Windows Defender detects and removes this threat.

Win32/Chir is a family of malware. It has both worm and virus components. The worm component spreads via email and spreads by exploiting the vulnerability resolved with the release of Microsoft Security Bulletin MS01-020. The virus component infects .EXE and .SCR files in local and remote drives. It's also been known to edit .HTM and .HTML files stored in your PC so that if these files are opened, the virus is run.

The worm can also exploit a vulnerability discussed in Microsoft Security Bulletin MS01-020. This can allow the attachment to automatically open when the email is read or previewed on a vulnerable PC. You should download and use the latest version of Internet Explorer to avoid this vulnerability.

Win32/Chir.A@mm is a mass-mailing worm. The worm sends a copy of itself as an e-mail attachment to e-mail addresses that it finds on the infected computer and remote shares. The worm runs when a user opens the e-mail attachment. On a computer that has not been patched for the Incorrect MIME Header vulnerability described in Microsoft Security Bulletin MS01-020, the attachment can open automatically under certain conditions.

Win32/Chir.B@mm is both a network and e-mail worm, as well as a virus. The e-mail worm component sends a copy of itself as an e-mail attachment to addresses that it finds on local and remote drives. Win32/Chir.B@mm also exploits the Incorrect Mime Header vulnerability discussed in Microsoft Security Bulletin (MS01-020). This may cause the e-mail attachment to open automatically when the e-mail is read or previewed on susceptible systems that have not had the MS01-020 security patch installed. Win32/Chir.B@mm infects .EXE and .SCR files on local and remote drives. Win32/Chir.B@mm also drops a copy of itself named readme.eml to folders containing .HTM and .HTML files, then appends malicious JavaScript to the bottom of these .HTM* files to cause them to automatically run the infected readme.eml file when they are opened.

Windows Defender Antivirus detects and removes this threat.

 

This virus can infect your files, making it impossible to open them. It can also show pop-up messages to Chinese users.

 

It spreads via email attachments and infected drives, including USB flash drives. 

 

Win32/Nimda is a family of worms that targets computers running certain versions of Microsoft Windows. The worm exploits the Windows vulnerability described in Microsoft Security Bulletin MS01-020 in order to spread by infecting Web-content documents and attaching itself to e-mails. The worm also spreads by infecting executable files and by copying itself to local folders, network shares, and remote computers through backdoors. The worm compromises security by sharing the C drive and creating a Guest account with administrator permissions.