high
Summary
Summary
Action- More Information
| How it spreads |
|
|---|---|
| Affected operating systems | Windows |
| Characteristics |
|
| Protection available since | 30 November 2005 10:12:06 (GMT) |
| Detected by | All Sophos products |
Free virus scan
- Free virus, spyware, and adware scan
- Test your existing anti-virus protection
- Find threats your anti-virus missed
Action
- Summary
- Action
- More Information
Please follow the instructions for removing worms.
More Information
W32/Kelvir-BF is a worm for the Windows platform.
Once installed, W32/Kelvir-BF attempts to spread via AOL Instant Messenger by sending any of the following messages to the list of contacts:
'let me know if you can open this: <link to worm>'
'this doesn't work for me, does it work for you? <link to worm>'
'let me know what you think: <link to worm>'
'holy cow...this girl is going crazy: <link to worm>'
'these are pretty nice, maybe you should take a look - <link to worm>'
'are these of you? they look just like you - <link to worm>'
'this girl is nuts, I can't believe she did this - <link to worm>'
'wow...check this out, you have to see it: <link to worm>'
'this deleted all my viruses and spyware - <link to worm>'
'I can't believe this acutally fixed my computer: <link to worm>'
'I didn't think it would work, but it fixed everything on my computer - <link to worm>'
W32/Kelvir-BF is a worm for the Windows platform.
When first run W32/Kelvir-BF copies itself to <System>\mshelp32.exe.
The following registry entries are created to run mshelp32.exe on startup:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Microsoft Help Support
<System>\mshelp32.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Microsoft Help Support
<System>\mshelp32.exe
Once installed, W32/Kelvir-BF attempts to spread via AOL Instant Messenger by sending any of the following messages to the list of contacts:
'let me know if you can open this: <link to worm>'
'this doesn't work for me, does it work for you? <link to worm>'
'let me know what you think: <link to worm>'
'holy cow...this girl is going crazy: <link to worm>'
'these are pretty nice, maybe you should take a look - <link to worm>'
'are these of you? they look just like you - <link to worm>'
'this girl is nuts, I can't believe she did this - <link to worm>'
'wow...check this out, you have to see it: <link to worm>'
'this deleted all my viruses and spyware - <link to worm>'
'I can't believe this acutally fixed my computer: <link to worm>'
'I didn't think it would work, but it fixed everything on my computer - <link to worm>'
|
