W32.Kabab.A


Aliases: W32/Kabab.A
Variants: N/A

Classification: Malware
Category: Computer Worm

Status: Active and Spreading
Spreading: Moderate
Geographical info: N/A
Removal: Easy
Platform: W32
Discovered: 21 Aug 2007
Damage: Low

Characteristics: This worm is capable of spreading by copying itself to all available mapped and local drives on a target computer system. It can also decrease the security settings on an infected machine since this worm can be used by other malware to gain access to the target machine. The W32.Kabab.A worm targets systems with weakly configured networks and networks that make local systems vulnerable to remote access. This worm can likewise take advantage of security exploits on applications and the operating system itself.

More details about W32.Kabab.A

Once the W32.Kabab.A worm runs in the victim machine, it will create some exe files and then copy itself to all available drives, the current folder, ADMIN shares and IPC shares. It will use one of the predetermined filenames when it copies itself to the said locations. It will then create and modify some registry entries to allow it to execute every time that Windows boots up. This worm will also modify another set of registry entries which will have a direct effect on the System Restore function of Windows XP and ME. The malware also alters a registry entry to modify the title found on Internet Explorer’s windows. It will likewise alter another set of registry entries to terminate the Registry Editor and the Windows Task Manager. This worm may also have some backdoor functionality which can allow remote users access to the infected machine.

Since one of the worm’s main characteristic is its ability to terminate the Windows Task Manager, you can use third party process explorer apps to terminate the worm’s running process. Once you have located the process, terminate it. Next, try searching for the worm’s dropped files and then delete them. You will also have to delete and restore some values and entries in the Registry. To go to the Registry Editor, click on Start and then Run. Type regedit in the Run box and then OK.