| Description:
|
Details
Win16.Vicodin.1175
It is a dangerous nonmemory resident parasitic Windows-virus. When an infected file is executed, the virus takes control, searches for NewEXE (Windows 3.xx) files and infects them. While infecting a file the virus appends its code to the code segment that contains program entry point and shifts down the rest of the file.
To do that the virus parses NewEXE header, calculates the offset and size of code segment, moves down the rest of file (block-by-block), and injects its code into the "cave". The virus then increases the size of affected code segment, modifies the address of entry point, fixes file offsets of other NexEXE tables.
The virus has bugs and while infecting some NewEXE files halts the system. The virus contains the text string:
Damn.Poppy by VicodinES and the Narkotic Crew |
