hi there guys!

system:
win98, toshiba loptop

ok heres my problem:
after i run NAV, it quarantined this to cumputer file, kernell32.exe and kdll.dll. my question is, can i delete this two file? im afraid it might affect my system.

i also got this klez.h virus but i dont know if its completly remove from my system after running its fix tool which i download from symantec site.

sometimes, my system go blank when im shuting it down and got this error message in blue screen.

hope you guys do understand what im trying to solve here.
help pls.

thank you.

...i forgot to raise this one:

error message:
"This program cannot be closed. If it is being debugged, pls. resume it or close the debugger first".

after this error, my system freeze and i can no longer shut it down. this happen om my friend Dell computer running win2000.

thank you.

Under normal circumstances we always consider reinstalling Windows a last resort only, but this is the main exception to that policy. When a virus hits, especially one like Klez, most of the time the only way to really get the system back into good running condition is to format the drive and reinstall the OS.

The problem is it can corrupt files along with infecting them, and that can't be fixed by the antivirus programs' removal utilities. You probably also have registry entries now pointing to files that have been either corrupted or deleted. The removal tools also seem to be able to corrupt the registry or maybe the files themselves, I'm not sure but quite often the virus is removed and the system is flaky until the OS is reinstalled.

Unless someone else can come up with a dependable solution, my advice is to format the hard drive and reinstall the OS. If I were the one doing it I would also repartition, just to be sure ALL traces of the virus are removed. You don't want a file sitting around somewhere on a secondary partition still containing the Klez virus, Entries in the MBR or anything else that can possibly carry it along after the reinstall.

DO NOT use any floppy disks accessed on this machine after the virus was acquired. Make a start up disk on another known clean computer, or download one from Boot Disk (http://www.bootdisk.com). Write protect it.

Do not warm boot the machine when reinstalling, shut it down for a minute or two to be absolutely positive the memory is cleared. Most viruses can place themselves in memory, so don't take any chances. Pull the plug for a minute, then plug it back in and go for it...

------------------
If your nose runs and your feet smell...
You're built upside down!
Note: Please post your questions on the forums, not in my email.

Computer Information Links (http://www.dreamwater.com/paleopete/computer.htm) has been moved, please update your bookmarks.

I second the motion.....I have even seen some recommendations to get a new hard drive after getting the klez worm, but using a zero fill utility (a program to write zeros to the entire hard drive, usually part of the drive manufacturers diagnostics pakage) should do the the trick. Then format and reinstall.

------------------
mjc
Computer Links (http://www.dreamwater.org/tech/mjc/index.htm)

Celts are the men that heaven made mad, For all their battles are merry and their songs are all sad.

Thanks Guys!

MJC where can i get this zero fill utility? are there any onther option aside from formating my drive? sometimes the loptop works fine as if theres no virus on it.

how about the error message i mentioned, are you particular with this kind of error?

again, thanks.

Kernel32.exe is a worm: badtrans, when it show up as missing then NAV caught it, if it isn't showing with the error message then it probably reinfected from somewhere on your hard drive....

kdll.dll is badtrans' keylogger.....

Now you seem to have an interesting situation...badtrans getting infected by Klez?

The wipe/zero fill utilities can be found here (http://www.bootdisk.com/utility.htm) or as part of the diagnostics from the hard drive manufacturer.

------------------
mjc
Computer Links (http://www.dreamwater.org/tech/mjc/index.htm)

Celts are the men that heaven made mad, For all their battles are merry and their songs are all sad.

...so it is ok to remove this file from NAV quarantined file? what will happen to my system after i remove this one?


kdll.dll is badtrans' keylogger.....

i dnt seem to understand what the meaning of this. can you enlighten me whats a badtrans keylogger?

thanks.

A key logger (from what I have seen and read) is exactly what the name makes it out to be. In otherwords, when you type on your keyboard a keylogger keeps a record of what you have typed. This can be a problem if you have entered in your credit card numbers, social, etc. for any type of online banking or purchasing etc. ... I think. If I am wrong you will get the correct answer shortly once somone who knows what they are talking about responds. http://www.PCGuide.com/ubb/tongue.gif

------------------
Number of fans killed: 6 (4 CPU fans, 1 Vid card fan, and 1 chipset fan)

Matt is correct, a keylogger logs everything you type into your computer, when combined with a trojan like badtrans it can then send all that info off to someone who definitely does not have your best interest at heart.

I would recommend calling all your credit card sompanies and having the cards changed, just as if you have lost them. Then I would wipe the drive (not just fdisk, but a zero fill utility to totally overwrite the drive with zeros), then reinstall (from CDs or known clean sources), possibly discard or at least quarantine all floppies made on the machine in question. After the reinstall then change all passwords, probably discard current webmail accounts (like hotmail), if you have a static IP address talk to your ISP on how to reset it.

Also grab a personal firewall program, like ZoneAlarm (http://www.zonelabs.com), and DO NOT go online without it!

------------------
mjc
Computer Links (http://www.dreamwater.org/tech/mjc/index.htm)

Celts are the men that heaven made mad, For all their battles are merry and their songs are all sad.

You might also want to warn anyone who you have been sharing files with. You could have recieved/transmitted it to or from a friend's computer and might risk re-infecting your PC again. I don't know that much about these specific viruses but when they are described as worms I assume that it will usually find a way onto other people's computers...

------------------
Number of fans killed: 6 (4 CPU fans, 1 Vid card fan, and 1 chipset fan)

Good point, Matt.

------------------
mjc
Computer Links (http://www.dreamwater.org/tech/mjc/index.htm)

Celts are the men that heaven made mad, For all their battles are merry and their songs are all sad.