virus logo Virus

W95/Lorez.1766

description-logoAnalysis

  • Virus included into Fortinet Virus Update February 12 2003
    Firmware 2.27 AV definition 3.066
    Firmware 2.30 AV definition 4.043
    Firmware 2.36 AV definition 4.043
  • Virus is 32bit and targets Windows 95/98/Me platform .EXE files
  • When run, virus will copy existing “KERNEL32.DLL” from Windows\System folder and writes an infectious file “KERNEL32.DLL” into the Windows folder – the virus code is appended to this file
  • When Windows is restarted, EXE files executed or accessed will become infected due to the infectious KERNEL32.DLL file being loaded into memory
  • Some files may become corrupted during infection
  • Virus contains the string “[LoRez] v1 by Virogen [NoP]” in its code

Telemetry logoTelemetry

ID 404
Released Jul 11, 2003
Description
Updated		 Jul 11, 2003
Aliases PE_LOREZ, W32/Lorez.1766, W95.LoRez, W95/Lor1766
Platform Profile Win95 file format