Every once in a while I get the following pop up:
"Virus identified I-Worm/Klez.H is found in the C:\System Volume Information\_restore{1134CBB0-31B0-483C-A4FE-D6E9E8C18928}\RP157\A0032143.exe

To remove this virus please run AVG for windows."

I have scanned with AVG and Norton and found no virus's after updating the virus definitions. Anyone have any suggestions? Thanks.

Hello Warren,
Klez Virus is a trojan virus very well known, particularity is to be able to hide itself from the program Norton from Symantec.
Here is what is saying "Trojan Remover" program about it: "This worm drops a virus (W95/Elkern.cav).Ensure you scan your system with a standard anti-virus program after Trojan Remover has disabled the Worm."
I suggest you download the program Trojan Remover at the address: http://www.simplysup.com/tremover/details.html
This program is a freeware for one month. Scan your computer as soon as possible with it...

Hello,

You need to disable system restore to viruses in _RESTORE folder. For instructions visit www.srnmicro.com/customers/resdisable.htm

Have a nice day

Thanks Imp. I have that program and it scans every time I start my computer and I still get this. Any other help? Thanks.

You, not a program, must disable System Restore to clear the _Restore files of any and all traces of the Klez virus. All the Klez virus removal tool INSTRUCTIONS include this required manual step for XP.

Listen to JackG , he is correct that you must disable the system restore utility in order to purge the virus from your system .Even though I dont have WindowsXP, Iam running Windows Me , which also has system restore. My Anti-Virus caught the Klez virus a quarantined it , I then deleted it , however a scan would show the virus still in the system restore folder ! Since I did not want to delete the folder , I went to sysmantec's web site where they had instructions posted for removing the virus from system restore by disabling it !

As I am having klez removal troubles myself
and wanted to load the fiel I found that the correct link is:
http://members.aol.com/simplysup/tremover/download.html

I will see if I get rid of the klez bug now.
Work on it since days.
Norbert Heinisch

Hello Warren,
I come back to this post again to explain how is working Trojan Remover:

"When Trojan Remover detects a trojan or worm, it attempts (if requested) to rename the file, and remove the calling reference. Where the malware detected is known to carry out other actions (create new registry keys, drop new files, alter system files etc) these changes are sought and, if necessary, corrected (again, the user would be prompted about the changes and asked by Trojan Remover if they wish to fix them).

Trojan Remover does not halt any running processes as this can be problematic. Instead, if Trojan Remover finds that it cannot take action on a file because it has a running process, Trojan Remover states it needs to reboot the system and offers to do this automatically. Once rebooted, and before Windows restarts, Trojan Remover then completes any operations it was not able to carry out before the reboot.

During a normal scan files are RENAMED by Trojan Remover rather than being deleted outright (this is to protect against the rare possibility of action being taken as a result of a False Positive - by renaming a malicious file, the file is completely deactivated, but can still be recovered if need be). Such renamed files can be manually deleted when it is confirmed they are malicious, or Trojan Remover can be set to locate these during a Drive/Directory scan (see the "Options > Files To Scan" option on the Drive/Directory scanning window for the option "Include files already renamed by Trojan Remover", which is selected by default).

Nigel."