Due to a decreased rate of submissions, Symantec Security Response has downgraded the threat level for W32.Klez.E@mm from Category 3 to Category 2 as of July 23, 2002.
W32.Klez.E@mm is similar to W32.Klez.A@mm
. It is a mass-mailing email worm that also attempts to copy itself to network shares. The worm uses random subject lines, message bodies, and attachment file names.
The worm exploits a vulnerability in Microsoft Outlook and Outlook Express in an attempt to execute itself when you open or even preview the message in which it is contained. Information and a patch for the vulnerability are available at http://www.microsoft.com/technet/security/bulletin/MS01-020.asp
The worm overwrites files and creates hidden copies of the originals. In addition, the worm drops the virus W32.Elkern.3587, which is similar to W32.ElKern.3326
The worm attempts to disable some common antivirus products and has a payload which fills files with all zeroes.
Symantec has provided a tool to remove infections of all known variants of W32.Klez and W32.ElKern. Click here
to obtain the tool.
This is the easiest way to remove these threats and should be tried first.
Note on W32.Klez.gen@mm detections:
is a generic detection that detects variants of W32.Klez. Computers that are infected with W32.Klez.gen@mm have most likely been exposed to either W32.Klez.E@mm or W32.Klez.H@mm. If your computer is detected as infected with W32.Klez.gen@mm
, download and run the tool. In most cases, the tool will be able to remove the infection.
It has been reported that W32.Klez.E@mm may arrive in the following email message promoting a Symantec removal tool. Symantec never sends unsolicited email; the attachment should be deleted.
Subject: W32.Elkern removal tools
Symantec give you the W32.Elkern removal tools. W32.Elkern is a dangerous virus that can infect on Win98/Me/2000/XP.
For more information,please visit http:/ /www.Symantec.com
Variations of this message have also been seen purporting to be removal tools for W32.Klez.
For information about how Klez affects a Macintosh computer, read the document Are Macintoshes affected by the Klez virus?
Click for a more detailed description of Rapid Release and Daily Certified virus definitions.