infections of all known variants of W32.Klez and W32.ElKern. Click here to obtain the tool. This is the easiest way to remove these threats and should be tried first.

For information about how Klez affects a Macintosh computer, read the document Are Macintoshes affected by the Klez virus?

Antivirus Protection Dates

  • Initial Rapid Release version October 26, 2001
  • Latest Rapid Release version September 28, 2010 revision 054
  • Initial Daily Certified version October 26, 2001
  • Latest Daily Certified version September 28, 2010 revision 036
  • Initial Weekly Certified release date pending
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
Writeup By: Atli Gudmundsson

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
2016 Internet Security Threat Report, Volume 21
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube