I-Worm.Kergez.c, W32/Kergez.worm, Backdoor.Kergez, Win32.HLLW.Kergez.2, Troj/Kergez-A
Category: Computer Worm
Active & Spreading
06 Aug 2003
Characteristics: [email protected]
is a mass-mailing worm that propagates itself through email addresses in files with .asp, .htm, and .php extensions. The email messages will contain: Subject: Re: New Security Vuln and Attachment: Virus_Guard.exe. The worm is Microsoft Visual C++ written and UPX packed.
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
We recommend that you scan your system for malware. Our partner has a computer worm removal tool to automatically clean [email protected]
from your computer.
is a mass-mailing worm that spreads through email. It specifically spreads by sending email messages to email addresses it finds in files that have the extensions .asp, .htm, and .php. After [email protected]
is executed, it may copy itself to %Windir%\Kangaroo.exe and %System%\Internat67.exe. It may also add values to the registry to ensure that it runs every after Windows starts up. The worm attempts to terminate certain processes especially those related to security processes (e.g. Firewall, Alarm, Secure, Clean, Anti, etc). The worm sends itself to all the email addresses it finds in files that have .asp, .php, and .htm extensions. The email messages contain the subject “New Security Vuln”, a body that contains the message “Are you vulnerable to identity theft…”, and an attachment named Virus_Guard.exe.
The worm [email protected]
can be manually removed from the system. First of all, the System Restore function must be temporarily disabled to ensure effective virus removal. Then, update the virus definitions. Use a reliable antivirus software program to run a full system scan on the computer. Delete all files that are detected as [email protected]
Edit the Win.ini file. Reverse any changes made in the registry. Before making any changes in the registry, it is advised that you back up the registry. Mistakes in the registry can have serious consequences like permanent data loss or corrupted files. Reboot the computer and rescan the system to double check if the threat has been totally eliminated.