English
Deutsch
Français
Español
Italiano
Home
Virus Info
W32/Chir.B
Search
Home
Support
Solutions
Products
Downloads
Virus Info
Statistics
Phishing Worldmap
VDF History
Virus Science
Submit Sample
Security News
Viruses In the Wild
Company
Press
Partners
Newsletter
TechBlog
W32/Chir.B - Malware
See also
Summary
Full description
Statistics
How would you rate this information?
Worthless
Excellent
Virus:
W32/Chir.B
Date discovered:
30/08/2005
Type:
Worm
In the wild:
Yes
Reported Infections:
Low to medium
Distribution Potential:
Medium
Damage Potential:
Medium to high
Static file:
No
IVDF version:
6.31.01.194
- Tue, 30 Aug 2005 11:39 (GMT+1)
General
Methods of propagation:
• Email
• Local network
Aliases:
• Symantec: W32.Chir.B@mm
• Mcafee: W32/Chir.b@MM virus
• Kaspersky: Email-Worm.Win32.Runouce.b
• F-Secure: Email-Worm.Win32.Runouce.b
• Sophos: W32/Chir-B
• Panda: W32/Chir.B
• Grisoft: Win32/Chir.B@mm
• Eset: Win32/Chir.B worm
• Bitdefender: Win32.Parite.B
Platforms / OS:
• Windows 95
• Windows 98
• Windows 98 SE
• Windows NT
• Windows ME
• Windows 2000
• Windows XP
• Windows 2003
Side effects:
• Drops a malicious file
• Uses its own Email engine
Files
It copies itself to the following location:
•
%SYSDIR%
\runouce.exe
The following file is created:
– MIME encoded copy of itself:
• Readme.eml
Registry
The following registry key is added in order to run the process after reboot:
– [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
• "Runonce"="
%SYSDIR%
\runouce.exe"
File infection
Method:
This direct-action infector actively searches for files.
Email
It contains an integrated SMTP engine in order to send emails. A direct connection with the destination server will be established. The characteristics are described in the following:
From:
The sender address is spoofed.
To:
– Email addresses found in specific files on the system.
Subject:
The following:
•
%username from sender's email address%
is coming!
Attachment:
The filename of the attachment is:
• PP.exe
The attachment is a copy of the malware itself.
Miscellaneous
Mutex:
It creates the following Mutex:
• ChineseHacker-2
String:
Furthermore it contains the following string:
• Net Send * My god! Some one killed ChineseHacker-2 Monitor
See a brief description
here
.
Description inserted by Thomas Wegele on Thu, 13 Nov 2008 09:30 (GMT+1)
Description updated by Thomas Wegele on Thu, 13 Nov 2008 10:01 (GMT+1)
»
About Malware
»
About Phishing
»
Viruses In the Wild
« back
Print this page
TR/Crypt.XPACK.Gen
HEUR/HTML.Malware
HTML/Infected.WebPage.Gen
ADSPY/AdSpy.Gen
HTML/Crypted.Gen
W32/Induc.Gen
TR/ATRAPS.Gen2
TR/Click.Yabector.8857.2
TR/PSW.Magania.auv
TR/Dldr.Bredolab.AX
Get comfortable up to the minute info from Avira as
Detects and removes distinct malware and its variants.
Download here
Click
here
to get the panel...
© 2009 Avira GmbH
Copyright
|
Privacy
|
Sitemap
|
Feedback
|
Imprint
|
FAQ
|
Contact
Virus Info W32/Chir.B
Print this page
.gif)
