McAfee > Theat Center > Virus Detail Page

Overview

This is a virus detection. Viruses are programs that self-replicate recursively, meaning that infected systems spread the virus to other systems, which then propagate the virus further. While many viruses contain a destructive payload, it's quite common for viruses to do nothing more than spread from one system to another.

Characteristics

This is a generic detection covering certain W32/Kelvir.worm variants (such as W32/Kelvir.worm.f ).

The Kelvir worm family spreads via Windows Messenger (Note: Not the Windows Messenger service) or MSN Messenger and typically installs a variant of the W32/Sdbot.worm.

Symptoms

Windows Messenger or MSN Messenger Contacts stating that you're sending them a hyperlink that you did not intentionally or knowingly send.

The worm does not create any registry run keys, shortcuts, or otherwise "install" itself on the system.

Method of Infection

This worm spreads by sending Windows Messenger or MSN Messenger Contacts a hyperlink pointing to a web site hosting the worm.

Removal

All Users:
Use current engine and DAT files for detection and removal.

Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).

Variants

Variants

N/A

All Information

Overview -

This is a virus detection. Viruses are programs that self-replicate recursively, meaning that infected systems spread the virus to other systems, which then propagate the virus further. While many viruses contain a destructive payload, it's quite common for viruses to do nothing more than spread from one system to another.

Characteristics

Characteristics -

This is a generic detection covering certain W32/Kelvir.worm variants (such as W32/Kelvir.worm.f ).

The Kelvir worm family spreads via Windows Messenger (Note: Not the Windows Messenger service) or MSN Messenger and typically installs a variant of the W32/Sdbot.worm.

Symptoms

Symptoms -

Windows Messenger or MSN Messenger Contacts stating that you're sending them a hyperlink that you did not intentionally or knowingly send.

The worm does not create any registry run keys, shortcuts, or otherwise "install" itself on the system.

Method of Infection

Method of Infection -

This worm spreads by sending Windows Messenger or MSN Messenger Contacts a hyperlink pointing to a web site hosting the worm.

Removal -

Removal -

All Users:
Use current engine and DAT files for detection and removal.

Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).

Variants

Variants -

N/A