(I-Worm.Brit-G, World Cup, VBS/Chick-F, VBS_CHICK.F, VBS/Chick.f@M)
- It copies itself as the file "koreajapan.chm" in Windows folder (or Winnt folder)
- It writes in registry the key:
1. Make sure that you have the latest updates using BitDefender Live!;
2. Make the following changes in the windows registry:
Please make sure to modify only the values that are specified. It is also recommended to backup the Windows Registry before proceeding with these changes.
a) Select Run... from the Start menu, then type regedit and press Enter;
b) Delete the following key:
3. Perform a full scan of your system (selecting, from the Action tab, the option "Prompt user for action"). Choose to delete all the files infected with VBS.Breetnee.F@mm (koreajapan.chm from Windows or Winnt).
Patrik Vicol BitDefender Virus Researcher
The virus copies itself as "koreajapan.chm
" in Windows
folder (or Winnt
folder). This worm spreads through Outlook and mIRC. It sends an email to the first contact from the Outlook address book.
The format of an infected e-mail is: From: ‹e-mail of an infected person› Subject: "RE: Korea Japan Results" Body: Take a look at these results ...
name of the infected person Attachment:
It also writes the value "1" in the registry key
in order to send an infected email only for the first time.
It also spreads through mIRC. It searches the file "mirc.ini"
in the folders and subfolders of drives C, D, E. It also attempts to find mIRC by looking at the registry key "HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\ChatFile\DefaultIcon\\
and thus retrieving mIRC folder. In case it finds mIRC, it overwrites the file "script.ini"
in order to send itself through mIRC.