Details
Win32.Sandman.4096

It is a primitive parasitic Win32 companion virus. It has PE format (Win32 Portable Executable), but affects any files that have .EXE extension (DOS EXE, Win16 NE, Win32 PE files). The virus searches for .EXE files in the current directory, renames them with .EYE extension and writes itself on the place of host file. To pass control to original program the virus executes .EYE file by using standard Windows WinExec call, as a result infected files of any format (DOS, Win16/32) will be executed without problems.
The virus contains the text string:
[Hong Kong, by Mister Sandman/29A]

Related Posts

This entry was posted on Saturday, July 19th, 2008 at 11:50 pm and is filed under Virus Threats.