| Description:
|
Details
Win95.Begemot
This is a dangerous memory resident parasitic polymorphic Windows virus about 8Kb in length. The virus installs itself into the Windows memory and infects PE EXE files that are accessed.
The virus uses system calls that are valid under Win95/98 only, and can't spread under NT. The virus also has bugs, and often halts the system when run. The virus uses several unusual routines in its code: it keeps its code encrypted and compressed in infected files (while installing, it decompresses it); infects RAR archives (adds infected BEER.EXE file to archives); runs a thread that can communicate with an external module, which controls the virus (for example, enables/disables infection routine).
The virus also looks for "AVP Monitor" and "Amon Antivirus Monitor" windows, and closes them; deletes several anti-virus data files; and depending on the system timer, displays a message.
The virus also contains the "copyright" text:
Virus Win98.BeGemot by Benny/29A |
