Win32.Kelvir Computer Worm Description
Kelvir is an Instant Messenger (IM) worm that will spread by sending out a link to it’s own file using the MSN messenger. Kelvir also tries to download the files from the internet and run them. Kelvir’s file is PE executable and is 49kB long. This file is packed along with a file compressor and usually it is written in Visual Basic. It is compressed using comphrine.
Installation of the Win32.Kelvir Computer Worm
Usually, Kelvir arrives on the computer with MSN instant message and the message look like “lol! See it! U’ll like it”. This file comes along with a link named “omg.pif” and it will be located on home.earthlink.net web server. When this file downloaded and it is run on the system, then it infects the system and then it continues to spread like a cycle by sending out instant message to all the contacts in MSN messenger. The file will be saved in C:\ drive as “dumprep.exe” and then it is executed. The file that is downloaded is variant of RBot backdoor.
Win32.Kelvir Computer Worm Communications
Kelvir does not spread automatically but spreads using its own means. Kelvir needs the intervention of attacking users so that it reaches out to the affected system. The other means of transmission used by Kelvir are P2P file sharing networks, IRC channels, FTP, Internet downloads; e-mail messages along with attached files, CD-ROMs, floppy disks etc.
Symptoms of the Win32.Kelvir Computer Worm
Stops services of security tools like firewalls, antivirus programs and many other security related programs as well.
Win32.Kelvir Computer Worm Malware Basic Removal Steps
Win32.Kelvir should be removed using an anti-virus program if you are not savvy with registry modifications and computer security. Click here for automatic removal instructions for removing the Win32.Kelvir Computer Worm.
No related posts.
Related posts brought to you by Yet Another Related Posts Plugin.
