W32.Kan


Aliases: Virus.Win32.Invictus, Win32.Invictus, W32/Invictus.gen, Win32.Invictus.3072 
Variants: PE_KANBAN.A

Classification: Malware
Category: Computer Virus

Status: Inactive
Spreading: Slow
Geographical info: N/A
Removal: Easy
Platform: W32
Discovered: 18 Sep 2001
Damage: Low

Characteristics: The W32.Kan is a file virus that is capable of infecting every PE or portable executable file located in the Windows folder. To execute successfully in the target machine, this virus will need the invictus.dll file. The invictus.dll file is utilized by several viruses so that they can replicate effectively. This DLL file is harmless on its own but is dangerous when partnered with a virus.

More details about W32.Kan

The invictus.dll file is used by the W32.Kan virus for its functions which include TempPath and _infect_file among others. This file will import code from the imagehlp.dll (Windows file) and if this file is not present on the machine, the DLL will not work. In the event that an infected file that utilizes the invictus.dll file is executed, the DLL file will be copied to the system and the virus using it, in this case the W32.Kan virus, will be copied to the Temp folder and then run. This security risk uses the invictus.dll file primarily for its infection routine. The virus will simply transfer the name of the EEXE file to be infected to a function in the DLL which is the _infect_file. This function of the DLL is the one responsible for infecting files.

When the virus is run, it will acquire the Windows folder path and then configure it to be the current folder. It will then perform the FindFirst / FindNext loop to look for EXE files and then infect the found files. The loop will only be broken when no more EXE files can be located and when an error happens. Reportedly, the virus only corrupt some files and not infect them. To eliminate the W32.Kan’s infection, use the Search function. In the Search box, type in the filenames added by the virus as well as the W32.Invictus.dll. When located, delete all the files. You can also try downloading a reliable antivirus program.