Virus.Win32.HLLP.Rile.a

tag:Executable File and Boot Viruses

0 0

This parasitic virus is written in Borland C Builder, and is coded to work on Windows NT platforms.

Infection method

The worm searches for PE EXE files. It copies these files to its body, and then replaces the original file with its altered body. This ensures that when an infected file is launched, the virus will first execute its own code, and then launch the original file. This means that the system will appear to be unaffected.

Given that the virus uses functions which are only available in Windows NT platforms, its effect on Windosws 9x platforms is more destructive. The virus will reduce the exe files to zero, which will destroy the operating system as a whole.

Payload

On the 26th of each month, at random intervals, the virus will force the mouse cursor to the top left corner of the screen. There is no other payload.

The virus shows that it is present in the system by frequent use of the hard disk.

previous:Virus.Win32.HLLP.Imel
previous:Virus.Win32.HLLP.Savno

Virus Source from:

New articles

Virus.Win32.Chop.3808 It is not a dangerous nonmemory resident parasitic polymorphic Win32 virus. It searches for PE EXE files in the current directory, then writes itself to the en...Virus.Win32.Crypto This text was written with the help of Adrian Marinescu, GeCAD Software.This is a very dangerous memory resident parasitic polymorphic Win32 virus about 20K i...Virus.Win32.Delf.k This file virus replaces .exe files with its own body.The virus itself is a Windows PE EXE file 18944 bytes in size, written in Delphi. Payload...Virus.Win32.Devir This is a per-process memory resident parasitic poly-morphic Win32-virus. The virus infects PE EXE files that have .EXE filename extensions. When run, the viru...Virus.Win32.Ditex.aDitex is a memory resident parasitic Win32 virus. It is written in Microsoft Visual C and is about 33KB in size. The virus infects PE EXE files that have .EX...

Hot Articles

Virus.Win32.HLLP.Rile.a

Computer Virus Clounds