Several aspects of this virus contribute to it's longevity and ability to remain uncontrolled or "in the wild". First, you are fighting two worms - KLEZ and Elkern. Second, the "h" variant has been mutated to include a sly piece of programming - after it steals your email address book - it takes the name of someone else and places it into the FROM line of the email. This viral contortion (called "spoofing") gives the appearance that the infected email came from someone else - NOT the person actually infected. This red herring makes it very difficult to trace - because you don't know who really sent you the email to begin with. Luckly, a qualified consultant can spot the original sender and notify them - so they stop sending infected files to you. Finally, these viruses bury themselves deep within your system and are difficult to root out. Add these all up and you have a particularly evil menace to your system.

This unruly and dangerous worm seems to be particularly prevalent here in Arizona. Problems stemming from the KLEZ virus have suddenly arisen for more than a few clients recently. You need to stay alert to this one, and if you become infected, consider having this infestation removed by a trained consultant. This one even scares me!

Description
The KLEZ virus comes as an email attachment - often from a friend or associate. Unlike many worms which came before it, this virus is hard to recognize. The designer of this code programmed up to 120 email "Subject" lines and modifies the email "FROM" line so it cannot be traced back to the actual sender. The name of the email attachment is random and even it's file extension (txt, pdf, etc) is randomized. The two most common messages within the email are a (1) a warning about the KLEZ virus and (2) a short message about a humorous game. However, there are many variations to this as well and it is difficult to identify an infected email by its message.

The only certain evidence that an email may contain the virus is that there will always be an email attachment.

Recognizing Signs of Infection

KLEZ variants will try to take out your anti-virus program, as well as other common programs such as Microsoft Office and the "Themes" feature in Microsoft Plus. If any commonly used programs begin to fail shortly after downloading an email attachment, you should suspect an infection.

The KLEZ virus is actually "tag team" affair. Not only does it do it's own damage to your computer, but it also drops the equally vicious ELKERN virus into your system's startup configuration. These malicious codes effect all contemporary versions of Windows. Any evidence of unusual program startups when you boot up - particularly a program starting with "WINK" - should alert you to a potential infection.

The h variant, which running rampant presently and appears to be very much "in the wild" here in Arizona. It spreads by email and can propogate through network connections. It is capable of infecting important windows files - particularly program "exe" files.

Preventing an infection

Any qualified consultant will tell you - an ounce of prevention is worth a pound of cure. The cardinal laws of virus safety apply here:

• Your virus scanner is only as effective as it is up-to-date. If you haven't updated, you aren't protected.

These viruses "mutate" - meaning they are changed by other hackers and the modified code is sent out again. If your scanner update is older than the mutation - your are not protected! Updates are free - don't ignore them.

• Don't open unexpected email attachments - ever! If you don't know what it is, send it back and ask the sender.

This simple email rule will protect you from many, many viruses. In some ways, they are like vampires - they can't come in unless you invite them. Since the worms steal your email address book, these devastating computer viruses often come from someone you know. Don't assume that the file is OK because it was sent by a friend.

Special Note:

In an effort to inform as many clients as possible, this virus alert has been rushed to publication. Please bookmark this page and keep an eye out for updates. I will publish virus removal information and removal tools as they become available. If you know of someone who has contracted the worm KLEZ virus, please refer them to this page. Arizona clients can call me at (602) 861-1738 for further assistance.