| Description:
|
Details
Win95.Ylang.1024
This is a dangerous, non memory-resident encrypted parasitic virus. It searches for PE EXE files in the subdirectory tree on the C: drive, then writes itself to the end of the file to the last file section, overwrites vthe ery end of the code section with a JMP_Virus routine, and sets a PE entry address to there. This infection method has a bug and corrupts some files while infecting them.
The virus contains the following text string:
Ylang.1024,v1.00b/DrL./[T.I]/Nov99 |
