Virus Removal - Killav/KLEZ

Hotspur

Hope someone can assist with the following.

My AVG Anti Virus software found the following virus today in

1) C:\ProgramFiles\ehc\hc2virus\WORM_KLEZ.htm

2) C:\ProgramFiles\helpcentre\EHC.zip\EHC\hc2\virus\WORM_KLEZ.htm

3) C:\ProgramFiles\helpcentre\EHC.zip

The program allowed me to move the first file to the Virus Vault but there isn’t an option to move 2 and 3 the status of which is "infected, embedded object" and
"infected, archive" respectively.

Is it ok to delete these files?


Thanks

Browntoa

try this (you want the free version)

http://www.superantispyware.com/

do a full scan

let it reboot the Pc if it asks at the end

Browntoa

if still there afterwards then follow

http://forums.moneysavingexpert.com/showthread.html?t=133269

Reluctant_spender

upload the file to virustotal where a number of anti virus sites can scan it - it will give you an idea if it is a false positive or not - https://www.virustotal.com/

Hotspur

RS: The zip file in question was too large so it wouldn't upload to virustotal unfortunately.

Browntoa: I previously ran trand housecall. Have now run superantispyware which found cookies AVG didn't find plus Spybot (nothing found) and Adaware (another tracking file) but nothing about WORM_KLEZ.

I've run out of time tonight so I'll go through the sticky thread another day.

Thanks for your posts.

Reluctant_spender

Hotspur wrote: »

RS: The zip file in question was too large so it wouldn't upload to virustotal unfortunately.

How large is it, you can e-mail them;

Sending files by email

Create a new message with scan AT virustotal.com as destination address of your email.

Write SCAN in the Subject field (write SCAN- if you do not want to distribute your sample to any AV company).
Attach the file to be scanned. Such file must not exceed 10 MB in size. If the attached file is larger, the system will reject it automatically.
You will receive an email with a report of the file analysis. Response time will vary depending on the load of the system at the time of placing your request.

Browntoa

I'm convinced it's a false alert

Reluctant_spender

Google finds nothings and neither has the other programs - I am fast forming the same opinion.

Hotspur

Reluctant_spender wrote: »

How large is it, you can e-mail them;
quote]
The zip file is 19,506KB

I am running AVG again to see if it picks it up this time.

The 2 files found previously are located in c\programfiles\helpcentre and are the EHC zip file and an EHC.APM file. Also in the help centre folder are EHC Autoplay Media Studio Indigo Rose Corporation and a Data folder with 3 small files in.

I couldn't find anything on google either so I hope you are right about the false positive although I was able to quarantine one file yesterday.

Once again thanks for your help.

Hotspur

AVG has just finished the scan and hasn't picked anything up this time.

Is it ok to keep the superantispyware program on the PC as well. I'm probably wrong but I thought that having 2 antivirus programs could cause conflict issues or is that only is they are both running? I have the paid for AVG 7 with firewall which updates/runs automatically and has worked well so far.

skiddy2k

AVG and SAS are compatable with eachother... just add each to the other's TrustedZone/Exclusions.
Yes, you're correct, its not recomended running 2 antivirus programs, but in your case, they're not both antiviruses, one's a antivirus and other other is an antispyware