Attention: We have transitioned to a new AAD or Microsoft Entra ID from the week of May 20, 2024. In case your tenant requires admin consent, please refer to this document located at Overview of user and admin consent - Microsoft Entra ID | Microsoft Learn and grant access to App ID: 6ba09155-cb24-475b-b24f-b4e28fc74365 with graph permissions for Directory.Read.All and User.Read for continued access. While the app may appear unverified, you can confirm its legitimacy by verifying the App ID provided.
Send us feedback
Thank you for your feedback
We couldn't find the malware. Try searching for the malware you’ve encountered. If you opened this link from a Microsoft product, please
use the Feedback Hub app
to report the invalid URL.
We couldn't find the malware. We’ve returned search results instead. If you opened this link from a Microsoft product, please
use the Feedback Hub app
to report the invalid URL.
Win32/Chir is a family of malware. It has both worm and virus components. The worm component spreads via email and spreads by exploiting the vulnerability resolved with the release of Microsoft Security Bulletin MS01-020. The virus component infects .EXE and .SCR files in local and remote drives. It's also been known to edit .HTM and .HTML files stored in your PC so that if these files are opened, the virus is run.
Trojan:JS/Nimda.A is a trojan that attempts to open the malicious file “readme.eml” in the current folder. The file “readme.eml” is a malformed multipart MIME formatted message file dropped by Worm:Win32/Nimda, and it contains an encoded copy of Worm:Win32/Nimda.
This email worm spreads as an attachment to an email. It can also spread via an infected network or removable drive, such as a USB flash drive. When you open the attachment or file, the worm will run.
The worm can also exploit a vulnerability discussed in Microsoft Security Bulletin MS01-020. This can allow the attachment to automatically open when the email is read or previewed on a vulnerable PC. You should download and use the latest version of Internet Explorer to avoid this vulnerability.
Win32/Chir.A@mm is a mass-mailing worm. The worm sends a copy of itself as an e-mail attachment to e-mail addresses that it finds on the infected computer and remote shares. The worm runs when a user opens the e-mail attachment. On a computer that has not been patched for the Incorrect MIME Header vulnerability described in Microsoft Security Bulletin MS01-020, the attachment can open automatically under certain conditions.