Aliases: Lobekad!inf
Variants: CC/Agent.GP

Classification: Malware
Category: Computer Virus

Status: Dormant
Spreading: Slow
Geographical info: Europe, Asia, North America
Removal: Easy
Platform: W32
Discovered: 08 May 2007
Damage: Medium

Characteristics: This type of malware is a generic detection virus which has been established by many computer security experts as capable of targeting specific executable files in the infected computer system. The W32.Lobekad!inf particularly targets the executable file for the Windows Explorer which may result in the failure of the system tool to launch. The infection routine delivered by this malware modifies the codes used by the Windows Explorer executable file.

More details about W32.Lobekad!inf

Consistent with the common characteristics of most viruses, the W32.Lobekad!inf can infiltrate a vulnerable computer system through a number of methods that range from spiked email messages to background downloading from malicious websites. Some reports infection attribute the presence of the W32.Lobekad!inf from an earlier malware that has entered and compromised the machine to lower its security settings. Upon execution of this malware it will immediately search the contents of the hard drive to locate the executable file of the Windows Explorer process. The W32.Lobekad!inf will modify the actual codes which can result in the failure of the service to execute or further the infection at every launch. It attempts to hide its presence from the process list of the infected computer system.

After the W32.Lobekad!inf has successfully installed its executable file it will continue by creating and launching a Dynamic Link Library file. This Dynamic Link Library file is normally stored in a subfolder of the directory used by the operating system. This file created by the W32.Lobekad!inf usually represents itself as a legitimate keyboard configuration file. The infection established by the W32.Lobekad!inf will allow it to spread its codes by sending spam email messages to other vulnerable computer systems presumably by harvesting email addresses in the machine. However, it does not have its own Simple Mail Transfer Protocol engine.