Home Malware Programs Worms I-Worm.Chir.B

I-Worm.Chir.B

Posted: March 15, 2010

I-Worm.Chir.B is a worm that proliferates by infecting Windows executable files through security loopholes. I-Worm.Chir.B affects the targeted computer system through spam emails, video codecs, file-sharing applications, and porn websites. When installed on the infected computer, I-Worm.Chir.B will corrupt memory processes and install malicious files together with other malware infections. I-Worm.Chir.B can gather personal information from victims and transfer it to remote attackers by disguising itself from anti-virus software, anti-malware programs, firewall, and other security tools. I-Worm.Chir.B can record browsing habits and monitor Windows system activity to create relevant pop-ups. I-Worm.Chir.B may reduce Internet connection speed and make browser speed and start-up sluggish.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



%System%\runouce.exe File name: %System%\runouce.exe
File type: Executable File
Mime Type: unknown/exe
sapisvr.exe File name: sapisvr.exe
File type: Executable File
Mime Type: unknown/exe
funny.exe File name: funny.exe
File type: Executable File
Mime Type: unknown/exe
msinfo32.exe File name: msinfo32.exe
File type: Executable File
Mime Type: unknown/exe
DW20.EXE File name: DW20.EXE
File type: Executable File
Mime Type: unknown/EXE
DWTRIG20.EXE File name: DWTRIG20.EXE
File type: Executable File
Mime Type: unknown/EXE

Registry Modifications

The following newly produced Registry Values are:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "runouce.exe"
Loading...