Welcome to the Virus Encyclopedia of Panda Security.
It connects to an IRC server and waits for remote control commands to carry out on the affected computer. It exploits the vulnerabilities LSASS and RPC DCOM, among others, in order to spread to as many computers as possible.
|First detected on:||June 25, 2006|
|Detection updated on:||June 28, 2006|
|Yes, using TruPrevent Technologies
Kelvir.EO is a worm that connects to an IRC server in order to receive remote control commands, acting as a backdoor. It can be instructed to obtain Protected Storage service keys (including Outlook or Internet Explorer passwords, among others), list or end processes, open a command shell, etc.
Kelvir.EO installs the rootkit Ruffle.A, which is used to hide files and processes belonging to the worm.
Kelvir.EO exploits the vulnerabilities LSASS, RPC DCOM, Workstation Service and Plug and Play to spread across the Internet.
It is highly recommended to download the security patches for the vulnerabilities LSASS, RPC DCOM, Workstation Service and Plug and Play from the Microsoft website.
Kelvir.EO is difficult to recognize, as it does not display any messages or warnings that indicate it has reached the computer.