Email-Worm.Win32.Kamil, I-Worm.Kamil, Kamil, Win32.HLLM.Generic.96, Trojan:Win32/Kamil
WORM_KAMIL.A, Win32:Trojan-gen, Trojan.Win32.Kamil.A, W32/Kamil.A.worm, Win32/Kamil.A
Category: Trojan Horse
Asia, North America, Europe
01 Aug 2002
The Trojan W32.Kamil is a downloader Trojan that will try to download a W32.BleBla worm variant from a predetermined remote location. It may likewise download other security threats onto the infected computer system. The W32.BleBla worm’s new variant is the W32.BleBla.J.Worm. This downloader Trojan is also capable of transferring all files from the Desktop and Windows folders to the Nur_Mohd_Kamil in the C:\ drive.
W32.Kamil Removal Tool
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
We recommend that you scan your system for malware. Our partner has a trojan horse removal tool to automatically clean W32.Kamil from your computer.
More details about W32.Kamil
Upon execution in the host machine, the W32.Kamil Trojan will display a message stating ‘Loading Nur_Mohammad_Kamil Please Wait’. It then creates a folder for its files. Next, it will transfer documents from the folders Windows, Desktop and My Documents to the folder it has created and then copy its main file to the system. It will then rename the Fileter.dat to another filename and then show the message ‘Nur_Mohammad_Kamil successfully update Done’. This Trojan will also try to modify the home page of Internet Explorer to a site where it will download files from. When the user goes to the website, the malware will try to retrieve an EXE file; the main executable of the W32.BleBla worm. This security threat uses a Flash icon used to fool users into believing that it’s just a Flash movie.
The first file it will create is the Melhacker.vbs file which will be responsible for creating the file Mekhacker.zip. It then creates the Nur_Mohd_Kamil.bat file which is responsible for executing several malicious processes. Next, the Trojan will create the Nmksys32.vxd which is a non-malicious TXT file and the Nmk.htm file which displays pop-up messages. The downloader Trojan will likewise create the Nuhr_Mohd_Kamil.reg file which contains the malware’s registry keys and values that will be run to alter the registry. Lastly, it will create the file Melhacker.zip which contains a corrupted DOS executable file. The Trojan will then proceed to add a value to the registry so that it can execute every time that Windows is restarted.