Details
Win95.Lorez.1766.a

This virus infects Windows95 PE EXE files (Portable Executable) and KERNEL32.DLL system file. The infection way is similar to “Win95.Yurn”: “Win95.Lorez” writes itself to the end of the file and modifies the entry point address in case of executable files, and hooks GetFileAttributesA public routine in KERNEL32.DLL.
The virus has bugs and may corrupt files and halts the system while infecting. The virus contains the text strings:
* [LoRez] v1 by Virogen [NoP] *
\KERNEL32.dll
GetTickCount GetWindowsDirectoryA SetFileAttributesA CreateFileA
SetFilePointer ReadFile WriteFile CloseHandle GetSystemDirectoryA
CopyFileA GetFileTime SetFileTime ExitProcess GetFileAttributesA

Related Posts

This entry was posted on Thursday, July 31st, 2008 at 3:50 pm and is filed under Virus Threats.