Main Menu
Home
Bookmark
Contact Us

Categories
  Adware
  Adware Bundler
  AOL Exploit
  Backdoor
  Browser Hijacker
  Browser Plug-in
  Commercial Key Logger
  Commercial Remote Control
  Cookie
  Dialer
  E-Mail Flooder
  Hostile ActiveX Control
  ICQ Exploit
  Joke Program
  Key Logger
  Loader
  Low Risk Adware
  Misc
  Nuker
  P2P
  Password Hijacker
  Potential Privacy Risk
  Potentially Dangerous Tools
  RAT
  Search Hijacker
  Security Disabler
  Spyware
  Stealth Notifier
  Surveillance
  Toolbar
  Trojan
  Trojan Downloader
  Trojan FTP
  Trojan Telnet
  Viruses
  Worm
 


 
Win95.MrKlunk Viruses Information

Name: Win95.MrKlunk
Category: Viruses
Description: Details
Win95.MrKlunky

This is a resident (VxD) Win95 infector. To infect the system and files the virus uses a method that is similar to the "Win95.Punch" virus. When an infected file is executed, the virus creates the MRKLUNKY.VXD file on disk, writes its VxD dropper to there and registers it in system environment. While booting Win95 will load this VxD and leave it in memory. Virus VxD hooks IFS API calls and infects PE EXE files that are opened.
While infecting a PE EXE file the virus creates new section "MrKlunky" in there, patches PE header and writes its code to the end of the file. To separate infected and not infected files the virus writes the double-word 00F00F00h to the EXE header at offset 28h.
The virus has bugs and in some cases fails to infect EXE files - it writes its code to the end of file, but does not modifies Entry Point address. To call file access function the virus searches for their original addresses in Win95 kernel. This way is not clear, and these calls may cause system error messages.
The virus creates the C:LOG.LOG file and while infecting a file writes its name to this log.
The virus contains the text strings, majority of them are the names of standard Win95 functions that are accessed by this virus:
MRKLUNKY
MrKlunky.VxD KERNEL32
CloseHandle CreateFileA FlushFileBuffers GetLastError GetSystemDirectoryA
GetWindowsDirectoryA SetEndOfFile WriteFile ADVAPI32 RegCloseKey
RegCreateKeyExA RegSetValueExA
Start SYSTEMCurrentControlSetServicesVxDMrKlunky
StaticVxD GetProcAddress GetModuleHandleA MRKLUNKY MRKLUNKY_DDB



Top Viruses Visited Pages:
Invader. - 239 visits
not-a-virus:RiskWare.Tool.RegPatch. - 73 visits
Worm.P2P.Harex. - 66 visits
not-a-virus:RemoteAdmin.Win32.RAdmin.2 - 60 visits
Small.58. - 56 visits
Coito.64 - 54 visits
I-Worm.Mapson. - 48 visits
Win32.Hidra - 43 visits
Win16.Klon.1177 - 42 visits
Marine.500 - 35 visits

Random Viruses Pages:
Blink.50
Tiddle
Trojan.Win32.TopAntiSpyware.
Fifo.30
Kiuca famil
Pieck.201
Unashamed famil
Stasi.172
Win32.Eta
Shaker.40


 

© 2006-2008 spyware32.com - Privacy Policy