W32.Kakavex


Aliases: W32/Expiro-A, Virus.Win32.Expiro.f, W32/Expiro.B, W32/Expiro.A.gen!Eldorado, W32/Expiro
Variants: N/A

Classification: Malware
Category: Computer Virus

Status: Active and Spreading
Spreading: Slow
Geographical info: N/A
Removal: Easy
Platform: W32
Discovered: 10 Jan 2007
Damage: Low

Characteristics: The file infector W32.Kakavex is capable of spreading via executable files. This file infector usually infects Windows PE or portable executable files. It infects by inserting its malicious code into the PE file such that in the event that the infected file is executed, the file infector’s code will be executed as well. This type of malware may also have other capabilities such as opening backdoor access points which can permit remote hackers to control the infected machine. This malware can also steal credit card details.

More details about W32.Kakavex

The W32.Kakavex file infector will immediately infect PE files upon execution in the target machine. The infected files’ sizes will be increased to around 110,592 bytes. It will create the ‘kkq-vx_mtxl’ mutex so that only a single instance of the file is active. It then looks for PE files to compromise on drives C – Z. the malware can also keep track of the user’s Internet activity and exhibit a dialog box that will prompt the user to enter credit card details. Once the malware has gathered all the information it needs, it will send the information to a remote server. The address of the server is allegedly defined based on the infected machine’s current time. This malware can be acquired by systems who do not adhere to safe web surfing and computer practices.

A PE file infected by the W32.Kakavex is normally cleanable and can be restored to its default clean state. However, restoring infected machines will require methods other than using an antivirus program. To delete the W32.Kakavex file infector with the aid of an antivirus program, first step is to update its virus definitions. Users are also advised to close the machine’s modem connections. A whole machine scan should be performed and all files related to the malware should be removed upon detection.