Win16.Klon.1177 Viruses Information
It is not a dangerous nonmemory resident parasitic Win16 virus.
The virus itself is Win16 executable file (NE EXE file) about 11-13Kb of length (depending on virus version). The virus is written in Turbo Pascal for Windows.
When the virus runs it looks for Win16 and Win32 EXE files (NE and PE) on available drives and infects them. While infecting the virus moves victim file body down, and writes its own code to the file beginning. To return control to host program the virus "disinfects" host file to temporary ".DLL" file and spawns it.
While processing the virus may also create its "droppers" (pure virus EXE code) in Windows system directory, the file names depend on virus version:
SYSTEM0.EXE, SYSTEM1.EXE, SYSTEM9.EXE ANTIA.EXE, ANTIB.EXE
Some of virus versions also register these files in WIN.INI file in auto-run section:
Depending on its "generation" and other conditions the viruses displays the message boxes:
Najemnik Virus Version 3.0
One of virus versions looks for active anti-virus programs by searching for following strings:
then moves this application window out of desktop and tries to terminate this application.
The viruses contains the text string:
"Klon.12800,13056": AntiAntiVirus AAV AntiAntiVirus AAV
Top Viruses Visited Pages:
Baboo - 685 visits
Invader. - 546 visits
Firstling.199 - 271 visits
Spartak.110 - 243 visits
Macro.Excel.Hidemo - 242 visits
Coito.64 - 237 visits
not-a-virus:RemoteAdmin.Win32.RAdmin.2 - 235 visits
Worm.P2P.Harex. - 233 visits
Small.58. - 225 visits
DDoS.Win32.Kozo - 206 visits
Random Viruses Pages: