1. Symantec/
  2. Security Response/
  3. W32.Klez.H@mm


Risk Level 2: Low

April 17, 2002
February 13, 2007 11:38:50 AM
Also Known As:
W32/Klez.h@MM [McAfee], WORM_KLEZ.H [Trend], WORM_KLEZ.I [Trend], I-Worm.Klez.h [Kaspersky], Klez.H, W32/Klez-H [Sophos], Win32.Klez.H [Computer Associa, W32/Klez.I [Panda], W32/Klez.H@mm [Frisk]
Systems Affected:
CVE References:

The W32.Klez.H@mm worm is a modified variant of the W32.Klez.E@mm. This variant can spread by email and network shares. This worm can also infect files.

Removal tool
Symantec has provided a tool to remove the infections of all the known variants of W32.Klez and W32.ElKern. Try this removal tool first, as it is the easiest way to remove the threats.

Note on W32.Klez.gen@mm detections
W32.Klez.gen@mm is a generic detection that detects variants of W32.Klez. Computers that are infected with W32.Klez.gen@mm have most likely been exposed to either W32.Klez.E@mm or W32.Klez.H@mm. If your computer is detected as infected with W32.Klez.gen@mm, download and run the tool. In most cases, the tool will be able to remove the infection.

Fake removal tool
It has been reported that W32.Klez.H@mm may arrive in the following email message that claims to be a Symantec virus removal tool. This message is not from Symantec. Symantec neither sends unsolicited email nor distributes virus removal tools in this manner.

Subject: W32.Klez removal tools

W32.Klez is a dangerous virus that spread through email.
Symantec give you the W32.Klez removal tools

For more information,please visit http:/ /www.Symantec.com 

From: av_patch@norton.com

Attachment: Install.exe

Information for Novell users
Novell servers are not directly vulnerable, but a Novell client running under Windows can access the Novell server and execute the file from there (by using a login script or by other means), thereby, further spreading the virus.

Information for Macintosh users
For information about how Klez affects Macintosh systems, refer to the document, "Are Macintoshes affected by the Klez virus?"

Antivirus Protection Dates

  • Initial Rapid Release version April 17, 2002
  • Latest Rapid Release version August 8, 2016 revision 023
  • Initial Daily Certified version April 17, 2002 revision 002
  • Latest Daily Certified version August 9, 2016 revision 001
  • Initial Weekly Certified release date April 17, 2002
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
Writeup By: Neal Hindocha

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
2016 Internet Security Threat Report, Volume 21
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube