Main Menu
Home
Bookmark
Contact Us

Categories
  Adware
  Adware Bundler
  AOL Exploit
  Backdoor
  Browser Hijacker
  Browser Plug-in
  Commercial Key Logger
  Commercial Remote Control
  Cookie
  Dialer
  E-Mail Flooder
  Hostile ActiveX Control
  ICQ Exploit
  Joke Program
  Key Logger
  Loader
  Low Risk Adware
  Misc
  Nuker
  P2P
  Password Hijacker
  Potential Privacy Risk
  Potentially Dangerous Tools
  RAT
  Search Hijacker
  Security Disabler
  Spyware
  Stealth Notifier
  Surveillance
  Toolbar
  Trojan
  Trojan Downloader
  Trojan FTP
  Trojan Telnet
  Viruses
  Worm
 


 
I-Worm.Kitro. Viruses Information

Name: I-Worm.Kitro.
Category: Viruses
Description: Details
I-Worm.Kitro.a

Kitro is a family of Internet worms. They spread using infected e-mail messages and Kazaa peer-to-peer network. All versions of the worm obtain e-mail addresses from the .NET Messenger contact list, and send infected messages to these addresses.
Messages sent by these worms may have different subjects, bodies, and attached files. They are sent using direct SMTP access to the "mail.hotmail.com" server.
This version of the worm is able to spread only by sending itself in e-mail attachments. The worm is an EXE file, its size is 220160 bytes.
Installation
The worm copies itself to the following locations:
c:system32.exe
c:archiv~1psycho.scr
The worm also sets its copy located in the root directory of disk C: up to start automatically with Windows by writing the following registry key:
[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
"msn"="c:system32.exe"
The worm gathers information about .NET Messenger contact recipients by reading "Permission" values from the following registry key:
[HKEY_CURRENT_USERSoftwareMicrosoftMessengerServiceListCache.NET Messenger Service]
Value names: Allow0, Allow1, etc.
It writes all addresses gathered into the file named kiltro.dat in the current directory. Messages that are sent by the worm contain an attached file named Psycho.scr. If the worm finds its copy already installed in the system it hides the system tray window and shows some messages.
Other
The worm creates the following text files:
c:windat.vxd
c:windat.dll
with the following contents:
Programado en Santiago de Chile por ErGrone



Top Viruses Visited Pages:
Invader. - 239 visits
not-a-virus:RiskWare.Tool.RegPatch. - 73 visits
Worm.P2P.Harex. - 66 visits
not-a-virus:RemoteAdmin.Win32.RAdmin.2 - 60 visits
Small.58. - 56 visits
Coito.64 - 54 visits
I-Worm.Mapson. - 48 visits
Win32.Hidra - 43 visits
Win16.Klon.1177 - 42 visits
Marine.500 - 35 visits

Random Viruses Pages:
Empir
Trojan.Win32.Malantern.
MzBoot.46
TrojanDropper.Win32.Small.g
I-Worm.Mydoom.
Kate.58
Win32.HLLP.Mince
Fitria.82
Win32.Xoral
Albania.42


 

© 2006-2008 spyware32.com - Privacy Policy