Article ID: 327203 - View products that this article applies to.
This article was previously published under Q327203
W32.Chir.B@mm is a network-aware, mass-mailing worm. It is also a file-infector virus. W32.Chir.B@mm is a variant of W32.Chir@mm. W32.Chir.B@mm uses its own Simple Mail Transfer Protocol (SMTP) engine to send itself to all of the e-mail addresses that it finds in the Windows Address Book (.wab file), and in .adc, r.db, .doc, and .xls files.
This worm uses both IFRAME and MIME exploits to run on your computer. Because of this, you might run the worm just by previewing the e-mail message in your e-mail program. The worm sends itself as a Pp.exe file to all of the e-mail addresses that it finds. The e-mail message has the following characteristics:
Subject: username is coming!The worm uses its own SMTP engine to send itself to e-mail addresses. The SMTP server that the worm uses is a static server. This means that if a specific SMTP server is not running, the worm cannot spread.
W32.Chir.B@mm also searches all local and network drives, and infects files that have .htm, .html, .exe, and .scr extensions.
RecoveryIf your computer has been infected with this virus, contact Microsoft Product Support Services or your preferred antivirus vendor for help with removing the virus. For information about contacting Microsoft Product Support Services, visit the following Microsoft Web site:
Related Security InformationFor additional information about viruses, visit the following Symantec Web site:
http://firstname.lastname@example.orgMicrosoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.
For additional security-related information about Microsoft products, visit the following Microsoft Web site:
Article ID: 327203 - Last Review: July 30, 2007 - Revision: 3.5