Kelihos.B
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Threat Level: | 60 % (Medium) |
Infected Computers: | 827 |
First Seen: | April 8, 2011 |
OS(es) Affected: | Windows |
The Kelihos.B Trojan is a backdoor Trojan that is inextricably linked to the Kelihos botnet. This vast network of computer systems infected with variants of Kelihos.B was used to send out spam email, perform distributed denial of service attacks, and continue to distribute Kelihos.B and its associated malware. Kelihos.B in particular was often distributed through social networks with the help of the Fifesock worm. Kelihos.B can be utilized to gain access to confidential information on the victim's computer system, install other malware on the victim's computer, and to integrate the infected computer system into the Kelihos botnet. While this botnet has been shut down, Kelihos.B and its newest version, Kelihos.C is still active and infecting computer systems. If you suspect that your computer system is infected with Kelihos.B, ESG malware researchers strongly advise scanning your hard drives with a strong anti-malware tool.
Table of Contents
Despite the Actions of Law Enforcement, Kelihos.B is Still Active
Kelihos.B was mainly active in the United States and parts of Eastern Europe. Most computer systems infected with Kelihos.B use the Windows XP operating system, although Kelihos.B has the capacity to attack other versions of Windows and has been present in other countries around the world. Kelihos.B infection is not particularly new and keeping your security software fully updated should help prevent a Kelihos.B Trojan infection.
Kelihos.B was used by criminals to farm Bitcoins, stealing sensitive information, and forcing the infected computer systems to send out spam email. Bitcoins, an anonymous online currency, are farmed by using processor power. Criminals could force the victim's computer system to farm Bitcoins, creating enormous revenue due to the large number of infected computers in Kelihos.B's botnet. While this botnet has been taken down by law enforcement, criminals have already created a new botnet corresponding to the evolution of the Kelihos.B Trojan, Kelihos.C.
However, computer systems are not safe from the Kelihos.B Trojan, since this infection is still being distributed by the Fifesock worm and through malicious spam email messages. ESG security researchers consider that all variants of the Kelihos.B Trojan are extremely dangerous, not only to the victim's computer system but to the general public. Steps should be taken to scan and disinfect your computer system if you have reasons to suspect that you were exposed to the Kelihos.B Trojan, either through a social network worm or by opening an unsolicited spam email attachment.
Aliases
15 security vendors flagged this file as malicious.
Anti-Virus Software | Detection |
---|---|
AVG | Generic26.EJO |
McAfee-GW-Edition | Heuristic.LooksLike.Win32.Suspicious.E |
BitDefender | Trojan.Generic.KD.561483 |
Kaspersky | Packed.Win32.Krap.is |
NOD32 | a variant of Win32/Kryptik.ACID |
CAT-QuickHeal | Backdoor.Bredolab.zji |
AVG | Cryptic.DQC |
AntiVir | TR/Agent.ghs |
DrWeb | BackDoor.Slym.24 |
BitDefender | Gen:Variant.Kazy.31534 |
Kaspersky | Trojan.Win32.Jorik.Hlux.do |
Avast | Win32:MalOb-GZ [Cryp] |
F-Prot | W32/FakeAlert.QS.gen!Eldorado |
NOD32 | a variant of Win32/Kryptik.SKS |
CAT-QuickHeal | Trojan.Jorik.Hlux.do |
SpyHunter Detects & Remove Kelihos.B
File System Details
# | File Name | MD5 |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
---|---|---|---|
1. | _ex-68.exe | 37ce54c1c1d41d5b34971e63bf231490 | 135 |
2. | _ex-68.exe | 6c0c7eacb8c6cf6f0a4588ae563e0c3e | 52 |
3. | _ex-68.exe | b941c09d9c186c8d47bc66d2c762b4ae | 42 |
4. | _ex-68.exe | 78b325da9bd26e51134a4c3998c9b836 | 19 |
5. | _ex-68.exe | ba3209d569be2efcf58076cc1d4029ee | 16 |
6. | gn510vh0.exe | b8c6e52cf44b86472bcdb1e3db315603 | 16 |
7. | _ex-68.exe | edf6711006a55165667ada409e619aee | 13 |
8. | _ex-68.exe | 29bfbf89116e9db7d8f292155067bc19 | 11 |
9. | _ex-68.exe | a47af1517b12a4420635b5dfa5ff1dd3 | 9 |
10. | _ex-68.exe | 51edf54a63f728eca9c1b0f9052a9da3 | 9 |
11. | fj4tne.exe | 0df59a7ff7dacdc723204fdfb0e156d7 | 8 |
12. | _ex-68.exe | e2615255eea4540f900d59ddb598333c | 6 |
13. | _ex-68.exe | 6ebc0fb30bc822a487c0bbb4890a9647 | 5 |
14. | _ex-68.exe | 78fa201f5eee233dfba3d4f31da5e7ce | 4 |
15. | _ex-68.exe | 9b568a2d86893b24366541c5101cb9d7 | 4 |
16. | _ex-68.exe | 0051109524bd731fc0564fbf2608ba14 | 4 |
17. | _ex-68.exe | 79c282e2312c0fc1bdbc6a2869a62dd8 | 4 |
18. | _ex-68.exe | 01933212f1ad378d0470c50eaf87494f | 3 |
19. | _ex-68.exe | a902a6dbf66684e21397b125b75f48d2 | 3 |
20. | _ex-68.exe | e111f92a3fd72ecbde4ecd93de4bccff | 2 |
21. | _ex-68.exe | 64079ba6011f712dda30275a20850a66 | 2 |
22. | _ex-68.exe | 1cf0b48d6b750b06b97136119913cd60 | 2 |
23. | _ex-68.exe | 30234dfdb989ab387a0791b44ae478de | 2 |
24. | c28.exe | f62590fb8659a37d982ee0853ab36e8e | 2 |
25. | cy2o4e1.exe | a28262b8150f0d62b409771966fd76ef | 2 |
26. | e2y5die.exe | ad628840539497aa76f0607aca4a533f | 2 |
27. | _ex-68.exe | 6078096f36f504bdc2b6dc6ec3814743 | 1 |
28. | _ex-68.exe | 1b9d373601de9527d488977bcda90eb3 | 1 |