W32.Kalamar


Aliases: Virus.Win32.HLLW.Kamalar, Win32.HLLW.Kamalar, W32/Generic.b, W32/Kamalar-A 
Variants: WORM_KAMALAR.A, Worm/Kalamar.A, Win32.HLLW.Kamalar.A, W32/HLLW.Kamal.A 

Classification: Malware
Category: Computer Virus

Status: Inactive
Spreading: Slow
Geographical info: N/A
Removal: Easy
Platform: W32
Discovered: 10 Sep 2003
Damage: Low

Characteristics: The W32.Kalamar malware is a boot sector virus. Generally, viruses are program codes that have the ability to replicate themselves. This type of virus is capable of spreading via floppy disks. It is written using Microsoft’s programming language Visual Basic.

More details about W32.Kalamar

When the W32.Kalamar virus is opened in the compromised system, it will copy itself using different file names that have the txt.pif, eli, jet, gif.scr and scr file extensions. This virus infects a floppy disk’s boot sector. It will operate based on the algorithm used to implement the Windows operating system when the system is rebooted or switched. When the required memory, disk checks, etc. have been performed, the system boot program will read or fetch the boot disk’s first physical section and will transfer the control to that sector. This virus will substitute its malicious code for an application’s code that has control when the machine launches. To effectively infect the target machine, it will coerce the machine to read the memory and then pass control not to the default boot program but to its malicious code.

This virus will transfer the original boot sector to another section of the disk which is typically the first one that is empty. In the event that the W32.Kalamar virus is relatively longer than the sector, the compromised sector will then contain the virus code’s first segment while the code’s remainder will be stored in other sectors which are usually the first three. The removal of the W32.Kalamar virus will require the deactivation of the System Restore option. This is performed to hinder the operating system from creating a restore point which will include the virus and its infected files. The computer system should then be booted into the Windows prompt. Next, deleted all the related files.