need help getting rid of klez worm

i have avast4, avast virus cleaner, and windows ME. i found out which folder the virus was in with avast4 and tried to get rid of it with the virus cleaner but it didnt detect anything,it said no viruses found. 1 virus is in the windows\system folder, i got 3 in the
programs files\common files\updater folder, and 1 in the program files\common files\keenValue folder and i put them in the chest and tried to repair the files but it said cannot process C:\program files etc… i had to move them to the program files\alwil software\avast4\DATA\moved file to get on the internet cause it wont let me when they are in the virus chest. i dont know what to do, any help would be very appreciated

Hi,

Which version of Klez did avast report exactly ?

try pausing avast resident shield or booting the PC in SafeMode before running any removal Tools

other Klez-Tools are available from Symantec, bitdefender, mcafee/Stinger, F-secure etc…

Also read the Infos on your Klez-variant on avast’s virusinfo pages or the virusinfo-pages of the above sites…
And use the board search here :wink:

I recommend F-Secure’s Klez removal tool. It does a Very quick and through job.

i got 4 version,win32:klez[Wrm], win32:klez-E[Wrm], win32:klez-H[Wrm], win32:klez-UPX[Wrm]. i’ll have to try the safe mode thing before i do anything else. Where can i find F-Secure’s klez removal tool at? can you send a link? thanks all

try avast Cleaner in SafeMode first,
I’d like to know if it works then (or any error messages)

After this, Use both Tools below

FsKlez or F-Klez

F-Klez is a utility that disinfects a computer infected with Klez worm and Elkern virus that the worm drops.
To remove Klez.E, Klez.F and Klez.H worms please use the KlezTool utility below.
Download: ftp://ftp.f-secure.com/anti-virus/tools/fsklez.exe
Readme: ftp://ftp.f-secure.com/anti-virus/tools/fsklez.txt

KlezTool

The Kleztool is the utility to eliminate several variants of Klez virus-worm infection and to disinfect files infected by Klez. The utility should be used together with F-Secure Anti-Virus as this tool doesn’t disinfect Elkern.A and Elkern.B virus variants, that Klez.E and Klez.F worms drop. However the utility is able to disinfect files infected with Elkern.C virus that Klez.H worm drops.
Download: ftp://ftp.f-secure.com/anti-virus/tools/kleztool.txt
Download: ftp://ftp.f-secure.com/anti-virus/tools/kleztool.zip :wink:

To remove the Klez virus, I would also recommend our avast! Virus Cleaner. Btw, there is no need to run it from Safe mode.

Hi Igor,

this was why I recommended other tools, too

Ah, I guess I didn’t read the original post carefully enough.
In that case, I would certainly like to see these files. Can you send them?

In any case, it’s a little strange… the files cannot cause troubles when they are in Chest. The only way it could happen would be that they are important for the internet connection (i.e. they are infected system files) - but in that case, it wouldn’t help if you move them to avast! folder, instead of moving them to Chest; they would have to stay in the original location.

Btw, if the files are in Chest, they are encrypted - so in that case, avast! Virus Cleaner certainly could not find them.

Can you post the exact full (original) filenames of the infected files?

ORIGINAL LOCATION NAME
c:\windows\system cd_clint.dll
c:\program files\common files\updater delupdat.exe
c:\program files\common files\updater sui.exe
c:\program files\common files\updater wupdater.exe
c:\program files\common files\keenvalue kkv.exe

ok i tried the safe mode and it did nothing. i went to the virus data base in avast and the name that was already on it said klez, so i searched for it and 4 came up, so thats why i thought i had a klez virus, but when i looked at them in the virus chest today i found out that it said the virus was called trojan-gen.{other} on the cd_clint.dll file and trojan-gen.{vc} on the other 4 files. so does that mean i have a trojan-gen virus and if so how the hell do i get rid of them? also i kinda new to this stuff but if you want me to send the files do i just put them on an attachment in this forum or send them to you on a instant message thing?

sorry but i forgot to ask if i have to put the files back in the original location to fix them or leave them where they are now? right now they are in the
C:\Program Files\Alwil Software\Avast4\DATA\moved file so i can use the internet

Hi,

please enter
trojan-gen
into the board-search above: lots of advice there…

What does show up after a Full scan with avast ?
virus names and locations ?

:wink:

i’m pretty sure it says what i typed a minute ago. i’ll have to do it again to make sure but it will take a couple of hours

ok it says i have 4 trojan-gen.{vc} and 1 trojan-gen{other}. when i try to repair them it tells me that “an error occured during repair file, file was not repaired”

trojans can not be repaired so delete them.

i think the trojans are in my internet files, cause when i put them into the virus chest in avast i cant get on the internet. if i delete them is there anyway i can get them back without no trojans in them or have one of u send me some good files? the names of the files are on a list i posted a little bit ago

Hi,

please scan & fix with Ad-Aware, Spybot.
if that doesn’t help: scan with kAV, RAV and Trendmicro scanners and list
their findings exactly for each file/location

Links and Details you get via a thorough board search (see above) for:
trojan-gen

also see:
http://www.cexx.org/cydoor.htm
Google1
Google2
Sysinfo
Google3
Google4