W32/Lirva.A@mm
| W32/Lirva.A@mm |
Destructivity:  Spreading:  Overall risk:
|
| • Detected by virus detection files published: 1/7/2003 | • Type: Worm |
| • Virus characteristics first published: 1/7/2003 | • Spreading mechanism: Email, Network, IRC, Other |
| • Virus characteristics latest update: 12/17/2003 | • Overall risk: Medium |
| • Alias: W32/Naith.A, WORM_LIRVA.A,W32/Avril.A | • Payload: Disrupts antivirus software |
| • Infection type: Microsoft Windows 95/98/98 SE/ME/NT 4/2000/XP/2003/Vista |
| Virus type |
Spreading mechanism |
Destructivity and payload |
Additional descriptions |
Detection and removal |
||||||||||
|
This is a mass-mailing worm, written in C and compressed using UPX to a file size of 32766 bytes. When run, it copies itself to the Windows System directory, under a random name. It will also make copies of itself in the root directory and in the TEMP directory. A key will be inserted in the Registry so that the worm is started from bootup: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Avril Lavigne - Muse" = filename. It will not be visible in the task list under Win9x/ME. The worm searches local files as well as the Windows Address Book for email addresses to send itself to. In addition it attempts to copy itself over shared network drives, and to send itself over IRC and ICQ. It will also copy itself into the shared files directory if the file sharing software Kazaa is installed. |
||||||||||||||