IM-Worm.Win32.Kelvir.k

IM-Worm.Win32.Kelvir.k leads a double life as both a false positive from rogue security software and a real, albeit old worm that was first seen in 2005. Determining which type of IM-Worm.Win32.Kelvir.k problem you have should be done with some help from an appropriate anti-virus program that can detect a wide variety of PC threats, including both worms and rogue programs. Attempting to remove a fake IM-Worm.Win32.Kelvir.k infection may harm your PC, while allowing a real IM-Worm.Win32.Kelvir.k to remain undeleted can result in your PC being targeted with spyware attacks.

IM-Worm.Win32.Kelvir.k - the Elderly Spy-Worm

Since IM-Worm.Win32.Kelvir.k was first reported in 2005 and was updated only in 2007, recent IM-Worm.Win32.Kelvir.k infections are unlikely, although still possible. Worms like IM-Worm.Win32.Kelvir.k can infect computers by using network-shared folders or removable drives to install themselves automatically. IM-Worm.Win32.Kelvir.k itself has also seen using MSN Messenger to spread itself with links embedded in spam messages.

The payload that IM-Worm.Win32.Kelvir.k drops is its most dangerous function, since IM-Worm.Win32.Kelvir.k installs a variant of the W32.Spybot.Worm, a second worm with spyware capabilities. You should assume that private information, including passwords and other login data, are at risk for any PC that's infected by IM-Worm.Win32.Kelvir.k.

IM-Worm.Win32.Kelvir.k has been confirmed to attack most versions of Windows from Windows 95 up to Windows XP, although IM-Worm.Win32.Kelvir.k may not be able to attack newer versions of the operating system.

Although IM-Worm.Win32.Kelvir.k may copy its files to many locations these files can be hidden with the Hidden or System attributes and may not appear in Windows Explorer. Enabling the display of files with these attributes may let you see IM-Worm.Win32.Kelvir.k's various clones. When in doubt, assume that IM-Worm.Win32.Kelvir.k has copied itself to all drives, including removable ones.

This genuine IM-Worm.Win32.Kelvir.k threat can go by several aliases, including Win32.Kelvir.F, W32.Kelvir.S, W32/Kelvir.worm.gen, W32/Kelvir-I and WORM_KELVIR.O.

When IM-Worm.Win32.Kelvir.k Isn't the Attacker That You Need to Worry About

Although actual IM-Worm.Win32.Kelvir.k infections have become rare, fake IM-Worm.Win32.Kelvir.k detections are on the rise due to rogue security programs like XP Internet Security 2010, XP Internet Security 2011 and XP Internet Security 2012. These rogue security applications will create fake IM-Worm.Win32.Kelvir.k infection warnings, to make you believe that you're being attacked by unrelated infections. However, rogue security programs aren't designed to detect real PC threats and will even attack your computer themselves.

Besides IM-Worm.Win32.Kelvir.k false positives, you may also see errors that look like the examples listed here:

System warning!
Continue working in unprotected mode is very dangerous. Viruses can damage your confidential data and work on your computer. Click here to protect your computer.

System warning!
Security Essentials Ultimate Pack software detects programs that may compromise your privacy and harm your systems. It is highly recommended you scan your PC right now. Click here to start.

Security Alert!
Your computer is being attacked from a remote machine !
Block Internet access to your computer to prevent system infection.

Critical Warning!
Critical System Warning! Your system is probably infected with a version of Trojans-Spy.HTML.Visafraud.a. This may result in website access passwords being stolen from Internet Explorer, Mozilla Firefox, Outlook etc. Click Yes to scan and remove threats. (recommended)

You don't need to do anything about these fake threats, including the fake IM-Worm.Win32.Kelvir.k alert. However, you will need to remove XP Internet Security 2010 and any other harmful programs with a real anti-virus program of your choice. Once the rogue program has been deleted, you'll have succeeded in removing IM-Worm.Win32.Kelvir.k warnings, as well.