Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

HELP Klez

0 views
Skip to first unread message

BigInfo

unread,
May 12, 2002, 4:36:55 PM5/12/02
to
Hi Dudes,
Some Klez virus have fuck my xls and doc files.
I have clean the virus, but the files are damage.
They have all the same text, but they have diferent sizes and names. How can
hi fix those files ????

Thanks folks,


Something like this:

" run in DOS mode.

"$r\ú 6="_6="_6="_X""?_4="_6=._:="_T""?_4="_\!-_""="_ì;'_7="_6="_;="_Rich6="
_PEL Ô<6à "
@ Áô ° P0° ? x.textN `.data@
@À.rsrc° 0 0@@­w÷¿/ ú¿ u÷¿kQø¿mà÷¿ +ù¿ w÷¿¨m÷¿HIø¿DQx:Qx,» xĽx:ÓxJQxy#xèÄx"
³ x¢Âx* x³Âxo: xB<x¸ÿxÔ5ùu84ùuz5ùuÔ<6 4Ô<6 P Ô<6 Àå½ÿWMI: WmiRunService
failed %d
WMI: RspApi not loaded
RegisterServiceProcessWMI: Kernel32 not loaded
Kernel32WMI: WmiInitializeService failed %d
WMI: Previous instance of WMIEXE running, exiting...
WMI: Couldn't create WMI_UNIQUE_EVENT_NAME %d
"WMI_UNIQUE_EVENT_NAMEÿÿÿÿò U<ìQSVW3ÛhÜ Sj Sÿ ;Ã?Eüu&ÿ 8 0
<ð " Vh¬ è"
" YYéýÿ =·u#ÿuüÿ 8 0 t ht èÞY3ÀéÏè <= <ð;ót 8 0
"«VhL è®YYéTÿu ÿ 8 <ðY;ót"
"Vÿ Vÿ×h@ ÿ ;Ãu 8 0 t,h$ ë h Pÿ <ð;óu 8 0
t hô èKYÿ ë;j ÿ PÿÖÿu Sèu <ð;ót 8 0 t"
VhÔ è YYèO ÿuüÿ×<Æ_^[ÉÂ U<ì ì E P .üÿÿÿu h Pÿ X fÄ .üÿÿPÿ ÉÃÌU<ìjÿhø
h d¡Pd?%fÄ~SVW?eèÇEüj ÿ , fÄ Ç 4 ÿÿÿÿÇ 8 ÿÿÿÿÿ ( <
, ? ÿ < < ( ? ¡0 < ?
< èv ¡ .Àu hp ÿ 4 fÄ è* h h è fÄ < $ ?U" E"P<
" Q UoR E P M Qÿ D fÄ h h
èÖfÄ < H <2?uO?>"" .¨F?uOS "Àt <""uò?>""u F?uOS "Àt"
< w F?uOëðÇEÐ E¤Pÿ öEÐ t
<EÔ%ÿÿë ¸
"PVjjÿ Pè*ýÿÿ?E~Pÿ L ë""<Eì< <" ?M^PQè=fÄ Ã<eè<U^Rÿ T fÄ ÇEüÿÿÿÿ<Mðd?
"_^[<å]Ã?>
?fÿÿÿF?uOëñ ÿ%P ÿ%@ ÌÌÌÌh h è7fÄ Ã 3ÀÃ Ã
ÿ%` ÿ%\ ÿ%p ÿ%h ÿ%l ÌÌ( 8eª;x: ( ³Â 7ÿÿÿÿò h >éh7ÿÿÿÿB h à Ê º
ª o | j T æ Ò x ö Æ ¶ ¬ ¤ - Z ? F & * : atoiÞ _vsnprintfÐ_exitH_Xc
ptFilterF exit _acmdlnX__getmainargs _initterm,__setusermatherr>_adjust_fdi
vi__p__commoden__p__fmode?__set_app_typeÇ_except_handler3MSVCRT.dll´_control
fpøGetCurrentProcessId> GetProcAddress& GetModuleHandleAe SetEvent CloseHand
le GetLastError1CreateEventAõ OutputDebugStringAP GetStartupInfoAKERNEL32.d
llWmiDeinitializeService WmiRunService WmiInitializeServicewmicore.dll ÿÿÿÿÿ
ÿÿÿ ? 0? "
H`0P P 4VS_VERSION_INFO½ ïþ Û Û ? ° StringFileInfoO 040904B0L Com
panyNameMicrosoft CorporationX FileDescriptionWMI service exe
housing8 FileVersion5.00.1755.1. InternalNamewmiexet( LegalCopyrightCopyri
ght (C) Microsoft Corp.
1981-1998> OriginalFilenamewmiexe.exex, ProductNameMicrosoft(R) Windows
NT(R) Operating System< ProductVersion5.00.1755.1D VarFileInfo$ Translation
° "


Nick FitzGerald

unread,
May 12, 2002, 6:18:33 PM5/12/02
to
"BigInfo" <big...@mail.telepac.pt> wrote:

> Some Klez virus have fuck my xls and doc files.
> I have clean the virus, but the files are damage.
> They have all the same text, but they have diferent sizes and names. How can
> hi fix those files ????

Klez overwrites critical parts of these files internal structures.

You "fix" such files by restoring them from your most recent backups.


--
Nick FitzGerald


Robert Green

unread,
May 12, 2002, 7:12:14 PM5/12/02
to

"BigInfo" <big...@mail.telepac.pt> wrote in message
news:abmjpj$tk7$1...@venus.telepac.pt...

> Hi Dudes,
> Some Klez virus have fuck my xls and doc files.
> I have clean the virus, but the files are damage.
> They have all the same text, but they have diferent sizes and names. How
can
> hi fix those files ????

Nick is correct. Klez damages these files in a way that renders them
unrecoverable.

But there may be deleted autorecovery and other temp copies of a few of the
destroyed files, especially the docs, lying around on your hard disk in a
recoverable condition. If your files were stored on a FAT partition
try the lost Word doc extractor (called lasrlite) found at
http://personal.atl.bellsouth.net/~lasrpro.

If you try that, please post back and let us know what happens.

Bob

Robert Green

unread,
May 13, 2002, 12:12:12 AM5/13/02
to

"Anonymous" <nob...@remailer.privacy.at> wrote in message
news:93cfce83e998967d...@remailer.privacy.at...
> In article <abmspt$jmjre$1...@ID-79537.news.dfncis.de>
> "Robert Green" <las...@bellsouth.net> wrote:
>
> Any particular instructions for XP users?
>

You'll need to boot the XP machine from a DOS system floppy containing a
copy of lasrlite.exe. Then you can scan your FAT (but not NTFS) partitions
from the floppy.

Bob

John Smith

unread,
May 13, 2002, 6:54:45 AM5/13/02
to
But I use every antivirus tool and they don't work.
I have already open this files in Linux, and this files actualy have those
Hex, bull text .

BigInfo

"Robert Green" <las...@bellsouth.net> wrote in message
news:abnecc$j9f3t$1...@ID-79537.news.dfncis.de...

0 new messages