Find a Partner
This window is encrypted for your security.
Need help? Ask the community or hire an expert.
Go to Avira Answers
In the wild:
Low to medium
Medium to high
- Tuesday, August 30, 2005
Methods of propagation:
• Local network
• Symantec: W32.Chir.B@mm
• Mcafee: W32/Chir.b@MM virus
• Kaspersky: Email-Worm.Win32.Runouce.b
• F-Secure: Email-Worm.Win32.Runouce.b
• Sophos: W32/Chir-B
• Panda: W32/Chir.B
• Grisoft: Win32/Chir.B@mm
• Eset: Win32/Chir.B worm
• Bitdefender: Win32.Parite.B
Platforms / OS:
• Windows 95
• Windows 98
• Windows 98 SE
• Windows NT
• Windows ME
• Windows 2000
• Windows XP
• Windows 2003
• Drops a malicious file
• Uses its own Email engine
The following engine update was released in order to enhance detection:
• 7.09.04.22/8.02.04.22 ( 20/07/2010 )
It copies itself to the following location:
The following file is created:
– MIME encoded copy of itself:
The following registry key is added in order to run the process after reboot:
This direct-action infector actively searches for files.
It contains an integrated SMTP engine in order to send emails. A direct connection with the destination server will be established. The characteristics are described in the following:
The sender address is spoofed.
– Email addresses found in specific files on the system.
%username from sender's email address%
The filename of the attachment is:
The attachment is a copy of the malware itself.
It creates the following Mutex:
Furthermore it contains the following string:
• Net Send * My god! Some one killed ChineseHacker-2 Monitor
Description inserted by Thomas Wegele on Thursday, November 13, 2008
Description updated by Andrei Ivanes on Thursday, December 23, 2010