Virus.Win32.Zaprom.2756

tag:Executable File and Boot Viruses

0 0

Zaprom is a memory resident parasitic Win32 virus that uses a nonstandard way of infection and memory installation.

The Zaprom virus affects PE EXE files only. It infects them in the 'middle' of the files. After conducting some tests to determine if a file can be infected, the virus reads a block in the file code section, appends encrypted virus code, and compresses and writes back to the code section (to the middle of the file). As a result the file length does not grow during infection.

When the infected file is run the virus infects the "Shell32.dll" file in the Windows system directory. The virus then hooks two Windows API functions (file opening and execution) and infects .EXE and .DLL files that are accessed by these functions.

The Zaprom virus does not manifest itself. It contains the text string:

PR0Mi$E$/ZLA$H

previous:Virus.Win32.Younga.2384.a
previous:Virus.Win32.Zomby.17920

Virus Source from:

New articles

Virus.Win32.Chop.3808 It is not a dangerous nonmemory resident parasitic polymorphic Win32 virus. It searches for PE EXE files in the current directory, then writes itself to the en...Virus.Win32.Crypto This text was written with the help of Adrian Marinescu, GeCAD Software.This is a very dangerous memory resident parasitic polymorphic Win32 virus about 20K i...Virus.Win32.Delf.k This file virus replaces .exe files with its own body.The virus itself is a Windows PE EXE file 18944 bytes in size, written in Delphi. Payload...Virus.Win32.Devir This is a per-process memory resident parasitic poly-morphic Win32-virus. The virus infects PE EXE files that have .EXE filename extensions. When run, the viru...Virus.Win32.Ditex.aDitex is a memory resident parasitic Win32 virus. It is written in Microsoft Visual C and is about 33KB in size. The virus infects PE EXE files that have .EX...

Hot Articles

Virus.Win32.Zaprom.2756

Computer Virus Clounds