IRC-Worm.Kazimas
This is the IRC worm virus spreading itself via mIRC channels. It appears as a MILBUG_A.EXE DOS EXE
file about 10Kb of length. When it is executed, it copies itself to several disk directories under
different names:

 C:\WINDOWS\KAZIMAS.EXE
 C:\WINDOWS\SYSTEM\PSYS.EXE
 C:\ICQPATCH.EXE
 C:\MIRC\NUKER.EXE
 C:\MIRC\DOWNLOAD\MIRC60.EXE
 C:\MIRC\LOGS\LOGGING.EXE
 C:\MIRC\SOUNDS\PLAYER.EXE
 C:\GAMES\SPIDER.EXE
 C:\WINDOWS\FREEMEM.EXE

The worm then affects the installed mIRC client in the C:\MIRC directory: it creates a new script file
SCRPT.INI and overwrites the MIRC.INI configuration file. If mIRC client is installed in any other path,
the worm fails to affect it.
The worm modifies the MIRC.INI files that customize the mIRC client. There are several options set, for
instance user's ident is set to "kazimas", and the additional script file SCRPT.INI is included in auto-run scripts.

The SCRPT.INI file, that is dropped by the worm, contains several instructions that switch a user to the
"Chat2K" channel, send messages to there, and the most important: send to the channel the worm copy
(the C:\WINDOWS\KAZIMAS.EXE file).

The worm also overwrites the C:\AUTOEXEC.BAT file with instructions that restore worm's copies
(if they are erased) and execution:

 @copy c:\windows\system\psys.exe c:\windows\kazimas.exe >nul
 @copy c:\windows\kazimas.exe c:\kazimas.exe >nul
 @c:\kazimas.exe >nul
 @cls