Details
Win95.Julus.1890

It is a harmless memory resident parasitic Windows virus. It infects Windows32 PE EXE files. When an infected program runs, the virus installs itself into Windows memory as a VxD driver, hooks IFS API (file access chain), and infects .EXE files that are opened or executed. To turn its code from application (Ring3) level to the kernel (Ring0) the virus uses direct access to protect mode memory descriptors.
Known version of this virus is a test one. It infect only files that have specific name: GOAT*.EXE. No other files are infected. This version has bugs and often halts the computer when the virus installs itself memory resident.
The virus contains the text string:
Manowar v.1.0 - a ring 0 virus
written by Lord Julus (c) 1999

Related Posts

This entry was posted on Thursday, July 31st, 2008 at 3:50 am and is filed under Virus Threats.