here it is from http://[email protected]
33% of my repair time is spent removing thedamage done by 5h1t like this little fellow.. for goodnes sake just IE5.5-SP2 is all that most need to slow this krap (BTW IE 6 isn't supposed to be susceptable.. unfortunatly you need atleast SP1 to be any good.. ) but most ppl don't have any idea about updating.. most of the ppl did have av's, updated the day the puter was purchased..
so here is the latest that uses the same weakness that Klez and bugbear and friends have used..

Heads up..

Cheers

W32.Lirva.A is a mass-mailing worm that also spreads by the IRC, ICQ, KaZaA, and open network shares. This worm attempts to terminate antivirus and firewall products. It also emails cached Windows 95/98/Me dial-up networking passwords to the virus writer.

When Microsoft Outlook receives the worm, it uses a vulnerability that allows the attachment to auto-execute when you read or preview the email. Information on this vulnerability and a patch can be found at http://www.microsoft.com/technet/sec.../MS01-020.asp.

If the day of the month is the 7th, 11th, or 24th, the worm will launch your Web browser to www.avril-lavigne.com and display a graphic animation on the Windows desktop.



Also Known As: W32/Avril-A [Sophos], W32/Lirva.b@MM [McAfee], WORM_LIRVA.A [Trend]
Infection Length: 32,766 bytes
Systems Affected: Windows 95, Windows 98, Windows NT, Windows 2000, Windows XP, Windows Me
Systems Not Affected: Macintosh, OS/2, UNIX, Linux
CVE References: CVE-2001-0154