Roedd gen i feirys wythnos ddwytha. Mae'n bosib i mi heintio unrhyw un yn fy llyfr cyfeiriada. Nid tynnu coes ydw i. Well i chi ddarllan y llith sy'n dilyn - sorri na does yna ddim cyfieithiad Cymraeg ohono!
 
I had a virus last week. It's possible I could have infected anyone in my address book. This isn't a hoax - please read on.

This email is all about how to get rid of it.

The bug is called W32.Klez.gen@mm and has the following variants: W32/Klez.e@MM, WORM_KLEZ.E, Klez.E, W32/Klez-E, Win32.Klez.E, I-Worm.Klez.E, W32.Klez.H@mm plus others.

It is a mass-emailing worm that copies itself into network shares.  The worm uses random subject lines, message bodies and attachment file names.  It disables the Registry Editor, Internet Options and makes changes to your system.ini and win.ini files as well as to a number of others.  It also disables some common antivirus products which is why your antivirus programme cannot "see" it. 

Some variants of this worm use a technique known as "spoofing." If so, the worm randomly selects an address that it finds on an infected computer.  It uses this address as the "From" address that it uses when it performs its mass-mailing routine.  Numerous cases have been reported in which users of uninfected computers received complaints that they sent an infected message to someone else.

For example, Linda Anderson is using a computer that is infected with W32.Klez.E@mm; Linda is not using an antivirus program or does not have current virus definitions.  When W32.Klez.gen@mm performs its emailing routine, it finds the email address of Harold Logan.  It inserts Harold's email address into the "From" portion of an infected message that it then sends to Janet Bishop.  Janet then contacts Harold and complains that he sent her an infected message, but when Harold scans his computer, Norton AntiVirus does not find anything--as would be expected--because his computer is not infected.

If you are using a current version of Norton AntiVirus and you have the most recent virus definitions and a full system scan with Norton AntiVirus set to scan all files does not find anything, you can be confident that your computer is not infected with this worm.

When the worm is executed, the bug installs a file into your c:\windows\system folder which is called winkga.exe or variations on this name such as winkdga.exe for example.  You can't delete it, move it, copy it or rename it either from within windows or base dos and if you do think you've succeeded in doing so, it returns.

The only way to get rid of this problem - other than formatting your hard drive) is to run the following procedure:
Log on to the internet and go to:
[log in to unmask]" eudora="autourl">http:[log in to unmask]
Read the information.
Symantec (Norton) has provided a tool to remove infections of all known variants.  Click here to obtain the tool.  (The full URL is:
http://securityresponse.symantec.com/avcenter/venc/data/pf/w32.klez.removal.tool.html )
Once this new page is on-screen, the URL to look for, halfway down the page, is:
http://securityresponse.symantec.com/avcenter/FixKlez.com
This is the easiest way to remove these threats and should be tried first.  In most cases, the tool will be able to remove the infection.
When the file (removal tool) has been downloaded to your hard drive, disable your antivirus programme, reboot the pc into safe mode, run the file - FixKlez.com - and reboot again into normal mode.  Then re-activate your antivirus programme, make sure you have the latest up-to-date virus definitions installed and run a full (all-files) scan again.
Check the c:\windows\system folder and look for winkga.exe or its variations.  It should not be there anymore.

All the above refers to Norton which is the antivirus programme I have, running with Internet Explorer v5.5 on Windows 98 2nd edition.

If you use McAfee antivirus, details can be found at:
http://vil.mcafee.com/dispVirus.asp?virus_k=99455
but I would imagine the procedure is similar.

In either case, please get in touch with your IT Support section.