WORM_KLEZ.E Virus?

Keyz333 · 14-12-2009, 19:11

I seem to have this virus now ' WORM_KLEZ.E ' or something similar.

I basically cannot run quite a few applications.

I searched around the web about it, and it has been talked about a bit.

I cannot run Spybot S&D as it stops me.
I cannot System restore, as it also stops me.
I cannot run a few .exe's

I am running Avast! right now to see if it can find anything.

What is also interesting is that in my Task Manager > Processes The user name which is running ALL of my processes, is something in, what looks lines chinese(Will get screenshot if needed, later)

Anyone else had this? and have an idea how to get it of my computer.

I am running Windows 7 RC client, and I don't know if there is a way of reinstalling this either.

Thanks in advance

Quote:

These error messages may be caused by the WORM_KLEZ.E virus, or one of its variations. The executable file name "qbw32[xxx].exe" may vary, where "[xxx].exe" is a randomly generated and false executable name.

14-12-2009, 19:17

can you download malwarebytes? if its not blocked the download rename it to anythingyouwant.exe hopefully that will allow you to install and run it. What security let it in?

Keyz333 · 14-12-2009, 19:25

It's letting me run MB, I'm just about to start a scan.. I'm looking at Hijackthis too. I have Avast! running all the time, and had it since yesterday I believe. They say it gets transferred through USB, but I haven't really used any USB devices that could have. The process list is really odd though.

EDIT Hijackthis got nothing.

Toto · 14-12-2009, 19:47

Quote:

Originally Posted by Keyz333

It's letting me run MB, I'm just about to start a scan.. I'm looking at Hijackthis too. I have Avast! running all the time, and had it since yesterday I believe. They say it gets transferred through USB, but I haven't really used any USB devices that could have. The process list is really odd though.

EDIT Hijackthis got nothing.

Hijack this tends to look at Internet Explorer hooks, that is its strength, not a good AV tool though.

You could try http://vil.nai.com/vil/stinger/, that may well work as it deals with some Klez variants.

Simple program to download and run.

Keyz333 · 14-12-2009, 19:59

Quote:

Originally Posted by Toto

Hijack this tends to look at Internet Explorer hooks, that is its strength, not a good AV tool though.

You could try http://vil.nai.com/vil/stinger/, that may well work as it deals with some Klez variants.

Simple program to download and run.

I'm just running it now, will get back to you.

Toto · 14-12-2009, 20:00

Quote:

Originally Posted by Keyz333

I'm just running it now, will get back to you.

Good luck.

Handy little program to keep on a USB stick, as long as you have the most up to date version.

Keyz333 · 14-12-2009, 22:11

It seems I can't change my users in the control panel either... I was going to remove another one of my users, and can't even get to that part of it. I click 'Add or remove Users' and nothing happens.

Malware Bytes has got upto 232,000 files, and none are infected.
Stinger has been going on for ages, and still hasn't found anything that I know of.

EDIT - After running all that stuff for a while, my computer seemed to want to restart on it's own.. and since then it seems ok..

Weirdly enough..

Thankyou for your help, hopefully it will stay this way !

Toto · 15-12-2009, 05:54

Quote:

Originally Posted by Keyz333

It seems I can't change my users in the control panel either... I was going to remove another one of my users, and can't even get to that part of it. I click 'Add or remove Users' and nothing happens.

Malware Bytes has got upto 232,000 files, and none are infected.
Stinger has been going on for ages, and still hasn't found anything that I know of.

EDIT - After running all that stuff for a while, my computer seemed to want to restart on it's own.. and since then it seems ok..

Weirdly enough..

Thankyou for your help, hopefully it will stay this way !

Hmmm, restarted on its own......

There's a rather nasty root kit that forces a PC to restart on its own...

Got to www.prevx.com and download their free scanner program just to be on the safe side. It could well be that you system is OK, but its odd that so far nothing you have tried has identified the worm, and removed it.

**Stuart** · 15-12-2009, 09:37

I think a good option at this point would be to backup any data you need (not the programs), reformat and reinstall..

Keyz333 · 15-12-2009, 09:40

How do I reinstall the RC of W7..? I had Vista before, but I do not have a disk, due to it being on there already. I'm not sure if there is a way of reinstalling?

Aragorn · 15-12-2009, 10:22

You know the RC has only got a few months life left anyway? I think from 1 March it will shutdown every two hours.
Are you a full time student still? If you have an ac.uk email address you can get Win 7 Home or Pro for £30.

**Stuart** · 15-12-2009, 11:26

If he is a full time student, he may be able to download it for free through the MSDN Academic Alliance.

Keyz333 · 15-12-2009, 13:33

Nope, no longer a student, I'm at full time employment now.