Virus.Win32.HLLW.Karimex, Win32.HLLW.Karimex, Worm/Karimex, Win32/Karimex
W32/Kotef.worm, Troj/Kotef-A, Win32/HLLW.Kotef, TROJ_KOTEF.A, Win32.HLLW.Kotef.A
Category: Computer Virus
Asia, North America, Europe
29 Oct 2002
The malware W32.Karimex is prepending virus that infects randomly chosen executable files it can locate in the infected system’s current folder. This virus writes its malicious code to victim files in 2 ways. One is by moving the code from the beginning of the victim file to the end and writing its very own malicious code to the created space. The second way is by adding the victim file’s code to the virus’ own code.
W32.Karimex Removal Tool
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
We recommend that you scan your system for malware. Our partner has a computer virus removal tool to automatically clean W32.Karimex from your computer.
More details about W32.Karimex
When executed in the compromised machine, the W32.Karimex will display a message with 2 buttons. If users click on the message’s right button while the system date is set to the 22nd, a message containing the [email protected]
’ string will appear. The virus will also create a VBS and DAT file which are files that are not malicious. On the other hand, if users click on the left button, a graphic display with Korean characters will appear. This virus will also create a file that is nonviral and will place it in the same location where the virus is located. This file will have the .vir file extension and the same name as the W32.Karimex virus.
This virus is likewise capable of randomly choosing several executable files and then prepending its viral body to the host files. The viral body is around 32,767 bytes. The virus will then append the string ‘TTF’ to the host file’s last section. It can also re-infect the same files it has infected since the virus does not have the ability to determine if it has infected a file or not. In the event that a file infected by the W32.Karimex virus executes, users will see a message stating that a file in the system has been corrupted and users would need to reinstall it again. Files infected by the virus do not have the capability to infect other files.