W32.Klez.H@mm

The W32.Klez.H@mm worm is a modified variant of the W32.Klez.E@mm. This variant can spread by email and network shares. This worm can also infect files.

Removal tool
Symantec has provided a tool to remove the infections of all the known variants of W32.Klez and W32.ElKern. Try this removal tool first, as it is the easiest way to remove the threats.

Note on W32.Klez.gen@mm detections
W32.Klez.gen@mm is a generic detection that detects variants of W32.Klez. Computers that are infected with W32.Klez.gen@mm have most likely been exposed to either W32.Klez.E@mm or W32.Klez.H@mm. If your computer is detected as infected with W32.Klez.gen@mm, download and run the tool. In most cases, the tool will be able to remove the infection.





Fake removal tool
It has been reported that W32.Klez.H@mm may arrive in the following email message that claims to be a Symantec virus removal tool. This message is not from Symantec. Symantec neither sends unsolicited email nor distributes virus removal tools in this manner.

Subject: W32.Klez removal tools

Message:
W32.Klez is a dangerous virus that spread through email.
Symantec give you the W32.Klez removal tools

For more information,please visit http:/ /www.Symantec.com 

From: av_patch@norton.com

Attachment: Install.exe


Information for Novell users
Novell servers are not directly vulnerable, but a Novell client running under Windows can access the Novell server and execute the file from there (by using a login script or by other means), thereby, further spreading the virus.

Information for Macintosh users
For information about how Klez affects Macintosh systems, refer to the document, "Are Macintoshes affected by the Klez virus?"