| Description:
|
Details
Win95.Ylang.1536.a
This is a dangerous, non memory-resident encrypted parasitic virus. It searches for PE EXE files in the subdirectory tree on the C: drive, then writes itself to the end of the file to the last file section, overwrites vthe ery end of the code section with a JMP_Virus routine, and sets a PE entry address to there. This infection method has a bug and corrupts some files while infecting them.
The virus contains the following text string:
Win9x.Ylang.1536/v.19/DrL/Dec99 |
