How to eliminate Virus W32.Klez.E@mm
Bill Biega's

Biega Home Page

Computer Help
Special characters, colors.
East Europe
Cities, Countries, Info.
Genealogy, History Essays
Cities, Countries, Historical
Museum AK
Museum of Polish Home Army   New!
Photo Gallery
Places I visited

all over the world
Syrena Press
13 Is My Lucky Number
Learning LINUX

In Association with
Contact us by Email


The Internet has changed our world. We can all communicate by e-mail easily, quickly and inexpensively with one another - to share news and information - to provide assistance in case of trouble - or just to pass the time of day. More important, information on almost any subject is at our fingertips.

Unfortunately this very ease of communication has also made these two annoyances, scam mail and viruses, easy to spread by malicious people. These trouble-makers, generally young people, seem to find great amusement in breaking into web sites, causing damage to data files and spreading viruses to unsuspecting people using stolen address files. As far as I am concerned the book should be thrown at them when they are caught. The proper punishment, in my opinion, is not incarceration but public service performing menial tasks such as picking up garbage from the streets and highways, for periods up to three months.


NEVER open attachments to an email from an address that you don't recognize. Viruses are normally contained in attachments such as .exe files, although they can be attached to other files, particularly Microsoft files such as .doc.

Install an Anti-virus program (such as Symantec Norton Anti-virus or the equivalent from McAfee) on your computer and set it up to automatically delete ANY incoming file that might be contaminated. The money you spend on such programs is cheap insurance!
In addition sweep your computer regularly, just in case something gets through. Further update your Virus Data files on a regular basis (at night because it takes about 30 minutes to download them).

I have also been troubled by the excessive amount of Spam mail. There are programs to help you reduce it - you can never eliminate it 100%. (and several other e-mail services) provides this service for all users of their email service. It automatically eliminates all emails that have words, that you select, in the header. For example I set it up to eliminate any e-mails with the words "money, sex, loan", and similar words which I found in the headers of annoying mail that I received over a period of a couple of weeks. This reduced the amount of annoying e-mail from nearly three dozen a day to just a couple.


None of my data files were affected or damaged in the disaster described in the next section. This is one advantage of splitting up your hard drive into separate drives. I keep my application files (other than Windows) in one drive, all my data files in another. Use Partition Magic to do this. Several years ago, something happened to Windows (perhaps a virus, I don't know the reason). I was obliged to delete all Windows programs in Drive C: and reinstall. I did not lose a single application or data file - if they had been on Drive C: they would have gone too.

HOW I ELIMINATED W32.Klez.E@mm (A case history)

My computer was infected with this vicious virus from email supposedly sent by - that I opened on April 3, 2002
The same day I received a number of other emails that looked suspicious which I deleted right away. A couple of them appeared to be from friends with whom I had recently corresponded.
The evidence of infection is when opening Windows a message appears, saying "file xxx.exe cannot be loaded. Memory full. Delete open programs and try again": However, clicking on "OK" makes message go away. However all other programs load slowly, and keep freezing.
I downloaded the latest version of Symantec (Norton) Anti-virus and scanned. However the Scanning program kept freezing, without the usual messages appearing.

I rebooted with my Rescue diskette in drive A:, then ran Norton Navdx.exe which I had on the Norton Rescue diskette.
From A: type: " navdx c:/delete " (to scan and delete any infected files)
You get message "Loading VAVDX, please wait..." then: "Using virus definitions from C:\...~1\common~1\Symantec~1\virus~1\followed by a number"
Very soon the message appeared: " C:\windows\system\winkyo.exe is infected with virus W32.Klez.E@mm . File is write protected. Cannot delete."
Later a series of messages appeared: "c:\windows\temp\xxxxxxx.exe is infected with virus W32.Klez.E@mm." The xx xx kept changing, and the infected files were deleted. I recognized them as being the names of the files that had appeared each time I had rebooted Windows.
Then to my surprise, the names of several Norton Antivirus files appeared with the same message. Apparently they had been infected during the abortive attempt to sweep the computer clean.
Finally the report appeared: "Scanned drive C: 26,890 files, 22 infected, 21 deleted" All attempts to delete "winkyo.exe", whether in Windows or in DOS under Windows, were in vain. Always the message "Access denied. This file is in use by Windows".

I rebooted once more from the rescue diskette, and while in DOS, removed the read-only and hidden and systems attributes with the DOS command:
"A:\> attrib -h -r -s C:\windows\system\winkyo.exe"
Finally I was able to delete the file with the command:
"del C:\windows\system\winkyo.exe"

Now I swept the C: drive once more with "navdx"
The offending "winkyo.exe" file no longer appeared, but the one attempt to reboot Windows, before it had been deleted, had spawned a new c:\windows\temp\xxxxxxx.exe file, this in turn was deleted.
I thought the computer was now clean, but later in the day, when I started Uedit, the same message, about an xxxx.exe file being unable to load because memory is full, appeared.

The whole procedure was repeated. This time I swept all drives, and found 18 infected files on the drive where I keep all my application programs.
After deleting all the infected files, I made one more sweep of all drives on my computer and now I found everything clean.

Return to Top of page.

Return to Home Page.
Copyright © 2002 B. C. Biega. All rights reserved.

Last update May 2002