|
|
Win32.Shaitan.339 Viruses Information
| Name: |
Win32.Shaitan.339 |
| Category: |
Viruses |
| Description:
|
Details
Win32.Shaitan.3390
It is a dangerous nonmemory resident parasitic Windows32 virus. It searches for PE EXE Windows32 files (Portable Executable) in current directory, the directory trees on C: and D: drives and infects not more than five found files. While infecting the virus writes itself to the end of the file. It increases the size of last file section, writes itself to there and modifies the PE header including the entry point address. The virus has bugs and Windows32 often terminates the infected files run with standard Windows error message.
To access Windows32 API functions to search for files and infect them the virus scans Windows kernel, gets the address of GetProcAddress function and then gets addresses of other functions:
GetProcAddress GetModuleHandleA CreateFileA CreateFileMappingA
MapViewOfFile CloseHandle FindFirstFileA FindNextFileA FindClose
SetFilePointer SetEndOfFile GetCurrentDirectoryA SetCurrentDirectoryA
GetWindowsDirectoryA GetCommandLineA UnmapViewOfFile GetFileAttributesA
SetFileAttributesA GetDriveTypeA
This procedure seems to work correctly under both Windows 95 and Windows NT, but because of other bugs the virus halts the system under Windows NT.
The virus also contains the text string, they are encrypted in infected files:
Win32.Shaitan (c) 1998 The Shaitan [SLAM]
This virus was written in the city of Mumbai |
Top Viruses Visited Pages:
Invader. - 233 visits
not-a-virus:RiskWare.Tool.RegPatch. - 71 visits
Worm.P2P.Harex. - 65 visits
not-a-virus:RemoteAdmin.Win32.RAdmin.2 - 59 visits
Small.58. - 56 visits
Coito.64 - 54 visits
I-Worm.Mapson. - 47 visits
Win16.Klon.1177 - 42 visits
Win32.Hidra - 42 visits
Marine.500 - 35 visits
Random Viruses Pages:
Euskara.81
NopM.49
PresidentB.150
Macro.Word97.Mimi
DullBo
Romania.85
Crepate.194
Macro.Word.Ceb
1stVir.317
Daemaen Famil
|
|
