HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\”Window Title” = “faizal”

Computer worms are made to infect other computers through using the Internet to spam copies of themselves to spread. Most computer worms are damaging through their negative impact of system and network resources through their rapid and mostly uncontrolled spread. Some worms are coupled or combined with other computer malware in order to maximize their impact.

Methods of Computer Worm Infection

A lot of computer worms are made with the sole intention to spread and not cause harm to networks and users computers. Examples of worms with benign intentions such as this that resulted in unintended network disruptions were the Morris Worm and Mydoom. Other worms will carry a payload meant to do harm. The ExploreZip worm will actually delete files on the targeted computer. Some worms will encrypt files in an attempt to extort the user to remove the encryption, and others will install a backdoor on your computer in order to allow it to be used to attack other computers, websites, or computing systems. Many times email spammers are found to be behind computer worm infections that are coupled with a payload to make a user’s computer open to being taken over for sending spam email. Other means of spreading by worms are making use of backdoors opened by other computer malware. The well-known worm, Doomjuice uses the backdoor that is opened on your computer by Mydoom. Other means of spreading are through infected email attachments and multi-media files.

Current Trends of Computer Worms

Robert Tappan Morris is credited with accidentally creating the first computer worm in 1988. The “Internet Worm” as it was known, used the sendmail function, finger, and rsh/rexec to spread itself to other computers on the Internet. The SQL Slammer Worm came out in 2003 and used a Microsoft SQL Server 2000 vulnerability in order to spread across the Internet. The Blaster Worm took a similar route in the 2003 by using a Microsoft DCOM / RPC to spread. Well-known email worms that have emerged over the past decade have been: 1 – The Melissa worm of 1999, 2 – The Sobig WOrm of 2003, and 3 – Mydoom worm in 2004. These worms shared features with a Trojan Horse in that they encouraged the end-user to open the infected file attachment in order to spread. The MyDoom worm, however, was the first of a number of computer malware programs to use peer-to-peer file sharing networks to rapidly spread. MyDoom was originally spread using the KaZaa file sharing network and had variants which used payloads to launch denial of service attacks againstMicrosoft and SCO.

Win32.Kelvir Computer Worm Description

Kelvir is an Instant Messenger (IM) worm that will spread by sending out a link to it’s own file using the MSN messenger. Kelvir also tries to download the files from the internet and run them. Kelvir’s file is PE executable and is 49kB long. This file is packed along with a file compressor and usually it is written in Visual Basic. It is compressed using comphrine. 

Installation of the Win32.Kelvir Computer Worm

Usually, Kelvir arrives on the computer with MSN instant message and the message look like “lol! See it! U’ll like it”. This file comes along with a link named “omg.pif” and it will be located on home.earthlink.net web server. When this file downloaded and it is run on the system, then it infects the system and then it continues to spread like a cycle by sending out instant message to all the contacts in MSN messenger. The file will be saved in C:\ drive as “dumprep.exe” and then it is executed. The file that is downloaded is variant of RBot backdoor.  
Win32.Kelvir Computer Worm Communications
Kelvir does not spread automatically but spreads using its own means. Kelvir needs the intervention of attacking users so that it reaches out to the affected system. The other means of transmission used by Kelvir are P2P file sharing networks, IRC channels, FTP, Internet downloads; e-mail messages along with attached files, CD-ROMs, floppy disks etc.

Symptoms of the Win32.Kelvir Computer Worm

Stops services of security tools like firewalls, antivirus programs and many other security related programs as well.

Win32.Kelvir Computer Worm Malware Basic Removal Steps

Win32.Kelvir should be removed using an anti-virus program if you are not savvy with registry modifications and computer security. Click here for automatic removal instructions for removing the Win32.Kelvir Computer Worm.

Technorati Required Tag: dcjs8bxkqw

Win.32 Bagz Computer Worm Description

Win32 bagz is a malware worm that is transferred from spoof emails to thousands of computers. Anti-virus software may block your computer from being harmed, but it tends to be successful at hiding itself.

Win.32 Bagz Malware Installation

The win32.Bagz worm is installed when you download an attachment that has been infected. These attachments are often found inside emails from an attacker.

How does Win.32 Bagz Infect Your Computer

The worm infects your computer when an attacker sends you and thousands of other people a “fake” email with a catchy title and attachment. The email will encourage you to download the attachment, which will then execute the worm. The worm will copy files to your directory, allowing it to connect to various ports and receive downloads from a remote server.

Win.32 Bagz Malware Payload

The payload includes stealing information such as passwords, emails so that the virus can continue to spread, and slowing down your computer processes. This is all taxing on your computer and makes it very difficult to remove the virus successfully. It also disables firewalls and virus protection programs if it can get into your system undetected.

In the end, the attacker could end up with your secure information without you even knowing. Since it is difficult to identify this virus immediately, a lot of damage could be done before you get the chance to stop it.

Win.32 Bagz Malware Processes and Files

Many different files may be present on your computer when it is infected with the win32 bagz malware. It can change system directory names, as well as file names so you cannot find them any longer. The following files are identifiers when it comes to the bagz virus:

tutorial.doc<multiple spaces>.exe
sqlssl.doc<multiple spaces>.exe
dl.exe
run32.exe
syslongon.exe
sysinfo32.exe
ipdb.dll
jobdb.dll
wdate.dll
tutorial.zip
ndisrd.sys
ndisapi.dll
<system folder>\drivers\ndisrd.sys

You can usually identify malware files if they have double extensions such as .exe.doc or a similar set up. No file will ever have a double extension, but a virus will because they attempt to mask that it is a malicious program.

W32.Bagz Computer Worm Basic Removal Steps
The W32.Bagz Computer Worm is complex and it is not recommended to attempt manual removal. Automatic removal using an updated anti-virus program is the recommended means for removal.
Click here for automatic removal instructions for removing the W32.Bagz Computer Worm.

W32.Bagle Zip Computer Worm Description

W32 bagle zip is a malware that is transferred from fake emails by spam accounts or an automated email system that the attacker has set up. It is part of the bagle family of worms and malware, and is a vicious attacker.

W32 Bagle.Zip Malware Installation

This malware is installed when you download the attachment sent in an email. The moment you press “download” for the attachment file, your computer is infected. It executes immediately and copies itself into folders and directories so that it can spread later. The zip file it creates is password protected, making it even harder to remove.

How W32 Bagle.Zip infects your computer?

When the attacker sends the w32 bagle zip to a host of different email addresses, it is made to look like a “semi” real email. The user will typically download the attachment thinking that it is a legitimate file, thus allowing their computer to be infected with the malware. It may also spread from peer to peer networks as a fake file. Its hard to detect whether a specific file is a malware or worm, unless you know exactly what you are looking for.

How W32 Bagle.Zip MalwarePayload

It is considered a destructive virus because it often uses different file names, extensions, and cover ups to make it look more innocent or real. The virus stores itself and continues to spread the virus from computer to computer, all while harvesting your personal data. When it transmits the virus to another computer, it chooses a .exe file from your programs list and masks itself as that when sending.

How W32 Bagle.Zip Malware Processes and Files

The win32 bagle zip virus is known as several types of malware, and is also part of the bagle family of viruses. They are all different, but similar in their execution and destructiveness. You can look for any email that contains suspicious attachments, as well as files in your directory. These files may look like the following:

* foto3.zip containing kgrcamyj.exe andzchyny.def
* Secret.zip containing iohnifdl.exe and xpjuprbqf.ini
* Dog.cpl
* Garry.scr
Infected files from a p2p network may look like the following:
ACDSee 9.exe
Adobe Photoshop 9 full.exe
Ahead Nero 7.exe
Kaspersky Antivirus 5.0
KAV 5.0
Matrix 3 Revolution English Subtitles.exe
Microsoft Office 2003 Crack, Working!.exe
Microsoft Office XP working Crack, Keygen.exe
Microsoft Windows XP, WinXP Crack, working Keygen.exe
Opera 8 New!.exe
Porno pics arhive, xxx.exe
Porno Screensaver.scr
Porno, sex, oral, anal cool, awesome!!.exe
Serials.txt.exe
WinAmp 5 Pro Keygen Crack Update.exe
WinAmp 6 New!.exe
Windown Longhorn Beta Leak.exe
Windows Sourcecode update.doc.exe
XXX hardcore images.exe

As you can see, these look like legitimate files that someone might send. Its difficult to know for sure if they are indeed viruses.

Removal of the W32.Bagle Zip Computer Worm From Your Computer

The W32.BagleZip Computer Worm is complex and it is not recommended to attempt manual removal. Automatic removal using an updated anti-virus program is the recommended means for removal.
Click here for automatic removal instructions for removing the W32.Bagle Zip Worm.