We're gradually updating threat actor names in our reports to align with the new weather-themed taxonomy. Learn about Microsoft threat actor names
Worm:Win32/Chir.D@mm
Aliases: Win32/Chir.B@mm (AVG) W32.Chir.B@mm (Symantec) W32/Chir.B (Avira) W32/Chir-B (Sophos) Worm.Chir!292A (Rising AV) WORM_CHIR.DI (Trend Micro)
Summary
Windows Defender detects and removes this threat.
This email worm spreads as an attachment to an email. It can also spread via an infected network or removable drive, such as a USB flash drive. When you open the attachment or file, the worm will run.
The worm can also exploit a vulnerability discussed in Microsoft Security Bulletin MS01-020. This can allow the attachment to automatically open when the email is read or previewed on a vulnerable PC. You should download and use the latest version of Internet Explorer to avoid this vulnerability.
The following free Microsoft software detects and removes this threat:
- Microsoft Defender Antivirus for Windows 10 and Windows 8.1, or Microsoft Security Essentials for Windows 7 and Windows Vista
- Microsoft Safety Scanner
Even if we've already detected and removed this particular threat, running a full scan might find other malware that is hiding on your PC.
Update vulnerable applications
This threat exploits a known vulnerability in Internet Explorer. After removing this threat, make sure that you install any updates available from Microsoft. You can read more about this vulnerability, as well as where to download the software update from the following links:
- CVE-2001-0154
- Microsoft Security Bulletin MS01-020
- Download Internet Explorer
Be careful when sharing files
Windows has a feature that lets you share files and folders on a network or shared PC. This feature is sometimes abused by malware to spread to other PCs within the network.
You can get more information and tips on how to share files safely from these pages:
- In Windows 8.1, Share files and folders on a network or a shared PC
- In Windows 7, File sharing essentials
- In Windows Vista, Share files and folders over the network
You should turn off file sharing until you make sure that all infected PCs have been cleaned of any malware.
Use cloud protection
The Microsoft Active Protection Service (MAPS) uses cloud protection to help guard against the latest malware threats. It’s turned on by default for Microsoft Security Essentials and Windows Defender for Windows 10.
Get more help
You can also see our advanced troubleshooting page or search the Microsoft virus and malware community for more help.
If you’re using Windows XP, see our Windows XP end of support page.