Subscribe0 0
It is a dangerous memory resident encrypted parasitic virus. It stays in Windows memory as system driver (VxD), hooks file access functions (IFS API) and writes itself to the end of PE EXE files that are opened, renamed or file attributes are accessed. The virus does not affect the program's startup address, it writes a JmpVirus routine to the file entry address instead. The virus checks file names and does not infect anti-virus programs and utilities: TBAV, F-PROT, NAV, AVP, WEB, PAV, DRWEB, DSAV, NOD, WINICE, FORMAT, FDISK, SCANDSKW, DEFRAG.
On October 26 the virus runs its video effect: the virus rolls from right to the screen contents in endless loop. The virus does that in system driver level, and as a result it cannot be terminated, and no other application can be selected. The unsaved data can be lost because of that.
The virus contains the text strings:
[I AIDA] [Win95.PoshKiller v1.00] (c) 1999 Billy Belcebu/iKX
Hot Articles