Type: Worm

Aliases:

Symantec: W32/Klez.H@MM
Kaspersky: Email-Worm.Win32.Klez.h
Mcafee: W32/Klez.h@MM
Eset: Win32/Klez.J

System Affected:

Windows 95, windows 98, windows ME, windows 2000, windows NT, windows 2003, windows XP

Syndrome of Worm/Klez.E:

Worm/Klez.E is a worm that uses email and local networks to spread. Once launched, it may caused some following conditions:
a. Disable some security applications.
b. Lowers security settings.
c. Steals information.

1. Once launched, this worm copies itself to the following locations:
%SYSDIR%\wink%three-digit random character string%.exe
%TEMPDIR%\%random character string%%hex number%.exe

2. It may deletes the following files:
ANTI-VIR.DAT
CHKLIST.DAT
CHKLIST.MS
CHKLIST.CPS
CHKLIST.TAV
IVB.NTZ
SMARTCHK.MS
SMARTCHK.CPS
AVGQT.DAT
AGUARD.DAT
Shlwapi.dll
Kernel32.dll
netapi32.dll
sfc.dll

Remove worm:

You can utilize antivirus software to remove the worm quickly:

Norton Internet Security 2009