W32/Kelvir.A, W32/Kelvir.B, W32/Kelvir.C and W32/Kelvir.D spread via MSN Messenger.

7 March 2005

W32/Kelvir.A, W32/Kelvir.B, W32/Kelvir.C and W32/Kelvir.D are variants of a new worm that has been spreading significantly via the popular Internet chat program MSN Messenger. Users receive a message appearing to be sent by someone on their contact list. These messages contain a link and a small amount of text encouraging the user to click the link. However, on clicking the link the worm is downloaded and the user's computer becomes infected. The worm then sends a similar message to all those in the infected user's contact list who are signed in to MSN Messenger. Those who do not click the link do not become infected. Users are therefore encouraged to ignore suspicious links they receive via MSN Messenger and to close such windows immediately.

Recommended Reactions

Users are advised to update their virus signature files and make sure they have the latest versions of F-Prot Antivirus installed on their computers.

After updating the virus signature files, users should scan their whole system with the F-Prot Antivirus OnDemand scanner to ensure that their computer security was not compromised before the virus signature files were updated.

Threat Detection

The latest versions of F-Prot Antivirus detect W32/Kelvir.A, W32/Kelvir.B, W32/Kelvir.C and W32/Kelvir.D using virus signature files dated 7 March 2005 or later.

Commtouch® is a leading developer of anti virus software and anti spam filtering services. Commtouch's anti virus computer software, F-PROT Antivirus, is available for a number of operating systems such as Windows, Linux, BSD, Solaris, and AIX as well as the Microsoft Exchange groupware.

1993-2013 © Commtouch®