| Description:
|
Details
Win32.Fosforo
This is a dangerous, non-memory resident parasitic Win32 virus. The virus uses a polymorphic engine and "Entry Point Obscuring" technology to hide its code in infected files.
When an infected file is run, and virus code gains control, it searches for PE EXE files in current, Windows and Windows system directories and infects them. While infecting, the virus encrypts itself with a polymorphic loop and writes result to the end of the file. To gain control when an infected file is run, the virus does not modify a program's start address, but writes a "JMP Virus" instruction into the file middle.
The virus has bugs, and infected files often become corrupted while infecting. When run, they cause a standard Windows message about an error in application. The virus also has a trigger routine that halts infected applications on July 12th.
The virus contains the following text string:
F0SF0R0 virus by N.B.K / MATRiX |
