- File WinSvc.exe in System directory (with hidden attributes)
- Usually file wqk.exe in system directory (with hidden attributes)
The BitDefender Virus Analyse Team has releasead a free removal tool for this particular virus.it detects all the known Klez versions (A, B, C, D, E, G, H);
Important: You will have to close all applications before running the
tool (including the antivirus shields) and to restart the computer afterwards.
Additionally you'll have to manually delete the infected files located in archives
and the infected messages from your mail client.
The BitDefender AntiKlez tool does the following:
it deletes the files infected with Win32.Klez;
it disinfects the files detected as Elkern (A, B, C);
it kills the process from memory;
it repairs the Windows registry.
You may also need to restore the affected files.
Costin Ionescu BitDefender Virus Researcher