W32.Kiner


Aliases: N/A
Variants: N/A

Classification: Malware
Category: Computer Virus

Status: Active & Spreading
Spreading: Slow
Geographical info: North America
Removal: Easy
Platform: W32
Discovered: 08 Sep 2006
Damage: Low

Characteristics: The virus W32.Kiner spreads by infecting executable files. At startup, it checks on computer hard disks and infects all programs it finds. It may also delete .mp3 files after the virus checks all hard disks on the infected computer.

More details about W32.Kiner

The virus W32.Kiner performs several actions when executed. It checks for the presence of the file C:\kin.txt. If the virus finds that the file exists, it does not infect executable files. It also does not delete .mp3 files. Instead, it copies the original host file in the location C:\windows\temp\ and executes it. If the file C:\kin.txt does not exist, it creates the file C:\WINDOWS\vcltasks.exe. It then adds the value "kin" = "C:\WINDOWS\vcltasks.exe" to a certain registry key. It does this to ensure that it executes every time Windows starts. The virus copies the host file in the location C:\windows\temp\ and executes it from here. The virus iterates through every .exe file that it finds on the infected computer. After checking through all disk drives, it deletes all .mp3 files that it finds.

The W32.Kiner program when installed in the system may be used to track the Web searches of the user. It may also store the Uniform Resource Locator (URL) and click-through information in a log file. The W32.Kiner application is possibly used by advertisers to track the user’s Web usage. The advertisers and vendors will then examine the log files to learn how to sell and advertise more. Some spying software may record the same information and send it to hundreds of advertisers. The W32.Kiner program is probably used to track the Web usage for commercial gains.