Subscribe0 0
This is an IRC worm spreading through IRC channels and using the mIRC client for spreading. The worm appears on a computer as the README.EXE DOS program. When this file is executed by a user, the virus installs itself resident into DOS memory and infects DOS COM files (except COMMAND.COM) that are executed. The virus is encrypted in infected files, and its code is placed at the end of files.
The virus also creates its "dropper" README.EXE on the C: drive (this file has a "hidden" attribute) and "registers" it in the C:\AUTOEXEC.BAT in the very first lines: they contain an instruction to execute virus the dropper upon each rebooting.
To spread through mIRC channels, the virus searches for the C:\INTERNET\MIRCdirectory and creates a SCRIPT.INI file there that contains just one command for sending the README.EXE dropper to anybody joining the infected channel.
The worm contains the following text strings:
;-)x whose name means dark matter vir-L
Hot Articles