A Digital Age Deserves A Digital Leader

A Touch of Klez - or how to make a bad thing worse

A Touch of Klez - or how to make a bad thing worse

Postby Wormsworth » Wed Jan 08, 2003 1:57 am

While trying to clean up from Klez infrection, I made things worse.

After online AV scans, reinstall aps and other things, I couldn't get things stable, aps kept quitting, many notify ms of errors
I tried(among other things):

SFC /scannow
replaced a few files (I think) - no fix to the problems

XP Recovery install
And therein lies the current problem...

I lost most of my networking - no dun, can't install dial up networking and anything connected with it. Setup Internet connection on allows only Broadband (I wish) - the dialup options are shaded out.

I don't want to have to install all my program (again), my last backup is very out of date. :no
The Win98 side is also very unstable, don't know how to fix these problems. HELP


How did this thing bypass my AV Software (Panda at the time)
-Can't reinstall Panda AV anymore, went back to McAfee
What are the symptoms of Klez other than deleting *.exe files?

Again HELP!
Is there anything hidden that may start bad things starting again?
HP Pavillion 8770c (not certified for XP) Dual boot W98se, and XP-Pro SP2
AMD Athlon 850Mhz, 384M SDRam, nVidia TNT2 Vanta AGP card with 16MB SDRAM
120Gig and 400Gig HD
W98 No FW/AV
XPP AVG FW/AV
PRO Level 3
Posts: 75
Joined: Sat Jul 27, 2002 6:02 pm
Location: Minneapolis, MN

Postby Pot8oHead » Wed Jan 08, 2003 3:07 am

Hi Wormsworth,

You might want to check out this link:

http://securityresponse.symantec.com/av ... .d@mm.html

for information about klez and what it does. Sounds like nasty stuff, unfortunately. From what it says on that page, though, getting rid of it *sounds* fairly simple; just delete files that are shown as being infected. Of course, that could be quite a number of files and you may not be able to avoid formatting and reinstalling everything.

As far as how it got around your AV software; the only thing I can think of is that perhaps you didn't have up-to-date virus definitions. A lot of viruses look for and disable anti-virus programs.

Pot8oHead
Image
PRO Level 6
User avatar
Posts: 240
Joined: Thu Mar 14, 2002 10:28 pm
Location: Lethbridge, Alberta

Postby Wormsworth » Wed Jan 08, 2003 5:28 am

I think that Klez proper is removed from my system - I did enough and varied scans, the last came up clean.

How do I recover my networking - dial up settings, or just be able to create a dial up account

I Really, Really, do not want to reinstall all my programs....

Do I have to reload XP-SP1 after a recovery install?

Chuck
HP Pavillion 8770c (not certified for XP) Dual boot W98se, and XP-Pro SP2
AMD Athlon 850Mhz, 384M SDRam, nVidia TNT2 Vanta AGP card with 16MB SDRAM
120Gig and 400Gig HD
W98 No FW/AV
XPP AVG FW/AV
PRO Level 3
Posts: 75
Joined: Sat Jul 27, 2002 6:02 pm
Location: Minneapolis, MN

Postby dlt » Wed Jan 08, 2003 1:23 pm

Hi...yes, you will need to reinstall SP1:


Reinstall SP1 for Windows XP in the following situations:

After you perform an in-place upgrade (reinstallation) of Windows XP.
After you perform a repair of Windows XP.
After you use System Restore to restore your computer to a restore point that was created before you installed Windows XP SP1.
After you upgrade from Windows XP Home Edition to Windows XP Professional Edition.
I am extraordinary, I am just your ordinary
average every day sane psycho supergoddess
~Liz Phair, Extraordinary~
PROfessional Member
User avatar
Posts: 705
Joined: Mon Mar 11, 2002 11:56 am
Location: New England, USA

Postby Wormsworth » Wed Jan 08, 2003 5:18 pm

Ok, reinstall SP1 - no problems

But the big problem still remains

How do I recovery my Dial-up networking and the other networking files and wizards or whatever.
HP Pavillion 8770c (not certified for XP) Dual boot W98se, and XP-Pro SP2
AMD Athlon 850Mhz, 384M SDRam, nVidia TNT2 Vanta AGP card with 16MB SDRAM
120Gig and 400Gig HD
W98 No FW/AV
XPP AVG FW/AV
PRO Level 3
Posts: 75
Joined: Sat Jul 27, 2002 6:02 pm
Location: Minneapolis, MN

