| Description:
|
Details
Win32.Kala
This is a dangerous, per-process memory resident parasitic encrypted Win32 virus. It runs its main infection routine as a thread and returns control to the host program. As a result, the virus then operates in the background and is active in the memory until the host program is terminated.
Upon being activated, the virus runs an endless loop, scans all files on all available drives and infects .EXE and .SCR files that are Win32 executable PE files. While infecting, the virus creates a new section at the end of the file, encrypts and writes itself to there.
The virus protects its code with an error-correction algorithm. In case the virus code is modified (patched, or the virus is under debugger), the virus overwrites all disk files with the text "never touch the kala-marai!" and then deletes files. |
