This is a worm virus that spreads via the Internet using Microsoft Outlook. The worm appears as an email message with the attached file Kiray.EXE.
When the EXE-file is run the worm modify some of the keys in the system registry:
This allows the worm to run its routine when running any EXE-file and after restarting the system, all icons from “Desktop” and disks icons from “My computer”
Then the worm uses MAPI to spread itself via e-mail, by creating messages to all recipients in the Outlook address book:
Subject: Please make peace not war
The worm also tries to check Windows Address Book (WAB) which is registered in the system registry:
Finally the worm tries to remove all files in the following directories:
The worm is only fully functional if the attachment is saved by the user to C:WINDOWSTEMP directory. Otherwise the worm cannot spread correctly from the infected machine, as the worm’s message is sent without the attached exe. file.