You're in: Panda Security > Home Users > security-info > about-malware > encyclopedia > overview
Active Scan. Scan your PC free
Panda Security Product Line 2012

Virus Encyclopedia

Welcome to the Virus Encyclopedia of Panda Security.

Lirva.C

Threat LevelModerate threatDamageHighDistributionNot widespread
Common name:Lirva.C
Technical name:W32/Lirva.C
Threat level:Low
Type:Worm
Effects:  

It ends processes belonging to antivirus programs and connects to the web site http://www.avril-lavigne.com on the 7th, 11th and 24th of every month.

Affected platforms:

Windows XP/2000/NT/ME/98/95

First detected on:Jan. 9, 2003
Detection updated on:March 6, 2006
StatisticsNo
Yes, using TruPrevent Technologies

Brief Description 

    

Lirva.C is a dangerous worm that launches the browser Internet Explorer and connects to the web site http://www.avril-lavigne.com on the 7th, 11th and 24th of each month.

In addition, Lirva.C ends several processes belonging to antivirus programs, among others.

Lirva.C spreads through e-mail, the peer to peer (P2P) file sharing program KaZaA, and the chat applications IRC and ICQ.

It is very easy to become infected by Lirva.C via e-mail, as it is automatically activated when the message carrying the worm is viewed through Outlook's Preview Pane. It does this by exploiting a vulnerability in Internet Explorer (versions 5.01 and 5.5), which allows files attached to e-mail messages to be automatically run.

Visible Symptoms 

    

Lirva.C is very easy to recognize, as it launches the browser Internet Explorer and connects to the web site http://www.avril-lavigne.com on the 7th, 11th and 24th of each month.

In addition, Lirva.C displays several colored ellipses on screen and the following message on the top left corner of the screen:

"AVRIL_LAVIGNE_LET_GO - MY_MUSE:) VOTE FOR I’m With YoU"