PDA

View Full Version : W32 Elkern removal tool or virus?



dst1512
09-08-2002, 09:48 AM
I have received a couple of e-mails with the subject "W32 Elkern removal tool" which I thought highly suspicious so I checked with the sender (a close relative) and they said they had not sent anything!! I have deleted them but I wanted to find out more and I have not found anything yet. I would like to help the sender remove any virus we may have.

NathanTheKind
09-08-2002, 10:01 AM
Make sure both you and the sender has a virus scanner, and make sure it is up-to-date, Scan your computer for viruses and remove any found. Make sure you keep the software up to date. This should keep your computer relatively clean of viruses.

:)

godfather
09-08-2002, 10:09 AM
Subject: W32.Elkern removal tools

This is one alias of the Klez virus. You did the right thing.

There is a removal tool of a similar name, but it doesnt email itself out, and the virus does use this as one of its random subject lines.

Up-to-date virus software is essential

dst1512
09-08-2002, 10:13 AM
Yes, both my sender and I run Norton Antivirus and we keep it up to date and run scans weekly. If it is a virus it still managed to get through though. Incidently the message was received on a different PC to the one I am using at the moment.
Thanks for your reply
Dave

godfather
09-08-2002, 10:35 AM
The virus protection *should* intercept it if you tried to run it.
Most likely it did not come from the person who it appeared to, but the virus used their entry in someone elses address book, and "spoofed" the address. Probably indicates it came from someone who has both of the addresses in their system, yours and theirs. And they are likely not using anti-virus software, whoever it is!

dipstick01
09-08-2002, 02:28 PM
If you want to be extra sure that you don't have the virus then run a remote virus from somewhere such as Symantec (http://www.symantec.com) which is the home site for Norton Anti Virus. The Klez virus targets your anti virus program and disables it as part of its payload so sometimes a remote scan can show problems that you didn't realise exist.