This malicious program identifies and infects executable files. The program is a Windows PE EXE file, written in Delphi. The file is 41472 bytes in size.InstallationThe virus searches the Windows system directory (%WINDIR%) forsvchost.com, which it ... [More]

This is a silly Win32 encrypted parasitic virus. It looks for PE EXE files in current and Windows directories and infects them. While infecting, the virus writes its code to the Fixup section and overwrites original files in there. Disinfection is p... [More]

This is a harmless encoded Win32 virus.It searches for and infects Win32 applications (PE.exe files) in the current directory.When infecting, it writes its code to the end of the file.It does not re-infect already infected files.The virus does not ma... [More]

This is a dangerous per-process memory resident parasitic and polymorphic Win32 virus. The virus looks for PE EXE files with .EXE, .SCR, and .CPL extensions in current, Windows and Windows system directories and infects them. While infecting a fil... [More]

To get access to Windows functions the virus scans KERNEL32 export table, gets the GetProcAddress function address and then by using this value gets addresses of necessary functions:KERNEL32.DLL:GetModuleHandleA GetProcAddress CreateFileA WriteFile G... [More]

Melder is a harmless nonmemory resident parasitic Win32 virus. The virus itself is a Windows PE EXE file, written in Delphi. The virus size is about 46KB.The Melder virus infects .EXE files in the Kazaa file sharing network download directory. In ca... [More]

It is a harmless nonmemory resident parasitic Win32 virus. It searches for Windows PE EXE files in the directory tree on current drive, and on the C: drive, moves victim file body down and writes itself to the file top. To release control to the hos... [More]

This is a very dangerous parasitic Win32 virus that stays in the Windows memory as a usual application, then looks for PE EXE files in all C: drive directories and infects them. The virus uses the "prepending" infection method: while infecting a ... [More]

It is not a dangerous nonmemory resident parasitic Win32 virus. It is encrypted with lite method (XOR-bytes loop). When an infected programs runs, the virus takes control, searches for PE EXE files in the subdirectory tree on the current disk, then w... [More]

Killis.a is a primitive, encrypted, non resident Win32 virus.It infects PE EXE files with '*.?XE' and '*.SC?' extensions. The virus searches the current directory, Windows directory and Windows system directory for these files.When infecting, th... [More]