Her er de tekniske info om den og du har gothåbentlig en backup af data da den har en grim virkning,
Hvis du hat haft den længe kommer du til en reinstallation
Scan online fra
www.housecall.antivirus.comEn nasty fætter:
Details:
Upon execution, this virus invokes its decryption algorithm. Since the virus employs multiple-layer polymorphic engine, it makes detection difficult. The number of decryption layers as well as the routine varies randomly.
The virus then locates the Windows application, EXPLORER.EXE, in the system memory and patches some of its code to it. Then the virus goes resident by placing its code in the system memory.
Once the infected EXPLORER.EXE is loaded into memory and the patched code is invoked, the virus gets control. At this time it scans all local drives and infects all EXE, SCR and CPL executables. The virus also deletes the following antivirus checksum files: AVP.CRC, ANTI-VIR.DAT, CHKLIST.CPS, CHKLIST.MS, and IVP.NTZ.
This virus implements Entry-point Obscuring technique to make detection by antivirus difficult. In this method, when the infected file is executed, the virus does not immediately get control; it gets control only when the patched code is executed. It also has several anti-debugged routines, which are capable of detecting both the application level as well as the system level debugger such as Soft-Ice.
The following text is part of the encrypted virus code:
<Dengue Hemorrhagic Fever BioCoded by Griyo / 29A> Disclaimer: This software has been designed for research purposes only.
The author is not responsibly for any problems caused due to improper or illegal usage of it
Details:
Upon execution, this virus invokes its decryption algorithm. Since the virus employs multiple-layer polymorphic engine, it makes detection difficult. The number of decryption layers as well as the routine varies randomly.
The virus then locates the Windows application, EXPLORER.EXE, in the system memory and patches some of its code to it. Then the virus goes resident by placing its code in the system memory.
Once the infected EXPLORER.EXE is loaded into memory and the patched code is invoked, the virus gets control. At this time it scans all local drives and infects all EXE, SCR and CPL executables. The virus also deletes the following antivirus checksum files: AVP.CRC, ANTI-VIR.DAT, CHKLIST.CPS, CHKLIST.MS, and IVP.NTZ.
This virus implements Entry-point Obscuring technique to make detection by antivirus difficult. In this method, when the infected file is executed, the virus does not immediately get control; it gets control only when the patched code is executed. It also has several anti-debugged routines, which are capable of detecting both the application level as well as the system level debugger such as Soft-Ice.
The following text is part of the encrypted virus code:
<Dengue Hemorrhagic Fever BioCoded by Griyo / 29A> Disclaimer: This software has been designed for research purposes only.
The author is not responsibly for any problems caused due to improper or illegal usage of it