| Description:
|
Details
Win95.Atom.4790
It is not a dangerous memory resident parasitic Win95/98 virus. By using a programming trick it jumps to Windows device driver programs level, stays memory resident as Windows VxD driver, hooks Windows IFS API (file access) functions, and infects PE EXE files that are opened. While infecting the virus creates at the end of file a new file section with "ATOMIC99" name, writes its code to there and modifies program's startup address.
The virus has a payload routine. While installing memory resident it changes the "arrow" state of mouse icon with an image of Bill Gates. To do that the virus creates this image on the C: drive in the FILE.CUR file and registers it in the system registry in the key:
HKEY_USERS.DefaultControl PanelCursors: Arrow = C:FILE.CUR
The virus also has the text string:
[Windows Forever,Windows Voor Altijd 199x-199x] |
