Virus.Win32.HLLO.Rozak.a

tag:Executable File and Boot Viruses

0 0

This is a dangerous, non-resident overwriting Win32 virus.

The virus itself is a Windows PE EXE file about 28 Kb in length, and it is written in Visual C .

Depending on the internal counters, the virus searches recursively either for all files, or for files with the following extensions:

.exe
.avi
.mp3
.doc
.zip
.rar
.mpg
.mpg4

The virus searches for these files on the drives C:, D:, E:, F:, and overwrites their original contents with its body. These files can be restored only from a backup.

When the virus is launched, it searches for the file "neh.dll". If this file exists, the virus shows the following message and terminates:

 -------------------------?
 ?Error                   ?
 --------------------------
 ?Brak biblioteki: neh.dll?
 --------------------------

After infecting files, the worm shows either the following message:

 ---------------------------------------------?
 ?WIN_KACZOR virus                            ?
 ----------------------------------------------
 ?I have just raped your drives...            ?
 ?I feel sorry, but my desires are stronger...?
 ----------------------------------------------

or two messages:

 ---------------------------------------------------?
 ?Kwa!                                              ?
 ---------------------------------------------------?
 ?Co chcia?oby sie uruchomic programik?             ?
 ?Nic z tego. Kaczor mowi: ZAGRAJ W SETTLERS IV!!!!!?
 ----------------------------------------------------
 ----------------------------------------------------?
 ?Kwa! Kwa!                                   ?
 ----------------------------------------------?
 ?WIN_KACZOR                                  ?
 ?by Nijamormoazazel                          ?
 ?J誾ef誻 POLSKA                              ?
 ?                                            ?
 ? And what Symantec? BloodHound doesn't work??
 ----------------------------------------------

previous:Virus.Win32.HLLC.Winatch
previous:Virus.Win32.HLLP.BadBy

Virus Source from:

New articles

Virus.Win32.Chop.3808 It is not a dangerous nonmemory resident parasitic polymorphic Win32 virus. It searches for PE EXE files in the current directory, then writes itself to the en...Virus.Win32.Crypto This text was written with the help of Adrian Marinescu, GeCAD Software.This is a very dangerous memory resident parasitic polymorphic Win32 virus about 20K i...Virus.Win32.Delf.k This file virus replaces .exe files with its own body.The virus itself is a Windows PE EXE file 18944 bytes in size, written in Delphi. Payload...Virus.Win32.Devir This is a per-process memory resident parasitic poly-morphic Win32-virus. The virus infects PE EXE files that have .EXE filename extensions. When run, the viru...Virus.Win32.Ditex.aDitex is a memory resident parasitic Win32 virus. It is written in Microsoft Visual C and is about 33KB in size. The virus infects PE EXE files that have .EX...

Hot Articles

Virus.Win32.HLLO.Rozak.a

Computer Virus Clounds