Content
W32/STD.d.worm
- Type
- Virus
- SubType
- Worm
- Discovery Date
- 10/07/2002
- Length
- 40,960 bytes
- Minimum DAT
- 4229 (10/16/2002)
- Updated DAT
- 4346 (03/31/2004)
- Minimum Engine
- 5.1.00
- Description Added
- 10/25/2002
- Description Modified
- 10/25/2002 5:19 PM (PT)
Tab Navigation
Characteristics
This worm tries to use the mIRC Internet Relay Chat software to send itself to other mIRC clients. When run, the files Systray_.exe and Runtray_.dll are created in the Windows System directory. In testing, this action was buggy and these files were 0 bytes in length. If the file its copied properly, it has the following icon:
The following registry entries are created:
"bVShieldEnabled" = 00, 00, 00, 00
"CurrentVersionNumber" = 666
"DAT" = NONE
"DATFile" = -2000
"die b****" = created by $$$$$ MOELLER
"VirusInfoURL" = http://www.norton.com
Registry entries are also created to run the worm file at Windows Startup and each time an executable file is run:
(Default) = "C:\windows\system\systray_.exe" %1 %*
"SystemTray" = C:\Windows\system\systray_.exe
As a result of these changes, executables may no longer behave as expected. If the virus is not copied properly, the following error message will be seen upon running executable files:
If the virus is copied properly, the following message will be shown instead:
Symptoms
Method of Infection
The virus modifies the script.ini file for available mIRC client installations in order to distribute itself.
Removal
All Users:
Use current engine and DAT files for detection and removal.
Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).
Variants
Variants
N/A
All Information
Overview -
This is a virus detection. Viruses are programs that self-replicate recursively, meaning that infected systems spread the virus to other systems, which then propagate the virus further. While many viruses contain a destructive payload, it's quite common for viruses to do nothing more than spread from one system to another.
Characteristics
Characteristics -
This worm tries to use the mIRC Internet Relay Chat software to send itself to other mIRC clients. When run, the files Systray_.exe and Runtray_.dll are created in the Windows System directory. In testing, this action was buggy and these files were 0 bytes in length. If the file its copied properly, it has the following icon:
The following registry entries are created:
"bVShieldEnabled" = 00, 00, 00, 00
"CurrentVersionNumber" = 666
"DAT" = NONE
"DATFile" = -2000
"die b****" = created by $$$$$ MOELLER
"VirusInfoURL" = http://www.norton.com
Registry entries are also created to run the worm file at Windows Startup and each time an executable file is run:
(Default) = "C:\windows\system\systray_.exe" %1 %*
"SystemTray" = C:\Windows\system\systray_.exe
As a result of these changes, executables may no longer behave as expected. If the virus is not copied properly, the following error message will be seen upon running executable files:
If the virus is copied properly, the following message will be shown instead:
Symptoms
Symptoms -
Method of Infection
Method of Infection -
The virus modifies the script.ini file for available mIRC client installations in order to distribute itself.
Removal -
Removal -
All Users:
Use current engine and DAT files for detection and removal.
Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).
Additional Windows ME/XP removal considerations
Variants
Variants -
N/A
