It ends processes belonging to antivirus programs and connects to the web site http://www.avril-lavigne.com on the 7th, 11th and 24th of every month.

Windows XP/2000/NT/ME/98/95

Lirva.C is a dangerous worm that launches the browser Internet Explorer and connects to the web site http://www.avril-lavigne.com on the 7th, 11th and 24th of each month.

In addition, Lirva.C ends several processes belonging to antivirus programs, among others.

Lirva.C spreads through e-mail, the peer to peer (P2P) file sharing program KaZaA, and the chat applications IRC and ICQ.

It is very easy to become infected by Lirva.C via e-mail, as it is automatically activated when the message carrying the worm is viewed through Outlook's Preview Pane. It does this by exploiting a vulnerability in Internet Explorer (versions 5.01 and 5.5), which allows files attached to e-mail messages to be automatically run.

Lirva.C is very easy to recognize, as it launches the browser Internet Explorer and connects to the web site http://www.avril-lavigne.com on the 7th, 11th and 24th of each month.

In addition, Lirva.C displays several colored ellipses on screen and the following message on the top left corner of the screen:

"AVRIL_LAVIGNE_LET_GO - MY_MUSE:) VOTE FOR I’m With YoU"