E-mail this

  • Home

  • Search
  • Send Comments
  • What's New
  • Hottest 25

  • Odd News
  • Glossary
  • FAQ

  • Autos
  • Business
  • Cokelore
  • College
  • Computers

  • Crime
  • Critter Country
  • Disney
  • Embarrassments
  • Food

  • Glurge Gallery
  • History
  • Holidays
  • Horrors
  • Humor

  • Inboxer Rebellion
  • Language
  • Legal
  • Lost Legends
  • Love

  • Luck
  • Media Matters
  • Medical
  • Military
  • Movies

  • Music
  • Old Wives' Tales
  • Photo Gallery
  • Politics
  • Pregnancy

  • Quotes
  • Racial Rumors
  • Radio & TV
  • Religion
  • Risqué Business

  • Science
  • September 11
  • Sports
  • Titanic
  • Toxin du jour

  • Travel
  • Weddings

  • Message Archive
Home --> Computers --> Virus Hoaxes & Realities --> Klez-H


Virus name:   Klez-H   (also known as W32/Klez-H).

Status:   Real.

Origins:   W32/Klez-H is a variant of Klez, a Win32 worm that carries a compressed version of the W32.ElKern.4926 virus which it copies to the Windows Program Files directory and executes. It then copies itself to the Windows system directory using a random filename beginning with the string "wink."

Klez-H then replicates itself by searching e-mail address books on the infected PC and mailing itself out to recipients found there, putting one of the addresses from the address book or an address from its own internal list in the "From:" field as the return address. The subject of the message is constructed using the following pattern:
  1. May be prefaced with "Hi,", "Hello," "Re:", "Fw:", or nothing at all.
  2. Begins with "A very", "A special", "Happy" or "Have a."
  3. Followed by "New", "funny", "nice", "humour", "excite", "good", "powful", "WinXP", "IE 6.0" (or nothing).
  4. Ends with "game," "tool," "website," "patch," or "Allhallowmas," "Christmas," or "Epiphany
For example, a Klez-H subject line might be "Happy New Epiphany" or "Fw: A special powful tool" or "Have a good Allhallowmas"

Klez exploits a bug in Microsoft's Internet Explorer (version 5) to infect a user's system.

See the links below for more information on how to detect and remove Klez.

Additional Information:
    W32.Klez.H@mm W32.Klez.H@mm
(Symantec Security Response)
    W32/Klez.h@MM W32/Klez.h@MM
(McAfee Virus Information Library)
    How to save your PC from virus attacks How to Save Your PC from Virus Attacks
Last updated:   28 January 2008

Urban Legends Reference Pages © 1995-2015 by snopes.com.
This material may not be reproduced without permission.
snopes and the snopes.com logo are registered service marks of snopes.com.