W32.Fruit.B.Mirc, W32.Fruit.C.Mirc, IRC-Worm.Fruit.a, IRC-Worm.Fruit.b
Category: Computer Worm
Some parts of Asia, Europe, North and South America, Africa and Australia
04 Oct 2000
On the 4th day of October 2000, a family member of worms was discovered. This worm was named as W32.Fruit.Mirc. It arrived as a Visual Basic 6 or VB6 program that primarily reproduces a slot machine. It propagated using mIRC.
W32.Fruit.Mirc Removal Tool
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
We recommend that you scan your system for malware. Our partner has a computer worm removal tool to automatically clean W32.Fruit.Mirc from your computer.
More details about W32.Fruit.Mirc
Also known as W32.Fruit.B.Mirc, W32.Fruit.C.Mirc, IRC-Worm.Fruit.a and IRC-Worm.Fruit.b, W32.Fruit.Mirc arrives as a VB6 program to stimulate a slot machine. It uses mIRC to spread its infection by sending itself to all others on a channel. Once it is activated, the worm inserts itself in C:\Windows\System\Fruit.exe. Then, the worm overwrites the mIRC Script.ini file to send itself to others connected on a channel. This works successfully when the user leaves the channel. Afterwards, the worm will display a simulation of a slot machine. In a slot machine, you usually see specific buttons: About, Exit, and Go. The worm terminates program when you decide to click OK after executing About, Exit and Go.
The W32.Fruit.Mirc program is utilized by third parties in infiltrating targeted computers. Upon being contracted, this program enables remote third parties to open variable ports in the user’s computer. The said ports are then employed by the attackers to view the private files of the users. This program also allows remote hackers a certain type of control over the compromised computer system. This is accomplished by installing a command line service similar to those provided by IRC or Internet Chat Relay. This program then proceeds to log on to a channel which has been pre-specified in order to await commands from that location. It is this operation that allows the intruder to take control of the administrative settings and files of the user. Moreover, the process even allows connection to the Internet.