SirCam Worm

Subscribe to Virus Alert
Mailing List

Enter your Email
(Ex : john@company.com)

Win32/SirCam Worm.

Information about the Win32/SirCam worm:

SirCam is a mass mailing email worm. This worm will infect Windows systems. SirCam spreads by sending itself to other addresses found in the Windows Address book and temporary internet files.

Click here to download the FREE utility (CleanSC.COM) to detect and remove the Win32/SirCam worm from your computer.

The worm arrives with the random subject and the body of the mail carries constant first and last line.

First Line: Hi! How are you?
Last Line: See you later. Thanks

The content in between the first line and the last line varies.

Infected mail carries an attachment with a random file name with double extensions. The first extension of the infected attachment carries EXE, DOC, XLS, ZIP and the second extension as PIF, COM, LNK, BAT. When the infected file is run it will be saved to C:\RECYCLED directory as SirC32.exe and updates the registry to load itself whenever any EXE file is executed. To achieve this worm modifies registry at the following location:

Hkey_Classes_Root\exefile\shell\open\command

It modifies value of Default key from "%1"%" to "C:\recycled\SirC32.exe" "%1" %*".

The worm also copies itself in the same name under WINDOWS\SYSTEM directory and creates a registry key at the following location to load itself during next startup.

Hkey_Local_Machine\Software\Microsoft\Windows\CurrentVersion\RunServices

The worm stores the list of various file extensions in a random four letters filename with .DLL extension under MY DOCUMENTS folder. It also collects all the Email addresses from Windows Address book and saves it under WINDOWS\SYSTEM directory in a random filename with extension as .DLL.

Using the built-in SMTP server, worm mails itself to all Email Addresses stored under .DLL file with the file extensions stored in another .DLL file.

It creates a Registry Key to store its information at

HKEY_LOCAL_MACHINE\SOFTWARE\SirCam

The Sircam first appeared in July 2001.

Other names of Win32/SirCam worm:

The worm is also known as W32.Sircam, I-Worm.SirCam, SCAM.A, TROJ_SCAM.A.

Removing Win32/SirCam worm from your computer:

You can remove this virus from your computer by using Protector Plus antivirus software.

Click here to download a 30 day Evaluation Copy of
Protector Plus for your operating system

You can also use the CleanSC.COM program that is made specially to detect and remove the Win32/SirCam worm.

About Protector Plus Antivirus Software Packages:

Proland Software is the developer of Protector Plus range of antivirus software packages. Protector Plus is available for Windows Vista, Windows 95/98/Me, Windows XP, Windows NT/2000/2003 servers and workstations, MS-Exchange 2000/2003, MS-DOS and NetWare servers.

New:
SpamChoke Antispam Software
Download Now!

Protector Plus range of antivirus products offer on-line virus detection and removal. All the packages have the ability to detect and isolate all types of viruses, trojans, worms and other types of malware. Protector Plus antivirus software can detect and remove SirCam Worm reliably.

These products are updated on a continuous basis and the latest upgrades for all the platforms are made available for downloading from this site.

Click here to order
Protector Plus Antivirus software