| Description:
|
Details
Win32.Drol.5337.a
It is a dangerous nonmemory resident not encrypted parasitic Windows virus related to already known Win32 viruses "Hatred" and "Undertaker".
When an infected EXE files is executed, the virus gets control, searches for PE EXE files (Windows32 executable) in current, Windows and Windows system directories, then writes itself into the middle of the file between last and previous file sections, the last section is moved down beforehand. The virus has bugs in infection routine, and infected files in many cases cause standard Windows message about an error in application.
The virus deletes the anti-virus data files: AVP.CRC, IVP.NTZ, ANTI-VIR.DAT, CHKLIST.MS, CHKLIST.CPS, SMARTCHK.MS, SMARTCHK.CPS.
On 7th of any month the virus replaces the standard mouse cursor image with a new one (white scull and black arrow) and displays the message:
DROL v1.0 This is the DROL virus
Copyright (C) Lord Julus / [SLAM]
written for funall ;-)
The new mouse cursor image is written to the DROL.CUR file in the Windows system directory and registered in system Registry. |
