Details
Win95.Gara.917

This is a dangerous Windows9x memory resident parasitic virus. It writes itself to the end of Windows executable files (”Portable Executable” - PE EXE files). When an infected program is executed, it gets control and installs itself into Windows memory: by using a trick it jumps from the application level to Windows kernel, hooks file access Windows functions (IFS API) and stays in the system memory as a VxD driver.
The virus intercepts file opening, filters PE EXE files and infects them. While infecting it increases the size of last file section, writes its code to there and modifies necessary PE header fields.
It contains the “copyright” strings:
[Garaipena by Billy Belcebu/DDT]
On 31st of a month the virus tries to overwrite a block of system memory (VxD drivers area). On some system it will halt the computer, on other Windows will display an error in driver, on some of them the virus will erase video memory data.

Related Posts

This entry was posted on Tuesday, July 29th, 2008 at 7:50 pm and is filed under Virus Threats.