| Description:
|
Details
Win32.HLLO.Rozak
This is a dangerous, non-resident overwriting Win32 virus.
The virus itself is a Windows PE EXE file about 28 Kb in length, and it is written in Visual C++.
Depending on the internal counters, the virus searches recursively either for all files, or for files with the following extensions:
.exe
.avi
.mp3
.doc
.zip
.rar
.mpg
.mpg4
The virus searches for these files on the drives C:, D:, E:, F:, and overwrites their original contents with its body. These files can be restored only from a backup.
When the virus is launched, it searches for the file "neh.dll". If this file exists, the virus shows the following message and terminates:
-------------------------?
?Error ?
--------------------------
?Brak biblioteki: neh.dll?
--------------------------
After infecting files, the worm shows either the following message:
---------------------------------------------?
?WIN_KACZOR virus ?
----------------------------------------------
?I have just raped your drivesall ?
?I feel sorry, but my desires are stronger...?
----------------------------------------------
or two messages:
---------------------------------------------------?
?Kwa! ?
---------------------------------------------------?
?Co chcia?oby sie uruchomic programik? ?
?Nic z tego. Kaczor mowi: ZAGRAJ W SETTLERS IV!!!!!?
----------------------------------------------------
----------------------------------------------------?
?Kwa! Kwa! ?
----------------------------------------------?
?WIN_KACZOR ?
?by Nijamormoazazel ?
?JÕzefÕw POLSKA ?
? ?
? And what Symantec? BloodHound doesn't work??
---------------------------------------------- |
