W32/Kelvir.A, W32/Kelvir.B, W32/Kelvir.C and W32/Kelvir.D spread via MSN Messenger.
W32/Kelvir.A, W32/Kelvir.B, W32/Kelvir.C and W32/Kelvir.D are variants of a new worm that has been spreading significantly via the popular Internet chat program MSN Messenger. Users receive a message appearing to be sent by someone on their contact list. These messages contain a link and a small amount of text encouraging the user to click the link. However, on clicking the link the worm is downloaded and the user's computer becomes infected. The worm then sends a similar message to all those in the infected user's contact list who are signed in to MSN Messenger. Those who do not click the link do not become infected. Users are therefore encouraged to ignore suspicious links they receive via MSN Messenger and to close such windows immediately.
After updating the virus signature files, users should scan their whole system with the F-Prot Antivirus OnDemand scanner to ensure that their computer security was not compromised before the virus signature files were updated.
The latest versions of F-Prot Antivirus detect W32/Kelvir.A, W32/Kelvir.B, W32/Kelvir.C and W32/Kelvir.D using virus signature files dated 7 March 2005 or later.