Hey All:  A friend of mine sent me an install icon for an app calling itself "msnplus8final".  Being a plus user for a long time this began many bells ringing - but also being inquisitve (stupid sometimes) I installed to see what it was.  WORM.  My zonealarm went frantic, gave me the name of the file that was calling itself kernal32.exe, yet it's wasn't there and is changing it's name. WORM.  Fortunately through ZA I was able to kill this process.  Anyone else got info on this nefarious item??  It's making the rounds via peer to peer, and the url for downloading it is not a site, just a link.  This nefarious item is hiding in system32 under the name of C:\WINDOWS\system32\ewhzrrl, according to my ZA, but just try to find it to remove it.  HAH.  I have put a screenshot(jpeg) of the install icon here as well so all can see what it looks like.  Well, trust Norton - found this nefarious little thing - W32.Kelvir was the worm, and it is gonzo.  Rock on all.

Could it be this one or a variant of it?

Here is another one with a link of MSN 8 in it.

Isnt that the one where you log in and it sends a message or changes your name to your password? I remember seeing a thread about it... lemme find out

http://shoutbox.menthix.net/showthread.php?tid=48839

Something like that? Although thats MSN Messenger 8....

Just make sure all ur virus defiinitions are up to date and use...

Symantec Security Check

Wow, I didn't know there were others like this thing out there.  No, this is entirely something different - u get the url (damn i didn't keep it), click the link to the url, and then get an autodownload in the usual windows manner - permission screen, save, open, everything.  I have it isolated on my drive, my ZA has shut it down, but incredible.  I firmly believe that when ppl who write this malicious code are found, they should be escorted to a remote, but inhabitable, island, given a Trs-80 and left there for life.