Free Republic
Browse · Search 		News/Activism
Topics · Post Article

To: anymouse
i ran a copy of KLEZ through a binary editor and extracted the following set of strings from it...if these are activated as windows commands, this little critter will do nasty things to an infected computer...


NoFileUrl


NoFolderOptions
NoChangeStartMenu


NoWindowsUpdate
NoSetActiveDesktop

NoForgetSoftwareUpdate

NoMSAppLogo5ChannelNotify


ForceCopyACLWithFile



NoResolveTrack

NoResolveSearch
NoEditingComponents
NoMovingBands


NoCloseDragDropBands



NoClosingComponents
NoDeletingComponents



NoAddingComponents

NoComponents



NoChangingWallPaper
NoHTMLWallPaper
ActiveDesktop


NoCustomizeWebView

ClassicShell



ClearRecentDocsOnExit


NoFavoritesMenu
NoActiveDesktopChanges

NoActiveDesktop
NoRecentDocsMenu



NoRecentDocsHistory
NoInternetIcon

NoSettingsWizards


NoLogoff



NoNetConnectDisconnect

NoViewContextMenu


NoTrayContextMenu


NoWebMenu


LinkResolveIgnoreLinkInfo


NoCommonGroups

EnforceShellExtensionSecurity


NoRealMode

WinOldApp


MyDocsOnNet
NoStartMenuSubFolders


NoAddPrinter



NoDeletePrinter
NoPrinterTabs


RestrictRun
NoStartBanner


NoNetHood


NoDriveTypeAutoRun

NoDriveAutoRun

NoDrives



NoFind

NoDesktop


NoSetTaskbar



NoSetFolders



NoFileMenu

NoSaveSettings

NoClose
NoRun

35 posted on 05/01/2002 11:54:49 AM PDT by atafak
[ Post Reply | Private Reply | To 34 | View Replies ]

To: atafak; diotima
Atafak, thanks for the confirmation of 'Klez' virus creation rather than deletion.

diotima, hopefully NAV can save most of your data and wipe this filth from your machine.

37 posted on 05/01/2002 2:37:36 PM PDT by anymouse
[ Post Reply | Private Reply | To 35 | View Replies ]

Free Republic
Browse · Search 		News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson