|
|
I-Worm.Kira Viruses Information
| Name: |
I-Worm.Kira |
| Category: |
Viruses |
| Description:
|
Details
I-Worm.Kiray
This is a worm virus that spreads via the Internet using Microsoft Outlook. The worm appears as an email message with the attached file Kiray.EXE.
When the EXE-file is run the worm modify some of the keys in the system registry:
HKCRexefileshellopencommand""="c:windowstempKiray.exe"
HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoDesktop=1
NoDrives=1
HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesNetworkNoNetSetup=1
This allows the worm to run its routine when running any EXE-file and after restarting the system, all icons from "Desktop" and disks icons from "My computer" are hidden.
Then the worm uses MAPI to spread itself via e-mail, by creating messages to all recipients in the Outlook address book:
Subject: Please make peace not war
Body message: The Lamers and Idiots Game
Attach: Kiray.exe
The worm also tries to check Windows Address Book (WAB) which is registered in the system registry:
HKEY_CURRENT_USERSoftwareMicrosoftWAB
Finally the worm tries to remove all files in the following directories:
c:windows*.* c:windowssystem*.* c:Program FilesMicrosoft Office*.* c:Program FilesInternet Explorer*.*
The worm is only fully functional if the attachment is saved by the user to C:WINDOWSTEMP directory. Otherwise the worm cannot spread correctly from the infected machine, as the worm's message is sent without the attached exe. file. |
Top Viruses Visited Pages:
Invader. - 239 visits
not-a-virus:RiskWare.Tool.RegPatch. - 73 visits
Worm.P2P.Harex. - 66 visits
not-a-virus:RemoteAdmin.Win32.RAdmin.2 - 60 visits
Small.58. - 56 visits
Coito.64 - 54 visits
I-Worm.Mapson. - 48 visits
Win32.Hidra - 43 visits
Win16.Klon.1177 - 42 visits
Marine.500 - 35 visits
Random Viruses Pages:
Macro.Word.TwoLine
Trojan.Win32.Favadd.
Tedy.435
Macro.Word.Ord
Zz.41
Platov Famil
Ginger Famil
Asteris
Fear.182
Ganja.43
|
|
