Win32.Beef
Description Win32.Beef
It is a harmless memory resident parasitic Win32 virus. It stays in Windows memory and infects PE EXE files (Win32 executable files) that are being opened. While infecting the virus writes itself to the end of the file.
When the virus is run for the first time, it infects the EXPLORER.EXE file in Windows directory. Because EXPLORER.EXE file is active and locked by Windows for writing, the virus uses a standard trick to avoid that. It copies EXPLORER.EXE to BEEFREE.SYS file and infects it. Then the virus creates the WININIT.INI file with "rename" command in there that will replace original EXPLORER.EXE with its infected copy one next Windows restart.
When Windows is run with infected EXPLORER.EXE, the virus gets access to KERNEL32.DLL image in the system memory and patches two its exported API functions: LoadLibraryA and CreateFileA. Then when a PE EXE file is being opened, the virus infects it.
Check other viruses! Be aware! Use Antiviral Software
HH.1024.a
Description HH.1024.a
This is a very dangerous memory resident parasitic virus. It hooks INT 21h and writes itself to the end of COM and EXE files that are executed or opened. On March, 25th it erases the hard disk sectors. It contains the text string "HH" that is used as ID-word to identify already infected files.
HH.1024.b
Description HH.1024.b
This is a very dangerous memory resident parasitic virus. It hooks INT 21h and writes itself to the end of COM and EXE files that are executed or opened. On 11th of every month it erases the hard disk sectors. It contains the text string "HH" that is used as ID-word to identify already infected files.
|