Virus.Win32.Younga.2384.a

tag:Executable File and Boot Viruses

0 0

It is a dangerous per-process memory resident parasitic encrypted Win32 virus. When infected file starts the virus searches for .EXE and .SCR Win32 executable files in Windows directory and writes itself to the end of the file.

The virus then hooks CreateFileA function that is imported by host program, stays as "background" thread of infected process, and then infects files in directories where any file is being opened.

In six month after infection the virus searches for .TXT files in victim directory, looks for the text "Microsoft" in there and replaces it with "Youngary".

The virus contains the "copyright" text strings:

< Yonggary! by Bumblebee >

previous:Virus.Win32.Yerg.9412
previous:Virus.Win32.Zaprom.2756

Virus Source from:

New articles

Virus.Win32.Chop.3808 It is not a dangerous nonmemory resident parasitic polymorphic Win32 virus. It searches for PE EXE files in the current directory, then writes itself to the en...Virus.Win32.Crypto This text was written with the help of Adrian Marinescu, GeCAD Software.This is a very dangerous memory resident parasitic polymorphic Win32 virus about 20K i...Virus.Win32.Delf.k This file virus replaces .exe files with its own body.The virus itself is a Windows PE EXE file 18944 bytes in size, written in Delphi. Payload...Virus.Win32.Devir This is a per-process memory resident parasitic poly-morphic Win32-virus. The virus infects PE EXE files that have .EXE filename extensions. When run, the viru...Virus.Win32.Ditex.aDitex is a memory resident parasitic Win32 virus. It is written in Microsoft Visual C and is about 33KB in size. The virus infects PE EXE files that have .EX...

Hot Articles

Virus.Win32.Younga.2384.a

Computer Virus Clounds