Common Tasks

Recent Posts

Community

Email Notifications

Personal Links

Archives

Security Protection - Harry Waldron (CS)

Security Best Practices, Breaking News, & Updates

Kittykat - New RAR virus threat

 Users should be cautious with all RAR files processed in email or shared by other sources.

Kittykat - New RAR virus threat
http://secunia.com/virus_information/28958/kittykat/
http://www.sarc.com/avcenter/venc/data/w32.kittykat.html

W32.Kittykat is a virus that splits itself into many parts, and adds these parts to all RAR archive files in the current directory and the parent directory. The virus may arrive as an archive file. The virus requires that the archive is extracted with the full directory structure, and that the file start.bat is then executed.

When W32.Kittykat is executed, it performs the following actions:

1. Reconstructs itself as the following file: [RANDOM FILENAME].exe
2. Displays a message to announce its presence.
3. Searches for files to infect. The virus has no infection marker, so an already infected RAR archive file in the current or parent directory will be infected repeatedly.

Posted: May 09 2006, 05:32 PM by Harry Waldron | with 5 comment(s)

Comments

MHT said:

I think i got this stuff on my pc, how am i gonna get rid of it!!

And do you think that the virus could have infekted every single rar fil on my system?!

# October 16, 2007 3:27 PM

Harry Waldron said:

Hi - While this specific virus is over a year old, I'd recommend using the link below (VirusIntel site) and some of the free online or command-line scanners.  Be sure to write down the specific name(s) of any viruses found, so you can match up the right set of cleaning instructions.

GREAT SITE FOR FREE VIRUS REMOVAL TOOLS

(see links on left top side -- "Free Protection and Removal Tools")

www.virusintel.com/tiki-index.php

These older instructions in the McAfee forums may also help.  Most often a complex virus can be cleaned using SAFE MODE:

HOW TO CLEAN A DIFFICULT VIRUS (Safe mode is the key)

forums.mcafeehelp.com/viewtopic.php

# October 16, 2007 3:45 PM

jenn said:

Do you merely have to open the email to receive the virus or do you have to open the file attachment?

# July 23, 2008 2:01 PM

Harry Waldron said:

That is a good question ... Yes, you have to open attachments in almost all cases for the executable, scripts, or other malware agents to load.  If you've opened the text only, you most likely won't get infected (unless it's an HTML based attack with embedded scripts in it)

# July 24, 2008 2:02 PM

Modmadmike said:

yea i think i just got one of these, but luckily i was in Linux so all it did was overload my CPU (2.3ghz quad core not very easy) extracting something so i just killed the Rar extractor and that was it, but I am going to try to open the file in vista and see what happens lol

# August 28, 2008 10:34 PM