I may just be alittle paranoid here, but I recently went to WinZip's site and the only download/update they have for wz9 is a beta. Yet I see from both here and on Kazaa that 9 has apparently been released.

Which brings me to my point:

Each file I have downloaded (or attempted before failing) of wz9, contained what NAV identifies as a "KW bot32" worm.

So I am either forwarning users looking to download, warning users who have already downloaded, or am just talking about something I know very little about- you decide. However if the latter, please be so kind as to explain to me what exactly my anti-virus software picked-off and if it was serious or not.

Thanks for the warning, but i think you'll find most people will have winrar. You should too.

There's no mention of a KW Bot32 virus at Symantec (http://securityresponse.symantec.com/avcenter/venc/auto/index/indexA.html).

hey guys,

I also tried some time age to get winzip 9 release or beta from kazaa,
and all downloads stopped by showing me a Virus Alert!!!

What I try to do is, to inform people who sharing these files that
they are having a virus in their shared. I really feeling with this people
and it is sad to see that they have no virus and do not know about it :(
ok, some of them may be from RIAA? RIAA might put some destroyed or
virus files into kazaa :( ...

WinRAR does not have to solve the problem unforutnately, cause if the virus is inside the archiv I will get an Alert when extracting the content :(

thanks anyway, david.

[QUOTE]liquidacid
Posted on 27 July 2003 - 20:42
Thanks for the warning, but i think you'll find most people will have winrar. You should too.

Exactly WinRAR all the way.

Originally posted by Izagaia@27 July 2003 - 18:37
I may just be alittle paranoid here, but I recently went to WinZip's site and the only download/update they have for wz9 is a beta. Yet I see from both here and on Kazaa that 9 has apparently been released.

Which brings me to my point:

Each file I have downloaded (or attempted before failing) of wz9, contained what NAV identifies as a "KW bot32" worm.

So I am either forwarning users looking to download, warning users who have already downloaded, or am just talking about something I know very little about- you decide. However if the latter, please be so kind as to explain to me what exactly my anti-virus software picked-off and if it was serious or not.
When W32.Kwbot.F.Worm runs, it performs the following actions:


1. Copies itself as %System%\Xms32.exe.

2. Drops the file, %System%\Xms32.tmp.exe. This file is 14,176 bytes, and Symantec antivirus products detect it as Backdoor.Sdbot.

NOTE: %System% is a variable. The worm locates the System folder and copies the files to that location. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).

3. Attempts to spread across the KaZaA and iMesh file-sharing networks by doing the following:

NOTE: The KaZaA or iMesh software must be installed on your computer for W32.Kwbot.F.Worm to spread.

4. Creates the folder, %Windir%\sCache32.

5. Copies itself to the %Windir%\sCache32 folder as the following filenames:
2 Find MP3 8.2.0.exe
AC3-MP3 converter.exe
ACDSee 5.5b.exe
ACDSee Classic 2.79.exe
Ad-aware 6.5 (new)Download Accelerator Plus 6.3.exe
Adobe Acrobat Reader 5.6.exe
Adobe PhotoShop 7.1 crack.exe
All Editor 3.0b.exe
AOL Instant Messenger 6.1.exe
Auction Sentry (new).exe
AudioLabel CD Labeler 3.0 (+crack).exe
Battlefied1942 Pack4 (crack+bloodpatch).exe
BearShare 5.1.1.exe
C&C Generals Pack2 (new patch).exe
Complete UK Music Database 4.2.exe
DirectDVD 4.9.exe
DivX Bundle 6.2.exe
DivX edit (new).exe
DivX Video Bundle 5.5.1.exe
DvD Rip guide (+tools) st0rm.exe
Dynamite Downloads.exe
Easy CD Creator Software Update.exe
FlashFXP (keygen).exe
FreeRip 4.30.exe
Genie Stream 3.2.4.exe
GetRight 5.5 + crack.exe
Global DiVX Player 2.0.1.exe
Gothic 2 (m-patch).exe
Grokster 2.0.exe
Hacker Tutorial (by ph3Akz).exe
Half-Life keygen (+ogc hack).exe
HL keys (working).exe
I.G.I. 2 (new crack).exe
ICQ Lite beta (b2253).exe
ICQ Pro 2003a beta (b4600).exe
iMesh 4.1 beta.exe
iSnipeIt 5.0c.exe
James Bond 007 Nightfire crack.exe
Kazaa Media Desktop 2.5.exe
Kazaa Skins 1.8.exe
KaZooM MP3 Kazaa Accelerator 2.5.exe
Medal Of Honor (Allied Assault) crack.exe
Microangelo 6.0b.exe
mIRC 6.x addon patch.exe
mIRC s3th war-script.exe
Morpheus 2.6.exe
MP3 cut pro 3.0.exe
MSN Messenger 5.5.10.exe
Need for Speed 6 (new cars + crack).exe
NeoNapster 3.92.exe
Nero Burning ROM 5.8.2.4.exe
Network Cable + ADSL Speed 2.0 (beta).exe
New Nvidia (geForce) drivers (beta).exe
Nimo Codec Pack 9.0 (stable).exe
Nvidia Detonator XP Drivers (Windows XP/2000).exe
Operation Flashpoint (bloopatch).exe
Patch Creator 3.5a.exe
PhotoShow 3.1.exe
Pop-Up Stopper 4.0 (beta).exe
Ps2 to Pc tutorial (+tool).exe
QuickTime 7.2 (new).exe
Raven Shield 5.32 crack.exe
RealJukebox Basic 2.8.exe
RealOne Free Player 2.8.exe
RemoteSpy 1.5.exe
Sim City 4 crack.exe
Splinter Cell crack.exe
TitJiggle (flash game).exe
Trillian 0.8 + plugins.exe
UniversalFlood (4.8b).exe
Unreal2 (2.8) crack.exe
UT2003 multi-crack (new).exe
Warcraft3 battle.net(2.5) crack.exe
Window Washer 4.8.exe
WinMX 3.5.1.exe
WinRAR 3.8.exe
WinZip 8.3b (crack).exe
WinZip 9.0 SR-1.exe
Wippit 2.1 (beta).exe
WS_FTP LE 6.0.exe
XViD bundle (codec+tutorial).exe

i have run into that same virus trying to download an older version of grokster(b4 all the popups & spyware). also saw the website above. then discovered klk++, good show Rocko, Random nut & Paul!!!