Win16.Klon.1177 Viruses Information
It is not a dangerous nonmemory resident parasitic Win16 virus.
The virus itself is Win16 executable file (NE EXE file) about 11-13Kb of length (depending on virus version). The virus is written in Turbo Pascal for Windows.
When the virus runs it looks for Win16 and Win32 EXE files (NE and PE) on available drives and infects them. While infecting the virus moves victim file body down, and writes its own code to the file beginning. To return control to host program the virus "disinfects" host file to temporary ".DLL" file and spawns it.
While processing the virus may also create its "droppers" (pure virus EXE code) in Windows system directory, the file names depend on virus version:
SYSTEM0.EXE, SYSTEM1.EXE, SYSTEM9.EXE ANTIA.EXE, ANTIB.EXE
Some of virus versions also register these files in WIN.INI file in auto-run section:
Depending on its "generation" and other conditions the viruses displays the message boxes:
Najemnik Virus Version 3.0
One of virus versions looks for active anti-virus programs by searching for following strings:
then moves this application window out of desktop and tries to terminate this application.
The viruses contains the text string:
"Klon.12800,13056": AntiAntiVirus AAV AntiAntiVirus AAV
Top Viruses Visited Pages:
Baboo - 668 visits
Invader. - 531 visits
Firstling.199 - 258 visits
Macro.Excel.Hidemo - 239 visits
not-a-virus:RemoteAdmin.Win32.RAdmin.2 - 231 visits
Spartak.110 - 230 visits
Worm.P2P.Harex. - 220 visits
Coito.64 - 219 visits
Small.58. - 209 visits
DDoS.Win32.Kozo - 191 visits
Random Viruses Pages: