W32.Buffy.D

Discussion in 'malware problems & news' started by Randy_Bell, Jan 21, 2003.

Thread Status:
Not open for further replies.
  1. Randy_Bell

    Randy_Bell Registered Member

    Joined:
    May 24, 2002
    Posts:
    3,004
    Location:
    Santa Clara, CA
    Symantec Security Response - W32.Buffy.D

    W32.Buffy.D is a worm that uses mIRC to spread. When the worm runs, it copies itself as C:\BTVS.exe. It also drops C:\Mirc\Script.ini, which is detected as IRC.Family.Gen by Symantec AntiVirus products. Finally, the worm drops C:\Windows\Winstart.bat and C:\Windows\Start Menu\Programs\Startup\Start.vbs, but they are not malicious.

    Also Known As: I-WORM.Buffy.d [KAV]
    Type: Worm
    Infection Length: 163,904 bytes
    Systems Affected: Windows 95, Windows 98, Windows NT, Windows 2000, Windows XP, Windows Me
    Systems Not Affected: Macintosh, OS/2, UNIX, Linux

    technical details

    No additional information available at this time. Symantec Security Response will update this write-up if/when more information is available.

    removal instructions

    The following instructions pertain to all current and recent Symantec antivirus products, including the Symantec AntiVirus and Norton AntiVirus product lines.


    • 1. Update the virus definitions.
      2. Run a full system scan, and delete all the files detected as W32.Buffy.D or IRC.Family.Gen.
      3. Delete the following files:
      • C:\Windows\Winstart.bat
      • C:\Windows\Start Menu\Programs\Startup\Start.vbs.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.