Another AOL IM virus.

This one came from

When a user runs the linux it creates a file called lockx.exe
Lockx then creates a file c:\windows\system32\msdirectx.sys (detected by macfee as FURootkit) and c:\xz.bat (Prockill-cv)
I am also seeing it create a file c:\windows\system32\silient_kuwait150.exe

looks like the silient_kuwait150.exe is spyware.

4 Responses to “”

  1. spiffyroxy says:

    so i searched for the virus i have on my computer in yahoo and it came to this… do you know how to get rid of this thing?

  2. Ian says:

    We are recommending that people don’t click on link in IM with out first checking with the person who sent it to make sure that they sent it. Hard I know but something to think about.

    What virus software are you using and what virus was reported by the virus software. If you only see FURootkit and ProcKill-cv were detect and deleted then you are in good shape. You can just do a full scan of your computer and you will be good.
    The saving grace of this virus was that when run it tried to create 2 new files that were known viruses which were caught by an uptodate virus package.

    My experience was with Mcafee so other vendors might be slightly different.

  3. spiffyroxy says:

    well, i clicked on the link (blegh!) and I have McAfee, but I did an online virus scan with McAfee and it detected it, I can’t figure out how to do a total system scan with McAfee (i’m a computer moron!)

  4. Ian says:

    I have only played with the enterprise version which will probably be different from the home version. I right click on the virus scan shield at the bottom right of the screen (next to the clock) I then choose virus console. Then click on “On Demand Scan” then choose start.