the W32/Klez.h@mm Worm and Variants"
Klez.h also infects the victim machine with the Elkern virus which may be detected as NGVCK.a. The Elkern virus randomly infects executable files on the local machine and network shares and replaces the contents of these files with random characters to maintain the original file size. This will cause most systems to crash and at the very least destroy critical operating system files.
Users are strongly encouraged
to update their anti-virus signatures and visit the following Microsoft web
sites for the appropriate patches for Outlook and Internet Explorer 5.x:
The anti-virus software industry is aware of Klez.h and has signature files to detect and remove it from infected hosts. Full descriptions and removal instructions are located at the following anti-virus web sites:
Network Associates Inc./McAfee.com
As always, the NIPC encourages
computer users to keep anti-virus and systems software current by
The NIPC encourages recipients of this alert to report computer intrusions to their local FBI office http://www.fbi.gov/contact/fo/fo.htm or the NIPC, and to other appropriate authorities. Recipients may report incidents online at http://www.nipc.gov/incident/cirr.htm, and can reach the NIPC Watch and Warning Unit at (202) 323-3205, 1-888-585-9078 or email@example.com.