by
I'm just the messenger on this one. I got it out of
comp.os.vms newsgroup.
Might I add also that linux will not be vulnerable to this
new virus either.
[
VIRUS_ALERT.TXT 1K ]
"Why? I could have written the same for Macintosh/MacOS systems. It's
just that VMS and MacOS are protected by the excellence their SW
engineers put into their work.
I spent since the beginning of the week more that 16 hours to remove the
new KLEZ virus from two PCs. I got that messages which propagated the
virus, but as I use a Mac (I am an IT professional, you see :-) I just
throwed the message away.
For you information, the message was:
Subject:
WIN_$100_NOW.DOC.pif
Name: WIN_$100_NOW.DOC.pif
Type: unspecified type (application/octet-stream)
Encoding: base64
This new virus is made of two files, PE_ELKERN and KLEZ.x (I had .E) For
W98, the first one hides itself in KERNEL32.EXE and detects at each
startup (even without the starting applications disabled via msconfig)
if KLEZ is present. If you successfully succeeded to remove it via
FIX_KLEZ.COM, it reinstalls it. You have to build and use first that 6
floppy disks (more than two hours) to eradicate the thing (described
below). It also uses an ie "bug" which allows it to infect the PC even
if you do not open any email attachment (see http://www.microsoft.com/technet/treeview/default.asp?url=/technet/se...
The solution is at:
http://www.antivirus.com/vinfo/security/readme_worm_klez.g_3.10.txt