Details
Bomzh.3809

It is a very dangerous memory resident encrypted parasitic stealth virus. It hooks 17h, 21h and writes itself to the end of EXE files that are executed, renamed or closed. While opening an infected file the virus disinfects it. When a file compressing utility is run, the virus disables its stealth routine. The list of these utilities looks as follows:
RAR.EXE PKZIP.EXE ARJ.EXE ICE.EXE HA.EXE

The virus deletes the files:
VSWAP.WL?
ILLURIA.MAP
*.WAD

While printing a file the virus includes a word in Russian into the data . The virus also contains text strings in Russian.

Related Posts

This entry was posted on Monday, July 24th, 2006 at 4:00 pm and is filed under Virus Threats.