I am encountering almost the same situation and I can not get rid of it with my W2K. In Task Manager, it shows a programing, Winksqi.exe, using almost all of my CPU usage. When I try to run the other programs, my computer get "shut down". I tried to End Process Winksqi.exe in Task Manager, but I could not. I seached it in Seach but I was told there is no file named Winksqi.exe so that I can not even delete it. :-( Then a friend of mine tried to send me a file that was supposed may help. It was a WinZip file. When I ran the file, Winksqi.exe killed my WinZip.exe. When I tried to re-installed WinZip, it is always interrupted by something. :-( My friend sent me a program that I can End Process Winksqi.exe in Task Manager, it is still there when I re-boot my computer. It is said that it is still somewhere on my computer. Even though I can End Process it in Task Manager, my CPU usage is still high and still keep busy (System Idle Process at 98-99%) although no proceccing is runing. Sorry taking your time to read me long e-mail. I think somebody may help here since I do need my computer work properly. thanks

You, my friend have the KLEZ worm virus. It has already dropped off its virus elkern or its variants. You have to go to antivirus.com and get the kill for it. Run the program in safe mode UNTIL the virus is completely removed.

I agree. Looks like you are infected. Go here http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.h@mm.html to fix it and get some AntiVirus software on your computer.

Hi Aenyone, Thanks for your suggestion. :-) But would you please tell me how I can run the program in Safe mode? I am runing W2k. I do need you help. Thanks again. marina

Hello Glen, Thanks... I've got the FixKlez.exe already. And I ran the program under W2K. Then I got a report as follow, The W32.Klez.E@mm/W32.Klez.H@mm/W32.Elkern.3587/W32.Elkern.4926 infection removal was unsuccessful. The tool could not delete 1 viral file(s) from your PC. Please boot into VGA mode and run this tool again. Files that could not be repaired or deleted by this tool must be removed manually. Check the log file for a list of files that could not be deleted. If you need more information to assist you in performing any of the above tasks, you may search our Knowledge Base at http://www.symantec.com/search/ Here is the report: The total number of the scanned files: 51855 The number of deleted files: 4 The number of repaired files: 540 The number of viral processes terminated: 1 The number of viral services deleted: 1 The number of registry entries fixed: 0 So I think I have to run it in Safe mode? I need your guys' help. Thanks again.

If you have killed the RUN key that the Klez virus was using to start up, a simple way to clean ElKern from that last file is to get the Elkern cleaner from http://www.ravantivirus.com/ Rename the file, I choose to add .old after the .exe so that the file name is 8.3.3 (like Excel.exe.old). This allowed the ravantivirus cleaner to clean the file. Then delete the .old. You may see the icon of the file revert back to what it was. I did 167 files with it today. The only files it wouldn't clean were diskcomp.com, diskcopy.com and win.com. AVG from grisoft got infected, didn't like the cleaning so I had to reload it. Office 2k exe files didn't seem to mind (Excel, WinWord, MsAccess, Outlook). F-protect couldn't clean the ElKern.C virus, even when booting from a Win98 floppy. I found that fixKlez didn't help clean the Elkern.C infected files. Most cleaners just want to delete the infected files. That can be a BAD THING. The Ravantivirus worked great.

Hi Micheal, Thanks for your suggestion. I do need that. However, how can I killed the RUN key that the Klez virus was using to start up? You said, "rename the file". But what if I even do not know the last file's name that infected the Klez. I did go to http://www.ravantivirus.com/ and download the file. And I tried couple of times. But I am still told by FixKlez that The tool could not delete 1 viral file(s) from my PC. I need your help. Thanks... marina