I-Worm.Kitro. Viruses Definition - Viruses Spywares, Adwares, Viruses Reviews and Info

Main Menu

Categories

Adware
Adware Bundler
AOL Exploit
Backdoor
Browser Hijacker
Browser Plug-in
Commercial Key Logger
Commercial Remote Control
Cookie
Dialer
E-Mail Flooder
Hostile ActiveX Control
ICQ Exploit
Joke Program
Key Logger
Loader
Low Risk Adware
Misc
Nuker
P2P
Password Hijacker
Potential Privacy Risk
Potentially Dangerous Tools
RAT
Search Hijacker
Security Disabler
Spyware
Stealth Notifier
Surveillance
Toolbar
Trojan
Trojan Downloader
Trojan FTP
Trojan Telnet
Viruses
Worm

I-Worm.Kitro. Viruses Information

Name:	I-Worm.Kitro.
Category:	Viruses
Description:	Details I-Worm.Kitro.b Kitro is a family of Internet worms. They spread using infected e-mail messages and Kazaa peer-to-peer network. All versions of the worm obtain e-mail addresses from the .NET Messenger contact list, and send infected messages to these addresses. Messages sent by these worms may have different subjects, bodies, and attached files. They are sent using direct SMTP access to the "mail.hotmail.com" server. This version of the worm is intended to spread both via the e-mail messages and the Kazaa network. Due to errors in its code, the worm may fail to execute and replicate properly. The worm is a Control Panel applet (file with "CPL" extension), its size is 236032 bytes. Installation The worm copies itself to the Windows directory and the root directory of disk C: with a random name consisting of digits and "CPL" extension (for example, "832.cpl"). It also sets its copy up to load automatically when Windows starts by writing the following registry value: [HKCUSoftwareMicrosoftWindowsCurrentVersionRun] "(Worm's file name)"="rundll32.exe shell32.dll,Control_RunDLL (Worm's file name)" for example, "832.cpl"="rundll32.exe shell32.dll,Control_RunDLL 832.cpl" Replication The worm obtains email addresses of the .NET Messenger contact list recipients, and writes them to the files called "commfig.sys" and "K32.vxd" in the Windows directory. Then it tries to send infected e-mails to these addresses. Due to errors in the worms code, the worm may not be able to replicate. Other The worm tries to disable Kaspersky Anti-Virus and Panda Antivirus software by modifying the Windows system registry. It also searches for and tries to close windows with the 'Panda ActiveScan - Microsoft Internet Explorer' title, and to delete files at the following locations: (Kaspersky Anti-Virus common files path)Basesavp.set C:archiv~1peravpav.dll C:archiv~1peravper.dll C:program filesperavpav.dll C:program filesperavper.dll (Windows directory)vshield.vxd (Windows directory)system32vshield.vxd

Top Viruses Visited Pages:

Invader. - 234 visits
not-a-virus:RiskWare.Tool.RegPatch. - 72 visits
Worm.P2P.Harex. - 65 visits
not-a-virus:RemoteAdmin.Win32.RAdmin.2 - 59 visits
Small.58. - 56 visits
Coito.64 - 54 visits
I-Worm.Mapson. - 47 visits
Win16.Klon.1177 - 42 visits
Win32.Hidra - 42 visits
Marine.500 - 35 visits

Random Viruses Pages:

Win32.MT
Hi.92
Troi.32
Spanish.141
NightKing.156
92_69.114
BAT.Shadow.123
Azatoth.99
Ouse.59
Lucifer Famil

� 2006-2008 spyware32.com - Privacy Policy