Win32Klez-H!

Avast Pro 4.1 found the Win32Klez-H on my PC. And for some reason it will not let me delete it! And I did a scan with another Antivirus and that did not even found a virus on my pc. What is going on here? Its the Demo version.

Thanks

see!

Try clearing your temporary internet files.

Douglas

Klez.H? that worm is very old.

Maybe gate1975 is new to avast! and his/her old av didn’t find it. ??? :o >:(

I did that but the virus is still there. How can I go right to the file and delete it?

After clearing your temp internet files, where does it say the virus is located?

Douglas

As i can se he is using CursorXP which means he has Windows 2000/XP. Just schedule Boot-Time scan. That parasite will go away without any problems with this one.

Ok I offer another solution. Try Quick Heal Worm Killer.
Avaliable at the following adress.

http://qheal.wincleaner.com/qhwkill.com file size is 80Kb

Why would he complicate if he can do with avast!'s Boot-Time scan?

oops sorry rejzor I did not see your reply :cry: ::slight_smile: :-[

You are right boot time scan is easier

On the other hand, the boot-time scanner doesn’t support many archives - I’m not sure if UPX is supported. So, the boot-time scanner may not find it.
Klez-H (or its twin Elkern-C) is a file infector… so if it’s active, I’d expect more infected files to be found on the disk. Maybe it’s just a file that was infected previously, “disinfected” later, but piece of the virus code were left in the file…

In any case, you may also try the avast! Virus Cleaner.

Lets not forget the cause of the problem this could be an exploit “Incorrect MIME Header Can Cause IE to Execute E-mail Attachment” which was patched ages ago by MS:
http://www.microsoft.com/technet/security/bulletin/MS01-020.mspx

If your computer is not patched you will be liable to reinfection, don’t keep treating the symptoms, treat the cause.

Regular visits to windows update.

Ok I was able to delete the virus now! I had to also delete the Offline content in Internet Temp files. I never knew that. Thanks for your help.

This has always been my ONE (and only) negative point with avast!

When a novice user gets a virus-warning and click remove, and then gets this “file is in use” message they PANIC !!!

OK, we all know that there is no reason to panic (the file access IS stopped), but that isn’t obvoius to a novice.

  1. avast! should give better info about what is happening.
  2. avast! should do everything possible to delete the file.

Other AV products I have used will mangage to clean/delete the file without having to boot or use a separate cleaner!

Do you mean as long as Avast found the Virus and can not delete it you are still safe from it? Why would that be? If its still oin your pc?

Thanks Lars, I fully agree with you :-[
Maybe, the web information about viruses will be wellcoming too ::slight_smile:

Yes, because even if avast! cannot delete the file it will stop the process that is trying to access the file. Then the virus will not be executed. At least this is what I’ve been told and it seems right.

But I still think avast! should tell the user this more clearly, AND again - try even harder to free/unlock the file so that it can be deleted (is there functions in Windows to clear all file-locks?)

Yes this would be nice. I hope the people who make Avast read this.

No, there certainly isn’t.