Alerte Virus watch

The worm disables system restore, blocks access to security websites, and downloads additional malware to infected machines.

Users are strongly recommended to ensure their antivirus databases are up to date. A patch for the vulnerability is available from Microsoft.

Detailed descriptions of Net-Worm.Win32.Kido.bt, Net-Worm.Win32.Kido.dv and Net-Worm.Win32.Kido.fx are available in the Virus Encyclopaedia. A dedicated removal tool is available here.]]>">Net-Worm.Win32.Kido

The new Gpcode variant encrypts files with extensions DOC, TXT, PDF, XLS, JPG, PNG, CPP, H etc. on hard drives using an RSA algorithm with a 1024-bit key.

After encrypting files, the virus leaves a text file in the folder next to the encrypted files with following message:

Currently, we detect the new variant, but we are unable to crack the 1024-bit key. Our analysts are continuing to work on both the key and the virus to resolve this issue.

Kaspersky Lab recommends that all Internet users enable maximum protection from malicious code and network attacks on their computers, refrain from executing suspicious programs received from untrustworthy sources and back up any important information on their computers.

Detection of Virus.Win32.Gpcode.ak was added to Kaspersky Anti-Virus signature databases yesterday, on June 4th, at 15:39 GMT. Please make sure to update if you haven’t already.

If you have fallen victim to Gpcode.ak, try to contact us using another computer connected to the Internet. DO NOT RESTART or POWER DOWN the potentially infected machine. Contact us by email stopgpcode@kaspersky.com and tell us the exact date and time of infection, as well everything you did on the computer in the 5 minutes before the machine was infected: which programs you have executed, which websites you have visited, etc. We'll try and help you recover any data that has been encrypted.

For more information about the malicious program, please read our weblog.]]>">Virus.Win32.Gpcode.ak

New variants may be functionally similar to each other and to previous variants.

Users are reminded to keep their antivirus protection up to date, and to scan any suspicious emails with an antivirus solution.

If you are using Kaspersky Anti-Virus or Kaspersky Internet Security 6.0, enable Proactive Protection, and new variants will be detected without the need to update antivirus databases.

A detailed description of Email-Worm.Win32.Zhelatin.o is available in the Virus Encyclopaedia.]]>">Email-Worm.Win32.Zhelatin

The Kaspersky anti-virus databases have been updated and users are recommended to update as soon as possible.

Possible subjects in infected emails:

Possible names for attachments containing the body of the worm:

Possible texts in the emails:

A detailed description of Email-Worm.Win32.Zhelatin.o is now available in the Kaspersky Virus Encyclopaedia.]]>">Email-Worm.Win32.Zhelatin.o