1. Connect your computer to the Internet and go to http://windowsupdate.microsoft.com. Click on Product Updates and download the Critical Updates and the Security Updates.
2. Reboot the computer. Do you have Microsoft Office installed on your computer? (Programs including Outlook [not Outlook Express], Word, Powerpoint, and Excel are Microsoft Office programs. If you do not have any of these, then it is unlikely that you have Microsoft Office installed.) If you do not have Microsoft Office installed, you may skip the Office Update and proceed to the next step, number 3 below. If you do have Microsoft Office installed, then connect your computer to the Internet and go to http://office.microsoft.com/ProductUpdates/default.aspx. Click on the "Go" square and download the Microsoft Office Product Updates.
3. Reboot the computer. Connect your computer to the Internet. Create a new folder at C:\antivirus, download and unzip the fix worm Klez 4.21 zip fix tool at step 1 of Automatic Removal Instructions at: http://about-threats.trendmicro.com/Malware.aspx?id=21785&name=WORM_KLEZ.H&language=en
4. Reboot in to safe mode by pressing the F8 key on your keyboard immediately when Windows starts. If it does not take the first time, reboot and until you are successful.
On Windows 95:
Restart your computer.
As soon as you see the "Starting Windows 95..." on you computer screen, press the F8 key on your keyboard. This brings up the Microsoft Windows 95 startup menu with the following items:
Normal
Logged (\BOOTLOG.TXT)
Safe Mode
Safe mode with network support
Step-by-step conformation
Command prompt only
Safe mode command prompt only
Previous version of MS-DOS
At the "Enter a choice:" line, enter the number, (3), or the number for "Safe Mode." If the database is located on a network, choose number four "Safe mode with network support" and then hit the Enter key or press the F5 key instead of 3 to go to Safe Mode. This opens Windows in Safe Mode.
To start Windows ME in Safe Mode:
Restart your computer.
As soon as you see "Starting Windows..." appear on you computer screen, press the F8 key on your keyboard. This brings up the Microsoft Windows Millennium Startup Menu with the following:
Normal
Logged (\BOOTLOG.TXT)
Safe Mode
Step-by-step conformation
Enter the number, 3, and then hit the ENTER key or press the F5 key to go to Safe Mode. Windows then opens in Safe Mode.
On Windows NT in VGA Mode or Safe Mode:
Safe mode is the method for booting into a simple system configuration on Windows 95*. VGA mode is the diagnostic mode on Windows NT.
When Windows boots into Safe mode or VGA mode, it uses basic default settings that run the operating system with minimal functionality. Meaning it loads a "bare bones operating system".
To boot in VGA Mode:
Restart your computer.
During the boot sequence, the following options are displayed:
Windows NT Workstation Version 4.00
Windows NT Workstation Version 4.00 [VGA Mode]
Choose Windows NT Workstation Version 4.00 [VGA Mode] and then hit the Enter key.
Windows NT has something that is equivalent to Safe Mode in Win95/98. It has something to do with entering a parameter in the BOOT.INI file. The instructions for this are as follows:
Change the attributes for BOOT.INI so that it is not 'Read Only.' BOOT.INI is found in the root directory of the first partition.
Open the file using Notepad or another text editor (not Microsoft Word or any word processor).
Listed under the [operating systems] section are all the Operating Systems (OSs) that the NT boot loader can launch. To create a new safe mode entry, copy one of the existing NT entries to a new line.
At the end of the new entry add "/sos" (without the quotation marks), change the description of the entry to reflect that it is in Safe Mode. Adding the "/basevideo" without the quotation marks, launches NT with the default VGA driver.
The new entry should look similar to the following:
multi(0)disk(0)rdisk(0)partition(1)\WINNT = "Windows NT Workstation Version 4.00 [Safe Mode]" /sos /basevideo
Changes take place on the next reboot.
To start Windows 2000 in Safe Mode:
Turn on or reboot your computer.
As soon as you see "Starting Windows" with a black background on your screen, press and hold the F8 key. This presents a screen with the following options to choose from:
Safe Mode
Safe Mode With Networking
Safe Mode With Command Prompt
Enable Boot Logging
Enable VGA Mode
Last Known Good Configuration
Debugging Mode
Choose Safe Mode
To start Windows XP in Safe mode:
A. Restart your computer and start pressing the F8 key on your keyboard. On a computer that is configured for booting to multiple operating systems, you can press the F8 key when you see the Boot Menu.
B. When the Windows Advanced Options menu appears, select an option, and then press ENTER.
C. When the Boot menu appears again, with the words "Safe Mode" displayed in blue at the bottom, select Safe Mode (SAFEBOOT_OPTION=Minimal) and then press ENTER.
5. Run the Fix_Klez.exe from c:\antivirus.
6. Reboot the computer after the fix tool has run. You must then start Fix-It or SystemSuite and do a deep scan (or just a scan if you have Fix-It,) and if any infected file is found, you must change the default "Action to take for this infected file" (you will see it at the bottom of the Virus Alert window) from "remove virus from file" to "delete infected file" for each infected file that it finds. Note: if the virus scanner won't run, you must reinstall SystemSuite or Fix-It, then reinstall it, run the update, and proceed with scanning your system.) *** NOTE *** If you skipped steps 1 and/or 2 for any reason, you must go back and do them now, otherwise you will still be at risk of re-infection! This completes the Klez cleaning process.
I have been infected by the KLEZ virus. What steps can I follow to remove the virus? (KB003070)
Modified on: Wed, Jun 29, 2016 at 3:40 PM
Did you find it helpful? Yes No
Can you please tell us how we can improve this article?