SymbOS.Worm.Keaf.A( SMS-Worm:SymbOS/Feak )
SYMPTOMS: Presence of \system\apps\feakk.exe and/or \system\recogs\feakk.mdl (usually on drive C:) TECHNICAL DESCRIPTION: The worm has 2 components:\system\apps\feakk.exe \system\recogs\feakk.mdl. The .mdl file is set to start the .exe file on system startup. Once installed and started, it looks in contact list for a contact named HACKME. If it succeeds, it starts it's worm behavior: sends SMSs to all the contacts in the list. The format of SMS messages is: hey The zip doesn't reside on that link anymore. Removal instructions: Please let BitDefender disinfect your files.ANALYZED BY: Alexandru Maximciuc, virus researcher |
