W32.Kibtos


Aliases: N/A
Variants: N/A

Classification: Malware
Category: Computer Worm

Status: Active & Spreading
Spreading: Slow
Geographical info: North America
Removal: Easy
Platform: W32
Discovered: 01 Aug 2007
Damage: Low

Characteristics: W32.Kibtos is a worm that infects all Windows versions. It infects the system by copying itself to all drives. The worm also opens a message and a picture that asks the user to vote for Kibaki. The risk of the threat is low as well as its damage level.

More details about W32.Kibtos

The worm W32.Kibtos infects Windows systems by copying itself into all drives. Once executed, the worm copies itself as intel.exe in the Windows System\drivers folder, and as csrss.exe in the Windows folder. Then it creates Autorun.inf in the Windows folder to reference the files created previously. To ensure that it automatically runs at every Windows start up, it modifies the certain registry keys. It also modifies the registry to disable System Restore and change the default folder options. It also attempts to stop processes that are related to security using the keywords ANT, VIR, TASK, REG, AUTO, DBG, W32, BUG, CLEANER, DETEC, PROC, MECHAN, AVAST, ESSET, KASP, NOD32, NORTON, MCAFEE, SYMAN, CONSOL, MANAGEMENT, COMPONENT, ANTI, VIRUS, mcagent.exe, and mcshield.exe.

The W32.Kibtos program may create new files and processes in the computer. It also inserts these files into the registry directories. This allows the program to launch at every system boot. The program may slow down computer performance. This is because the copies of the program eat up system resources and use available disk space.