W32.Kelvir!gen
Aliases: N/A
Variants: W32.Kelvir.Worm.a, W32.Kelvir.Worm.f, W32.Kelvir.Worm
Classification: Malware
Category: Computer Worm
Status: Active & Spreading
Spreading: Slow
Geographical info: North America
Removal: Easy
Platform: W32
Discovered: 03 Jun 2005
Damage: Medium
Characteristics: W32.Kelvir!gen is a generic worm that detects variants of the W32.Kelvir family of worms. The W32.Kelvir family of worms are Visual Basic Applications that are based on Messenger Type Library. These worms spread using Windows Messenger or MSN messenger.
W32.Kelvir!gen Removal Tool
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
RECOMMENDED:
We recommend that you scan your system for malware. Our partner has a computer worm removal tool to automatically clean W32.Kelvir!gen from your computer.
More details about W32.Kelvir!gen
The worm W32.Kelvir!gen is a generic detection covering the W32.Kelvir.worm variants. It is packed using UPX and Morphine packers. It uses Windows Messenger or MSN Messenger as a means of propagation. It installs a variant of the W32.Sdbot.worm along with it. It spreads by loading all contacts on MSN Messenger and sending an instant message to every contact on the list. The message uses a social engineering approach. It tempts the remote user who receives the message to click on a hyperlink. The hyperlink points to a website that hosts the worm. When the user downloads and runs the remotely hosted executable, a copy of W32.Kelvir worm and a variant of W32.Spybot.Worm are copied into the computer. W32.Kelvir worms function as a "replication vehicle" for the W32.Spybot.Worm.Every second sample of the W32.Kelvir worm contains the string "The RPMiSO Group" in its body. The worm does not create any registry run keys or shortcuts. It also does not automatically install itself on the system. When executed, the W32.Kelvir worm copies itself to the hard disk and creates its own registry value. It runs when the Windows operating system starts. It can setup new malware on the victim computer without the user’s knowledge. It can execute the new malware or register it to permit autorun configuration. The program can also secretly monitor the user’s activities. It can collect sensitive information such as websites visited and the user’s Internet surfing habits. The malware can also change the settings of the victim computer and redirect the activity of the Web browser. It is believed that these actions may result into slower connection speeds, changes in home pages, and loss of Internet or other programs’ functionality.
Browse for more malware information
- W32.Kelvir!gen
- W32.Kergez.C@mm
- W32.Kerim@mm
- W32.Kernelbot.A
- W32.Kibtos
- W32.Kibuv.B
- W32.Killaut.A
- W32.Kiman.B
- W32.Kitro.A.Worm
- W32.Klez.A@mm
- W32.Kobot.A
- W32.Koddro@mm
- W32.Koobface.A
- W32.Korgo.A
- W32.Korron.A
- W32.Kromber
- W32.Kueight
- W32.Kuskus.Worm
- W32.Kwbot.B.Worm
- W32.Langex@mm
- W32.Lashplay
- W32.Launcer.A
- W32.Lavehn.A@mm
- W32.Leave.B.Worm
- W32.Lecivio
- W32.Lecna.A
- W32.Led@mm
- W32.Leebad
- W32.Lemoor.A
- W32.Liac.A@mm
Contact Us
|
Privacy Policy
|
Site Map
Copyright © Uniblue Systems Limited 2007. All rights reserved.