Main Menu
Home
Bookmark
Contact Us



 
Win.Pi Viruses Information

Name: Win.Pi
Category: Viruses
Description: Details
Win.Pin

This is a very dangerous memory resident parasitic Win16 virus. It infects Win16 NE EXE files (NewExe) and DOS EXE files. It is polymorphic in both Win16 NE and DOS EXE files. While infecting NE files, the virus creates a new section at the end of a file, encrypts and writes its code there, then modifies the necessary NE header fields. While infecting DOS EXE files, the virus writes its code to the end of the file, and modifies the DOS EXE header. The virus infection routine is buggy, and in some cases corrupts NE EXE files.
While infecting a file, the virus also checks the system date and time, and starting from the 16th of any month, depending on the system seconds counter, tries to erase data on the A: drive.
To stay "memory resident," the virus drops the VxD module that is the main part of its code. This module is dropped to the Windows system directory with the WINP16.386 name, and the virus then registers it in the SYSTEM.INI file in the [386Enh] section to force Windows to load a virus' VxD module upon each booting. The modified entry in SYSTEM.INI file appears as follows:
[386Enh]
device=winp16.386

When Windows loads this VxD module, the virus memory installation routine takes control. It hooks the INT 21h chain (DOS functions), intercepts file execution and upon any file start, searches for EXE files in the current directory and infects them. The virus checks the file names and does not infect the following files: APV.EXE (mistyped AVP.EXE?), SCAN*.EXE, TBAV*.EXE, DRWE*.EXE, AIDS*.EXE, KRNL*.EXE, WIN3*.EXE, and VICT*.EXE.
The virus' "resident" mode works under both Win16 and Win9x, so the virus is able to infect not only Win16 system, but Win9x also, and affect NE EXE files in Win9x directories.



Top Viruses Visited Pages:
Baboo - 678 visits
Invader. - 540 visits
Firstling.199 - 265 visits
Macro.Excel.Hidemo - 241 visits
Spartak.110 - 237 visits
not-a-virus:RemoteAdmin.Win32.RAdmin.2 - 233 visits
Coito.64 - 227 visits
Worm.P2P.Harex. - 227 visits
Small.58. - 217 visits
DDoS.Win32.Kozo - 199 visits

Random Viruses Pages:
TheWanderer.144
Macro.Word.Gab
Macro.Word.MV
Scrunch Famil
Deliver.Digi.354
I-Worm.Vyba
Teacher.200
Australian.Judy.105
AdiPop.48
BadBoy.1000.


 


2006-2008 spyware32.com - Privacy Policy