Postby Michaels » Wed Jan 08, 2003 6:13 pm

i think that you have to set up your network again, a whole new setup would help you more.if you cannot do it yourself find somebody who could look into your connection and settings.
keeping your antivirus software update is very important,it has little or nothing to do with your ''PANDA''.i had same problem using NORTON,and antirus programs protect your machine against virus they do not actually do a great job removing virus and keeping your programs and registries healthy after virus attack
PROfessional Member
User avatar
Posts: 3054
Joined: Tue Jul 23, 2002 7:00 am
Location: NL

Postby Wormsworth » Thu Jan 09, 2003 12:36 am

Maybe you miss my meaning - the program options for seting up DUN are missing. I can't configure anything but broadband - DUN settings are greyed out.

BTW I am also getting a few .exe files being deleted at random - virus scans come out clean - online and local. I try to keep the AV programs uptodate.

Reformat and reinstall is a LAST resort - there are just too many programs to reinstall. :(

Chuck
HP Pavillion 8770c (not certified for XP) Dual boot W98se, and XP-Pro SP2
AMD Athlon 850Mhz, 384M SDRam, nVidia TNT2 Vanta AGP card with 16MB SDRAM
120Gig and 400Gig HD
W98 No FW/AV
XPP AVG FW/AV
PRO Level 3
Posts: 75
Joined: Sat Jul 27, 2002 6:02 pm
Location: Minneapolis, MN

Postby dlt » Thu Jan 09, 2003 1:41 am

Just wondering...have you checked your RAM? Also, any errors and warnings in the event viewer?
I am extraordinary, I am just your ordinary
average every day sane psycho supergoddess
~Liz Phair, Extraordinary~
PROfessional Member
User avatar
Posts: 705
Joined: Mon Mar 11, 2002 11:56 am
Location: New England, USA

Postby Michaels » Thu Jan 09, 2003 10:49 am

i may have missed your point but one thing i'm sure is that the only way out, completely clean after virus attack, is to clean your drive and reinstalled-considering the seriousness of the attack.
when i had that experiece,i thought that i could patch my system,but when the system continued to develop one symptom after another i decided and format and reinstalled everything.
you should also store files in a partition so that you have things close whenever you need them.
there is possibilityt that you still have files infected in your system which your antivirus cannot and will not find and cleaned
PROfessional Member
User avatar
Posts: 3054
Joined: Tue Jul 23, 2002 7:00 am
Location: NL

Postby Wormsworth » Fri Jan 10, 2003 1:08 am

It seems that everything is working correctly (well, as good as XP could do it) except the Networking.

Here are some conditions:

New Connection Wizard\ How do you connect
(Everything is greyed out except broadband)

Internet Options\Internet Properties
(no dun or net settings)
(when trying to add)
Cannot load the remote access connection manager services
Error 711: A configuration error ... prevents this connection

Event log
RACM failed to start because it could not create buffers
Access is denied
Error 5 Access is denied

It looks like I may have to bite the bullet and do a reinstall again. :(
Is there anything (procedures) that I can do to save my settings and data to make this easier? I have hundreds of programs/patches/settings that I would have to reinstall. Is there an easy method of doing this??

All my Outlook and Outlook express files are on this drive, and it is a pain to restore and reconfig everything.

Please, is there any alternitive to reformat and reinstall? :cry:
HP Pavillion 8770c (not certified for XP) Dual boot W98se, and XP-Pro SP2
AMD Athlon 850Mhz, 384M SDRam, nVidia TNT2 Vanta AGP card with 16MB SDRAM
120Gig and 400Gig HD
W98 No FW/AV
XPP AVG FW/AV
PRO Level 3
Posts: 75
Joined: Sat Jul 27, 2002 6:02 pm
Location: Minneapolis, MN

Next

Return to Security & Virus

Who is online

Users browsing this forum: No registered users and 5 guests

cron
cron