W32.Muzk.Irc


Aliases: IRC/Muzik.dr, Troj/Muzik-DR 
Variants: TROJ_MEGS.A, TR/Megs.3, Win32:Trojan-gen, Lmeg, Win32/Megs.A

Classification: Malware
Category: Computer Worm

Status: Inactive
Spreading: Moderate
Geographical info: N/A
Removal: Easy
Platform: W32
Discovered: 03 Sep 2002
Damage: Low

Characteristics: This IRC worm will send its code to other users that are on the same IRC (Internet Relay Chat) channel as the compromised machine. This worm is written in the programming language Delphi and is compressed using ASPack. The W32.Muzk.Irc worm attempts to spread by trying to connect to an IRC server or dropping particular scripts to the directory of an IRC client.

More details about W32.Muzk.Irc

This security threat copies itself as an executable file once run in the infected computer system. It will then create files with the extensions .bat, .mpeg and .txt. Among the worm’s created files, the ones that are malicious are the .txt and .bat files, while the .mpeg file is a clean file. The W32.Muzk.Irc will also try to locate the Windows Media Player process and will open it if it is present in the machine. The worm will then add a value to a specific registry key in order that it will execute upon Windows startup. This security risk will likewise try to locate for the presence of the mIRC client. Once found, it will replace some of the .ini files in the directory of mIRC with its malicious scripts. These replaced .ini scripts will enable the mIRC client to send the worm’s malicious code to all users in the same channel when the user of the infected machine connects to that IRC server.

The W32.Muzk.Irc worm will likewise attempt to alter the home page of Internet Explorer to a predetermined website. This website has infected links. If users click on the links, the worm’s code or other malware’s codes will be downloaded to their computer. It hijacks the home page by adding a value to the Internet Explorer’s registry key. To eliminate the worm’s infection, stop the process of the worm in the Windows Task Manager and then search for all the worm’s installed files and then delete them. Next, edit the registry and the reset the home page settings of the Internet Explorer.