W32.Gillich.Mirc


Aliases:  IRC.Worm.Generic
Variants: W32.IRC.Gillich.B Worm, W32.IRC.Gillich.C Worm

Classification: Malware
Category: Computer Worm

Status: Dormant
Spreading: Slow
Geographical info: Europe, North and South America, and some parts of Asia and Australia
Removal: Easy
Platform: W32
Discovered: 01 Oct 2002
Damage: Low

Characteristics: W32.Gillich.Mirc is a worm that automatically connects to an IRC server. IRC servers are known as Internet Relay Chat. It is also a program or software that usually spreads and comes from several chat sites. All platforms of Windows are vulnerable to this virus, may it be Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT and Windows XP. It controls the compromised computer by using Internet Relay Chat which is done remotely or locally. There are a lot of avenues through which this worm spreads. This worm will also try to disable various antivirus software processes if they are running.

More details about W32.Gillich.Mirc

Mostly, this worm be seen as displaying this message in a window box saying,” This piece of code was written for, 4 of my friends, who died in a car accident! It’s very terrible, isn’t it?” It will prompt to choose and click the “Yes “ or “No” buttons. If you click “Yes,” the worm quits after displaying this message saying, “Thanks for your condolence! Have a nice day….” If you click No, the worm displays these two different messages, one is saying, “Are you any kind of (garbled, erased texts) It was your fault!! Bye,bye…” Another one is also saying, “Turning option started…” Both these messages will prompt you to click on the “Ok” button. Once executed, it continuously searches for “.exe” file in the windows directory folder. If the file name does not begin with "EZ", "GZ", "gz", or "CM", the worm copies the files to the same file name but with the .zgr extension, and then overwrites the .exe file with itself. In short, it modifies files and if the file is a system file, it may damage it and your computer will not function accordingly. It also tries to modify the “Script.ini” on drive “C” and “Mirc\Script.ini” file. This was done so that it can send a copy of itself to other IRC users who connect to the same IRC channel as the infected computer. This worm also has the capability to automatically terminate applications or program currently running in your computer.

The W32.Gillich.Mirc program is usually installed by taking advantage of poorly-protected computer systems such as when the computer lacks an efficient anti-spyware protection. It is often downloaded and installed unknowingly by the user from various sources such as questionable Internet websites and programs that carry this program. When such seemingly legitimate programs are downloaded and installed, the W32.Gillich.Mirc program is likewise clandestinely installed as well. The program is considered malware by computer experts because it is a high-risk to the computer’s security and integrity. Not only does it allow another party to control the computer but it also allows the hacker to obtain vital information which can later be used to the detriment of the user.