Main Menu
Home
Bookmark
Contact Us



 
Win16.Klon.1177 Viruses Information

Name: Win16.Klon.1177
Category: Viruses
Description: Details
Win16.Klon.11776

It is not a dangerous nonmemory resident parasitic Win16 virus.
The virus itself is Win16 executable file (NE EXE file) about 11-13Kb of length (depending on virus version). The virus is written in Turbo Pascal for Windows.
When the virus runs it looks for Win16 and Win32 EXE files (NE and PE) on available drives and infects them. While infecting the virus moves victim file body down, and writes its own code to the file beginning. To return control to host program the virus "disinfects" host file to temporary ".DLL" file and spawns it.
While processing the virus may also create its "droppers" (pure virus EXE code) in Windows system directory, the file names depend on virus version:
SYSTEM0.EXE, SYSTEM1.EXE, SYSTEM9.EXE ANTIA.EXE, ANTIB.EXE
Some of virus versions also register these files in WIN.INI file in auto-run section:
[windows]
run=
Depending on its "generation" and other conditions the viruses displays the message boxes:
klon!
Najemnik Virus Version 3.0
AntiAnti
One of virus versions looks for active anti-virus programs by searching for following strings:
viru
mks_
avp
antiviral
then moves this application window out of desktop and tries to terminate this application.
The viruses contains the text string:
"Klon.11776":
Idea:SaddamHusseinDiskValidator Amiga!
"Klon.12800,13056": AntiAntiVirus AAV AntiAntiVirus AAV



Top Viruses Visited Pages:
Baboo - 675 visits
Invader. - 538 visits
Firstling.199 - 263 visits
Macro.Excel.Hidemo - 241 visits
Spartak.110 - 235 visits
not-a-virus:RemoteAdmin.Win32.RAdmin.2 - 232 visits
Worm.P2P.Harex. - 225 visits
Coito.64 - 224 visits
Small.58. - 214 visits
DDoS.Win32.Kozo - 196 visits

Random Viruses Pages:
Gift.55
Svirus.32
DirFiller.140
Paybac
Dune.64
Striker.46
Config_Boot.
Paz.2560.
BPU.226
I-Worm.Sober.


 


2006-2008 spyware32.com - Privacy Policy