W32.Fiend.Worm


Aliases: N/A
Variants: N/A

Classification: Malware
Category: Computer Worm

Status: Inactive
Spreading: Slow
Geographical info: Some parts of Asia, Europe, North and South America, Africa and Australia
Removal: Easy
Platform: W32
Discovered: 17 May 2001
Damage: Low

Characteristics: W32.Fiend.Worm is a worm that arrives on Internet Relay Chat or IRC and uses the Microsoft Outlook as the mailer. This worm was first found on May 17, 2001. Its threat level is low so removal of this worm is easy.

More details about W32.Fiend.Worm

This IRC worm will drop the Petik file once it is executed. Then it copies to the drives, particularly on the C:\Mirc\Script.ini and the C:\Mirc32\Script.ini drives. If you are using the mIRC, the IRC for Microsoft Windows, the worm will send the isetup.exe file to other chatters who connect the same channel with you. This means, other IRC chatters will also get the worm. Afterwards, the worm will create C:\Friends\Maya.vbs and attempts to send Windows\Netfriends.exe to other contacts in your Microsoft Outlook Address Book. Usually, this does not work and its failure will cause the worm to replicate itself as the Windows\iesetup.exe file. When the Windows starts, execution of the worm occurs and creates System Registry entry keys. A message that says, “WinZip Self-Extractor header corrupt. Possible cause: bad disk or file transfer error “is displayed. Then the worm attempts to modify the Window’s owner and company name settings in the registry. Every 5th of the month, the message “Coded by Petik ©2001 To my friends Maya and Laurent “is displayed.

Manual removable of the worm can be easily done. First, run and update the virus definitions. Restart the computer and run a full system scan. Delete all infected files as W32.Fiend.Worm. If your system is Windows 95/98 /Me, edit the Win.ini file by clicking the Start menu button and select Run. Type “edit c:\windows\win.ini” and locate “run=c:\windows\iesetup.exe”. Remove “c:\windows\iesetup.exe” part so only” run=” will remain. Click File and Save then exit from the MS-DOS Editor. For Windows NT/2000, click Start and Run. Type regedit, navigate the System Registry key and delete the value run   \iesetup.exe added in the registry. Exit from the Registry editor then restart your computer for safe use.