Symantec Security Response - W32.Buffy.D W32.Buffy.D is a worm that uses mIRC to spread. When the worm runs, it copies itself as C:\BTVS.exe. It also drops C:\Mirc\Script.ini, which is detected as IRC.Family.Gen by Symantec AntiVirus products. Finally, the worm drops C:\Windows\Winstart.bat and C:\Windows\Start Menu\Programs\Startup\Start.vbs, but they are not malicious. Also Known As: I-WORM.Buffy.d [KAV] Type: Worm Infection Length: 163,904 bytes Systems Affected: Windows 95, Windows 98, Windows NT, Windows 2000, Windows XP, Windows Me Systems Not Affected: Macintosh, OS/2, UNIX, Linux technical details No additional information available at this time. Symantec Security Response will update this write-up if/when more information is available. removal instructions The following instructions pertain to all current and recent Symantec antivirus products, including the Symantec AntiVirus and Norton AntiVirus product lines. 1. Update the virus definitions. 2. Run a full system scan, and delete all the files detected as W32.Buffy.D or IRC.Family.Gen. 3. Delete the following files: C:\Windows\Winstart.bat C:\Windows\Start Menu\Programs\Startup\Start.vbs.