Results 1 to 4 of 4

Thread: Klez recovery

  1. #1
    3 Star Lounger
    Join Date
    Jan 2001
    Location
    Calgary, Alberta, Canada
    Posts
    283
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Klez recovery

    Hello all:

    My poor sister in law in Vancouver called me today for some familial assistance because her computer was slowing to a crawl. I remotely accessed her machine and took one look at her Task Manager - Klez. Her Norton hadn't been updated in eons and had expired, so I used Trend Micro's House Call tool to confirm the virus' presence and delete around 207 files. Of course, in that number of infected .exe's were probably most of the useful things on her computer - she's lucky that the bucket of bolts even boots now. I tried to instruct her on using regedit to delete the Klez registry keys, but regedit's gone too.

    It looks to me like an OS reinstall is the only option. The bucket's a Dell, so it has the Dell W2K System Restore CD. My question to the collective is whether using the Dell disc will be a sufficient measure to rid the bucket of the virus (i.e. is the registry completely erased, does the virus exist anywhere else in a file other than the infected .exe's), or will traces remain that can only be eradicated with a reformat and reinstall from scratch? (I'm hoping for the former, because there's no way she could do the reformat by herself.) <img src=/S/drop.gif border=0 alt=drop width=23 height=23>

  2. #2
    Super Moderator
    Join Date
    Dec 2000
    Location
    Renton, Washington, USA
    Posts
    12,560
    Thanks
    0
    Thanked 4 Times in 4 Posts

    Re: Klez recovery

    It should work, but she should NOT do a repair but a CLEAN install, to get rid of all of the KLEZ and what ever else that will be hanging around.

    Now running HP Pavilion a6528p, with Win7 64 Bit OS.

  3. #3
    Gold Lounger
    Join Date
    Dec 2000
    Location
    New Hampshire, USA
    Posts
    3,386
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Klez recovery

    Go to the SARC or Trend Micro, or other sites, and see whether they tell you how to fix the virus, i.e., which files to remove/replace, and which Registry entries to fix. You need to know exactly which variant of Klez has attacked the computer.

    Then immediately do a hard reboot by powering down to rempve any memory resident critters.

    When the system reboots, see if things seem to be working.

    If you are CERTAIN that you have a backup from BEFORE the infection, you can restore from the backup.

    Note: If you cannot find out how to fix the critter, then you will indeed have to restore from the last known good backup from BEFORE the system was infected. But make sure you do the hard reboot to clear memory.

  4. #4
    3 Star Lounger
    Join Date
    Jan 2001
    Location
    Calgary, Alberta, Canada
    Posts
    283
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Klez recovery

    Howard, I guess the problem is that the Windows installation is going to have to be repaired in any event, and I now lack the tools (i.e. Regedit) to manually remove all traces of Klez from the computer.

    Backup? That's a good one. Ever hear of someone that doesn't update their anti-virus definitions but does thorough backups?

    DaveA, thanks for the vote of confidence. We'll give it a go.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •