W32/Kelvir-BF

Category:	Viruses and Spyware
Type:	Win32 worm
Prevalence:

Download our free Virus Removal Tool - Find and remove threats your antivirus missed

W32/Kelvir-BF is a worm for the Windows platform.

Once installed, W32/Kelvir-BF attempts to spread via AOL Instant Messenger by sending any of the following messages to the list of contacts:

'let me know if you can open this: <link to worm>'
'this doesn't work for me, does it work for you? <link to worm>'
'let me know what you think: <link to worm>'
'holy cow...this girl is going crazy: <link to worm>'
'these are pretty nice, maybe you should take a look - <link to worm>'
'are these of you? they look just like you - <link to worm>'
'this girl is nuts, I can't believe she did this - <link to worm>'
'wow...check this out, you have to see it: <link to worm>'
'this deleted all my viruses and spyware - <link to worm>'
'I can't believe this acutally fixed my computer: <link to worm>'
'I didn't think it would work, but it fixed everything on my computer - <link to worm>' W32/Kelvir-BF is a worm for the Windows platform.

When first run W32/Kelvir-BF copies itself to <System>\mshelp32.exe.

The following registry entries are created to run mshelp32.exe on startup:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Microsoft Help Support
<System>\mshelp32.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Microsoft Help Support
<System>\mshelp32.exe

Once installed, W32/Kelvir-BF attempts to spread via AOL Instant Messenger by sending any of the following messages to the list of contacts:

Try Sophos products for free
Download now

W32/Kelvir-BF

Free Mac Anti-Virus

Popular topics