| Description:
|
Details
Win32.HLLP.Mincer
It is not a dangerous nonmemory resident parasitic Win32 virus, is written in Delphi and has the length about 100K (not compressed) or 36K (in compressed by UPX form). It searches for PE EXE files (Win32 executable files) in all directories on all drives from C: till Z: and writes itself to the end of the files.
When an infected application is run, the virus extracts itself from infected file, stores that in Windows TEMP directory with MINCER.EXE name, and spawns that file. The virus then creates one more copy with MSWRITE.EXE in Windows directory, then activates infection routine.
On Jule 15th the virus displays a message in Chinese, the translation looks as following:
Today is your birthday! I only allow today to be yours, not any other one! ~Xiang Jun Li Virus.
My dear Jun Li, do you know how deeply I love you? You are always wearing
that healthful and beautiful little hat with flowers on it. Although you
don't know me, but I've fallen in love. Your presence at school will make me
excited the whole day long. I hope someday we could love each other for
ever.~~!
---mincer
The virus also contains the "copyright" text string:
Create by mincer http://mincer.yeah.net
CODE IS END!!! |
