Home>Network Worms> IRC Worms>

IRC-Worm.DOS.Godog.a

Alert Level :	Medium
Discovered:	Nov 20 2000
Tag:	Internet   Relay   Chat   Worms
Discoverer and Source:	http://www.kaspersky.com/

Malware Behavior and Technical Description

This is a virus worm that spreads via IRC channels. It is a DOS program, and when run, it copies itself to the MIRC directory (if MIRC software is installed) with the "GhostDog.exe" name, and creates the SCRIPT.INI mIRC script file here. This script contains instructions that send a worm copy to users that enter the infected IRC channel. The script also hides messages if they contain the "virus" or "worm" words.

The main worm feature is the fact that it generates polymorphic instructions in the SCRIPT.INI file. These instructions are mixed in order; characters are randomly uppper and lower-cased; there are a random number of random comment-lines here, for example:

n0=$40Yw840RIGlx6Amlp7G0JaZ4QTs840N
n1=On 1^tExt^*WoRm*^*^{ /Ignore $nick | /closeMsg $NiCk }
n2=$HyX5NMq840KBAfrpTGfj7Z0DuT5J6m840GXWb1lQcbe7V0ZpT5F5j840CTRwihMYW

Despite the strange appearance, the script commands maintain their functionality.

0

Removal IRC-Worm.DOS.Godog.a instructions:

0

Need help? Live computer support via remote at SupportSpace.Help with printer problems, windows, hardware, software, spyware removal and more. - Go Now!

Great Anti-Virus Software : Kaspersky Internet Security 2009 Save 35% Buy Panda Global Protection 2009 and Panda Antiviru Download PandaLabs Reports Free AVG virus removel tools Hunting Down Spyware and Adware Adware and spyware, knowing the basics Adware Spyware Remover from CBAdvance Keeping Your Computer in Good Condition Using Free Spyware A Beware of Covert Online Spies Why the Need to Remove Adware and Spyware