Details
Lamento.2690

It is a very dangerous memory resident encrypted parasitic virus. It hooks INT 21h and writes itself to the end of COM and EXE files that are accessed. While installing the virus also infects the C:\COMMAND.COM and C:\DOS\MODE.COM files. The virus checks the file name, and does not infect the files that begin with any of the strings:
PCVIR CENTINEL SCAN CLEAN VSHIELD ATM TB CPAV MSAV TNT FINDVIR VC VREMOVE
VSMENU VSCHK MM. KEYB.

On January 21st the virus sets the system date to January, 20th, then deletes C:\AUTOEXEC.BAT and C:\CONFIG.SYS files, renames to the random names all the files in subdirectories of C: drive:
\DOS \MSDOS \SYS \DRDOS \IBMDOS
\WINDOWS \WIN \WIN3 \WIN30 \WIN31 \WIN311

While processing Windows’ directories the virus looks also for SYSTEM subdirectory. Then the virus displays the messages:
Lamento tener que comunicarle que hoy es 21 de Enero all
… ha sido una cortes¡a de Woi

Related Posts

This entry was posted on Sunday, January 28th, 2007 at 12:00 pm and is filed under Virus Threats.