J'ai été sur antivirus.fr, mais j'arrive pas à le supprimer, il est dans ma boite d'éléments supprimés d'outlook, mais j'arrive pas à la vider, donc j'arrive pas à virer ce putain de vers.
 
J'ai besoin d'aide s'il vous plaît !    
 
Merci

telecharge l'outil de desinfection, lis le read me.txt et suis les instructions!
 
http://www.antivirus.com/vinfo/vir [...] ORM_KLEZ.E

j'ai essayé mais ça marche po, en plus y'a pas la soluce pour win XP !

t'as un anti virus a jour?

Salut,
 
Va à cette adresse : http://www.avp.ch, le virus fait la une et télécharge clrav.com.
 
Klez est un virus trés destructeur :
 
 
I-Worm.Klez
 
 
 
This is virus-worm virus that spreads via the Internet attached to infected e-mails. The worm itself is a Windows PE EXE file about 57-65Kb (depending on its version) in length, and it is written in Microsoft Visual C++.  
 
Infected messages have variable subjects and attachment names (see below). The worm uses an Internet Explorer security breach (IFRAME vulnerability) to start automatically when an infected message is viewed.  
 
In addition to spreading in the local network and in e-mail messages, the worm also creates a Windows EXE file with a random name starting with "K" (i.e., KB180.exe), in a temporary folder, writes the "Win32.Klez" virus in it, and launches the virus. The virus infects the majority of Win32 PE EXE files on all available computer disks.  
 
 
Start-up
When an infected file is started, the worm copies itself to a Windows system folder with the krn132.exe name. Then it writes to registry the following key to start automatically with Windows:  
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Run Krn132 = %System%\Krn132.exe  
where %System% is the name of the Windows system folder.  
 
Then the virus searches for active applications (anti-viruses, see the list below) and forces them to unload using a Windows "TerminateProcess" command:  
 
_AVP32, _AVPCC, _AVPM, ALERTSVC, AMON, AVP32, AVPCC, AVPM, N32SCANW, NAVAPSVC, NAVAPW32, NAVLU32, NAVRUNR, NAVW32, NAVWNT, NOD32, NPSSVC, NRESQ32, NSCHED32, NSCHEDNT, NSPLUGIN, SCAN, SMSS  
 
Replication: e-mail
The worm uses SMTP protocol to send e-mail messages. It finds e-mail addresses in a WAB database and sends infected messages to these addresses.  
 
The subject of the infected message is selected randomly from the following list:  
 
 Hello
 How are you?
 Can you help me?
 We want peace
 Where will you go?
 Congratulations!!!
 Don't cry
 Look at the pretty
 Some advice on your shortcoming
 Free XXX Pictures
 A free hot porn site
 Why don't you reply to me?
 How about have dinner with me together?
 Never kiss a stranger
 
The message body is the following:  
 
 I'm sorry to do so,but it's helpless to say sory.
 I want a good job,I must support my parents.
 Now you have seen my technical capabilities.
 How much my year-salary now? NO more than $5,500.
 What do you think of this fact?
 Don't call my names,I have no hostility.
 Can you help me?
 
Attached file: Win32 PE EXE file with random name, which has either an ".exe" extension or a double extension:  
 
name.ext.exe  
The worm selects the filename (name.ext) using an original routine. It scans all available drives and finds there files with the following file-name extensions:  
 
.txt .htm .doc .jpg .bmp .xls .cpp .html .mpg .mpeg  
It uses one of the found filenames (name.ext) as the base name of an attachment, then it adds a second extension, ".exe". For example, "Ylhq.htm.exe", "If.xls.exe", etc.  
 
The worm inserts its own "From:" field into infected messages. Depending on the random counter, it inserts there either a real e-mail address, or a fake randomly generated address.  
 
An interesting feature of the worm is that before sending infected messages, the worm writes the list of found e-mail addresses in its EXE file.  
 
All strings in the worm's body (messages and addresses) are stored in an encrypted state.  
 
 
Replication: local and network drives
The worm enumerates all local drives and network resources with written access and makes there its copy with a random name name.ext.exe (the name-generation routine is similar to one which is used to generate attachment names). After copying itself to network resources, the worm registers its copies on remote computers as system service applications.  
 
 
Payload
On the 13th of even months, the worm executes a payload routine, which fills all files on all available victim s'computer disks with random content. These files can't be recovered and must be restored from a backup copy.  
 
 
Other versions
There are several modifications of this worm. I-Worm.Klez.a-d are similar, and have minor differences.  
 
 
Klez.e
 
Installation
The worm copies itself to the Windows system directory with a random name that starts from "Wink", i.e., "Winkad.exe".  
 
 
Infection
The worm searches several registry keys for links to applications:  
 
Software\Microsoft\Windows\CurrentVersion\App Paths  
Then the worm tries to infect EXE applications that it finds. When infecting an EXE, the worm creates a file with the same name and random extension and also hidden+system+readonly attributes. This file is used by the worm to run the original infected program. When the infected file is run, the worm extracts the original file to a temp file with the original filename plus 'MP8' and runs it.  
 
The worm infects RAR archives by copying itself to archives with a randomly generated name. The name of the infected file is selected from the following list:  
 
setup
install
demo
snoopy
picacu
kitty
play
rock
 
 
and has either one or two extensions, where the last one is ".exe", ".scr", ".pif" or ".bat".  
 
 
Replication: e-mail
The subject of the infected message is either selected from the following list or is generated randomly:  
 
 Hi,
 Hello,
 Re:
 Fw:
 how are you
 let's be friends
 darling
 don't drink too much
 your password
 honey
 some questions
 please try again
 welcome to my hometown
 the Garden of Eden
 introduction on ADSL
 meeting notice
 questionnaire
 congratulations
 sos!
 japanese girl VS playboy
 look,my beautiful girl friend
 eager to see you
 spice girls' vocal concert
 Japanese lass' sexy pictures
 
The worm can also generate the subject of the message from the following strings:  
 
Undeliverable mail--%% Returned mail--%% a %% %% game a %% %% tool a %% %% website a %% %% patch %% removal tools  
Where %% is selected from the following list:  
 
new
funny
nice
humour
excite
good
powful
WinXP
IE 6.0
W32.Elkern
W32.Klez
 
 
The body of the infected messages is either blank, or has randomly generated contents.  
 
Attached file: a Win32 PE EXE file with a random name, which has either an ".exe" extension or a double extension.  
 
The worm uses an IFrame security breach to launch automatically when an infected message is viewed.  
 
 
Payload
On the 6th of odd months, the worm executes a payload routine that fills all available files on a victim's computer in local and network disks with random content. These files can't be recovered and must be restored from a backup copy.  
 
 
Other
The worm scans for the active processes that contain the following strings, and terminates them:  
 
Sircam  
Nimda
CodeRed
WQKMM3878
GRIEF3878
Fun Loving Criminal
Norton
Mcafee
Antivir
Avconsol
F-STOPW
F-Secure
Sophos
virus
AVP Monitor
AVP Updates
InoculateIT
PC-cillin
Symantec
Trend Micro
F-PROT
NOD32

Ayé je l'ai viré ce putain de virus