| Description:
|
Details
Win95.Vip.4299
It is a dangerous nonmemory resident parasitic Win95 virus. It searches and infects PE EXE files in the current directory, then in Windows directory, then in root directories on C: and A: drives, and in random selected subdirectories on C: and A: drives. The virus infects up to two files in each directory on each run. While infecting the virus creates new section with ".TechnoK" name at the end of the file, and writes its code to there.
The virus checks file names and does not infect the files: WININIT.EXE, EXPLORER.EXE, DOSREP.EXE, TASKMON.EXE.
To access Windows functions to search and infect files the virus uses two sets of hard-coded addresses that are valid only under standard Win95 and Win98 editions.
On 12th of any month the virus tries to erase random selected disk sectors, but uses DOS standard of the direct write call, and as a result will definitely cause "General Protection Fault" Windows error message.
The virus contains the text strings:
ViruS "SABOTAGIO" CrEaTed by Techno KnightS - Italy. |
