Virus:W32/MSIL.Kilo.a
Date discovered:22/01/2007
Type:File infector
In the wild:No
Reported Infections:Low
Distribution Potential:Low
Damage Potential:Medium to high
Static file:No
IVDF version:6.37.00.200 - Monday, January 22, 2007

 General Method of propagation:
   • Infects files


Aliases:
   •  Symantec: MSIL.Kolilo
   •  Mcafee: MSIL/Kolilo virus
   •  Kaspersky: Virus.MSIL.Kilo.a
   •  Eset: MSIL/Kilo.B


Platforms / OS:
   • Windows 2000
   • Windows XP
   • Windows 2003


Side effects:
   • Infects files


Right after execution it runs a windows application which will display the following window:


 Files Encryption:
It creates new files which are encrypted copies of the found files.

The original file is erased afterwards.



The following file is created:

%home%\Start Menu\Programs\Startup\%several random numbers from 0 to 9%.exe Furthermore it gets executed after it was fully created.

 Registry The following registry key is added:

– HKLM\SOFTWARE\Loki
   • Loki=Loki

 File infection Infector type:

Embedded - The virus inserts its code throughout the file (in one or more places).


Method:

This direct-action infector actively searches for files.


The following file is infected:

By file type:
   • *.exe

Files in any of the following directories:
   • %current directory%

 File details Programming language:
 The malware program was written in MS Visual C#.

Description inserted by Razvan Olteanu on Wednesday, February 17, 2010
Description updated by Razvan Olteanu on Monday, February 22, 2010

Back . . . .