Details
Win32.Drol.5337.c
Win32.Drol.5337.c is a dangerous Win32 virus.
It searches the current directory, the Windows directory and the Windows system directory for PE EXE files, and infects them.
The virus is 5337 bytes in size.
When infecting files it writes itself to the end of the file and changes the name of the file section at random.
It does not infect already infected files.
The code contains errors which may corrupt files.
Payload
Depending on the date shown by the local system, the virus displays the message:
DROL v1.0
This is the DROL virus
copyright (C) Lord Julus / [SLAM]
written for funall 
and change the shape of the mouse pointer.
Related Posts
Win32.Drol.5337Win32.Drol.5337Win32.TaeWin32.BikWin32.Sin
This entry was posted
on Friday, July 4th, 2008 at 7:50 am and is filed under Virus Threats.
Details
Win32.Drol.5337.a
This is a harmful, non-resident, non-encoded Windows virus, which is related to the viruses Hatred and Undertaker. When an infected file is launched, the virus gains control; it then searches for executable Win32 (PE EXE files) in the current directory, the Windows root and system directories and infects the files found. The infection procedure contains errors, and infected files may cause a standard Windows error message to be displayed.
The virus will delete the following antivirus application data files:
ANTI-VIR.DAT
AVP.CRC
IVP.NTZ
CHKLIST.MS
CHKLIST.CPS
SMARTCHK.MS
SMARTCHK.CPS
On the 7th of each month, the virus will replace the mouse pointer with a skull and crossbones, and display the following message:
DROL v1.0
This is the DROL virus
Copyright (C) Lord Julus / [SLAM]
written for funall
Related Posts
Win32.Drol.5337Win32.Drol.5337Win32.TaeWin32.BikWin32.Sin
This entry was posted
on Friday, July 4th, 2008 at 3:50 am and is filed under Virus Threats.
Details
Win32.Drol.5337.a
It is a dangerous nonmemory resident not encrypted parasitic Windows virus related to already known Win32 viruses “Hatred” and “Undertaker”.
When an infected EXE files is executed, the virus gets control, searches for PE EXE files (Windows32 executable) in current, Windows and Windows system directories, then writes itself into the middle of the file between last and previous file sections, the last section is moved down beforehand. The virus has bugs in infection routine, and infected files in many cases cause standard Windows message about an error in application.
The virus deletes the anti-virus data files: AVP.CRC, IVP.NTZ, ANTI-VIR.DAT, CHKLIST.MS, CHKLIST.CPS, SMARTCHK.MS, SMARTCHK.CPS.
On 7th of any month the virus replaces the standard mouse cursor image with a new one (white scull and black arrow) and displays the message:
DROL v1.0 This is the DROL virus
Copyright (C) Lord Julus / [SLAM]
written for funall
The new mouse cursor image is written to the DROL.CUR file in the Windows system directory and registered in system Registry.
Related Posts
Win32.Drol.5337Win32.Drol.5337Win32.TaeWin32.BikWin32.Sin
This entry was posted
on Thursday, July 3rd, 2008 at 11:50 pm and is filed under Virus Threats.