W32/Kifie-D Aliases : WORM_KIRBO.A Type : Win32 worm Description W32/Kifie-D spreads via email, P2P, IRC, AIM and local drives. The worm copies itself to all local drives as kirbster.exe and to the Windows system folder as tasksystemdll.exe and cutekriby.scr. W32/Kifie-D sets the following registry entry to point to tasksystemdll.exe: HKCU\Control Panel\Desktop\Scrnsave.exe In addition the worm drops the file %sysdir%\CuteKirby.Scr and registers it as the Desktop wallpaper. W32/Kifie-D displays a message box with the text "There was a critical error in the application the video driver could not load. If you continue to experience problems try restarting your computer". Read more: http://www.sophos.com/virusinfo/analyses/w32kified.html
New worm is Sunday driver (Kifie-D worm ) Kifie-D worm begins overwriting docs on a Sunday. The worm spreads through email as well as peer-to-peer filesharing networks such as KaZaA, and instant messaging systems such as AIM. It copies itself to local drives and performs a Registry edit. It also displays a message box with the text: 'There was a critical error in the application the video driver could not load. If you continue to experience problems try restarting your computer'. However, the worm has a logic bomb that sets it to work on a Sunday, when it creates two files: kirbyflood.vbs and kirbyflood.bat. The former creates message boxes in a loop with the text 'Are you ready? W32.Kirby.Fl00der By L0new0lf'. kirbyflood.bat runs the .vbs file and displays the message 'l0new0lf strikes again W32.Kirby.Fl00der By L0new0lf'. It also overwrites TXT and DOC files in the Windows, Windows system and Windows system32 folders and will also try to delete various anti-virus related files. Finally, it mails itself on to addresses in the Outlook address book as an attachment. The emails read: Subject line: Fw: hello there Message text: Hey, I just received a screen saver in the mail and it is really cute. Take a look Matt Whipp http://www.pcpro.co.uk/?http://www.pcpro.co.uk/news/news_story.php?id=43141