Home>Network Worms> IRC Worms>

IRC-Worm.Win32.Crack.a

Alert Level :	Medium
Discovered:	Jan 12 2001
Tag:	Internet   Relay   Chat   Worms
Discoverer and Source:	http://www.kaspersky.com/

Malware Behavior and Technical Description

This is a silly IRC worm spreading through IRC channels by using mIRC client. The worm itself is Win32 executable file about 3K of length (that is compressed executable file, being decompressed it gets about 10K of size).

When the worm file is run, it copies itself to Windows directory with CRACK.EXE name and affects mIRC client. The worm looks for mIRC client in two directories:

C:\MIRC\
D:\MIRC\

While affecting the worm overwrites the SCRIPT.INI file with a set of commands that send the CRACK.EXE file (worm code) to users that join infected channel.

The SCRIPT.INI file on connecting to IRC server also joins "vxers" and "cservice" channels and sends the messages to there:

To "vxers":

I'm wide awake in my kitchen, it's dark and I'm lonely, oh if I could
only get some sleep.. Creeky noises make my skin creep. I need to get
some sleep.. I can't get no sleep....

To "cservice":

PLEASE join #vxers, and visit http://www.shadowvx.com/4Q and
http://www.shadowvx.com/fun4vxers .. We're the best!

0

Removal IRC-Worm.Win32.Crack.a instructions:

0

Need help? Live computer support via remote at SupportSpace.Help with printer problems, windows, hardware, software, spyware removal and more. - Go Now!

Great Anti-Virus Software : Kaspersky Internet Security 2009 Save 35% Buy Panda Global Protection 2009 and Panda Antiviru Download PandaLabs Reports Free AVG virus removel tools Hunting Down Spyware and Adware Adware and spyware, knowing the basics Adware Spyware Remover from CBAdvance Keeping Your Computer in Good Condition Using Free Spyware A Beware of Covert Online Spies Why the Need to Remove Adware and Spyware