Associated Malware Groups
The filename is associated with the malware groups:
- Worm
- Malicious Software
- Cloaked Malware
File Behavior
CKVO1.DLL has been seen to perform the following behavior:
- The Process is packed and/or encrypted using a software packing process
- Executes a Process
- Registers a Dynamic Link Library File
- This process creates other processes on disk
- This Process Deletes Other Processes From Disk
- Copies files
- Found on infected systems and resists interrogation by security products
- Uses low level functions to hide itself from the user and from system/security processes
- The Process is polymorphic and can change its structure
CKVO1.DLL has been the subject of the following behavior:
- Created as a process on disk
- Deleted as a process from disk
- Registered as a Dynamic Link Library File
- The process is hooked into all running processes which could allow it to take control of the system or record keyboard input, mouse activity and screen contents
- Executed as a Process
Country Of Origin
The filename CKVO1.DLL was first seen on May 15 2008 in the following geographical regions of the Prevx community:
- SPAIN on May 15 2008
- SAUDI ARABIA on May 15 2008
- POLAND on Aug 6 2008
- JORDAN on Aug 13 2008
- ECUADOR on Aug 27 2008
- MALAYSIA on Oct 19 2008
- VIET NAM on Nov 7 2008
- TURKEY on Nov 7 2008
File Name Aliases
CKVO1.DLL can also use the following file names:
- CKVO0.DLL
- CKVO2.DLL
- CKVO5.DLL
- 46527426.TMP
- 01551127.DLL
- 95472839.DLL
- 55625356.SVD
- 58378049.DLL
- 56124161.ICO
- SXSJXAI.TMP
- 36508067.SVD
- 38336805.DLL
- 53422229.DLL
Filesizes
The following file size has been seen:
- 85,504 bytes
- 84,992 bytes
- 72,704 bytes
File Type
The filename CKVO1.DLL is used by multiple object types including Dynamic Link LIbraries,executable programs.
File Activity
One or more files with the name CKVO1.DLL creates, deletes, copies or moves the following files and folders:
- Deletes c:\docume~1\user\locals~1\temp\help1.rar
- Opens/modifes c:\autoexec.bat
- Creates c:\docume~1\user\locals~1\temp\help1.rar
- Deletes c:\docume~1\user\locals~1\temp\help.exe
- Creates c:\docume~1\user\locals~1\temp\help.exe
Website Activity
One or more files with the name CKVO1.DLL interacts with the following web sites and pages. Web addresses have been deliberately modified to prevent unintentional use.
- TCP:127.0.0.1:1076 Port:17
- Port 80 IP:221.1.204.243
- TCP:127.0.0.1:1078 Port:17
PCMag.com Editors' Choice Award Logo is a trademark of Ziff Davis Publishing Holdings Inc. Used under license.