Computer Services

Tel 650.548.1010
Burlingame, CA USA


Winkta.exe or Winktbd.exe

Revised on

Originally posted on July 4th, 2003

Yeah, I didn't find it either... I think I'm the only hit on this.

I looked all over the net and didn't find anything on this either. It's the KLEZ virus or a variation of it. It'll morph into other names as well that start with WINK***.exe if you try to delete it from the registry RUN key into something else.


1) Download the Klezfix.exe file from Symantec here. If they moved it you can download it from my public download page here. I would download it to your Desktop so you can find it easily. When the Klez fixer is done, it'll put a log file on the desktop that you can read to see what happened.

2) Now that you have the download fixer, you'll need to reboot in to SAFE MODE. To do this, reboot the PC and just before the Windows logo appears you must press the F8 key to bring up the Windows Boot Menu. Sometimes it's a bit of a trick, but I have found that if you tap your F8 key every 2 seconds when your PC is booting up you'll get it.

3) Now run the Klezfix.exe file from there. Running it from safe mode gets behind the worm and removes it. The report should tell you that. If it doesn't, then you have bigger problems and I suggest backing up everything and doing a CLEAN INSTALL of everything.

Every customer that has come into the shop who had this infection either went to a porn site, or downloaded one of those cute cartoons from a friend in the form of an attachment and that's how they got it.

Just to let ya know...



Links and Stuff

Symantec W32.Klez info

[ SafeMode Screen ]

[ The F8 Key ] | 1675 Rollins Road, Suite B2 | Burlingame | California | 94010 | 650.548.1010